PINsentry

[Pastis]

Any Barclays customers here?

I get home to find a calculator type thingy has been posted to me with a "User Guide". I never asked for it and am immediately inclined to file it in the grey basket under my desk. Some residual former training makes me think I'd better have a second look in case my internet banking facility might be scuppered.

I've read the "User Guide" twice now and nowhere can I find any mention of the words YOU NEED THIS. There's mention of specially encrypted 8 digit passwords and other crap like sticking my bank card in the right way up, but do I need it? Do I buggery 

Unless some bugger tells me different it's going bin-side... I'd shred it but fear it'll get stuck in the teeth 

Next? 

[Sour Puss]

   Does it look anything like this?
 
     

[Sour Puss]

"Unless some bugger tells me different it's going bin-side... I'd shred it but fear it'll get stuck in the teeth"    Quote Pastis

Barclays is sending out chip and PIN terminals to more than half a million of its online banking customers.
Customers using their online banking account to set up payments to third-party accounts will be sent a standalone terminal to use their card's PIN to authenticate their identity, instead of having to use passwords.
Barnaby Davis, director of electronic banking at Barclays: "Barclays believes this is the most effective form of two-factor authentication, built on what was a very successful implementation of chip and PIN at point of sale in shops last year."
Davis added: "It gives customers an easy-to-use, familiar method that they can adjust very quickly to."
http://news.zdnet.co.uk/hardware/0,1000000091,39286745,00.htm

and this is why…!!!


A two-factor authentication system operated by Dutch bank ABN Amro has been compromised and money stolen from four customers who fell victim to a phishing scam.
The man-in-the-middle attack occurred after the customers opened an email with an attachment purporting to be from the bank, downloading malware onto their machines. When they next tried to visit the bank's website, their browser was redirected to a fake site, allowing the attackers to overcome ABN Amro's two-factor authentication system by piggy-backing on a legitimate log-in.
Two-factor authentication systems normally use passwords as well as tokens, which provide pseudo-randomly generated numbers. Use of both is supposed to make online banking identity verification more robust.
But security experts have warned that two-factor authentication is ineffectual against man-in-the-middle attacks.
Speaking at the E-Crime Congress in London in March, Cambridge University professor Ross Anderson spoke of the limitations of two-factor authentication. "There are a whole bunch of things that can go wrong with two-factor authentication," said Anderson. "Banks are resisting because their technical staff know that it will be expensive to introduce and will not be effective. Some banks will introduce it, it will be quickly broken and then quickly forgotten," Anderson added, according to Out-Law.com.
The four ABN Amro customers have been compensated by the bank for the money taken from their accounts.
Barclays bank on Wednesday said it would send 500,000 chip and PIN devices to its customers to secure online banking.
   

[Uncle Mort]

NatWest have sent me a similar device. I understand it's only necessary when transferring money in and out of the account via online banking.

I activated mine but I've not been prompted to use it yet when I'm just checking balances or downloading statements.

No system is safe from the incompetence of the user though:

The man-in-the-middle attack occurred after the customers opened an email with an attachment purporting to be from the bank, downloading malware onto their machines.

[Berek]

one of my mates got one of them the other day, he's paralysed from the neck down, I wish i'd been in his house when he called them..

[Barman]

one of my mates got one of them the other day, he's paralysed from the neck down, I wish i'd been in his house when he called them..

[grumpyoldsoldier]

A load of old nonsense, you don't need one of those, keep your shekels under the mattress matey's

[Snoopy]

I still support the Bank of the Loose Floorboard

[Barman]

I still support the Bank of the Loose Floorboard

I was going to put thyat but I thought I'd spoil it for you... 

[Nick]

I thought this thread was about Olympic Oarsmen!

[Pastis]

Having read the words "You need to start using PINsentry before 2/12/07 otherwise you won't be able to use online banking" I set it up last night. Hmmm... a piece of cake, actually. I'll eat my words... and the piece of cake.

Of course I should have heeded BM's ongoing advice and NOT read the fvcking manual 

What irks me now is that, when working abroad, it's yet another piece of kit that has to go with me 

I wonder if they've tested it through X-Ray machines and the like 

[Pastis]

I thought this thread was about Olympic Oarsmen!

I'll  christen my device Matthew if you like 

[Barman]

Having read the words "You need to start using PINsentry before 2/12/07 otherwise you won't be able to use online banking" I set it up last night. Hmmm... a piece of cake, actually. I'll eat my words... and the piece of cake.

Of course I should have heeded BM's ongoing advice and NOT read the fvcking manual 

What irks me now is that, when working abroad, it's yet another piece of kit that has to go with me 

I wonder if they've tested it through X-Ray machines and the like