Barclays touts secure online banking with PINsentry
Barclays will start sending out handheld Chip and PIN readers to its online banking customers later this year to help prevent fraud.
The PINsentry reader works with customers’ normal debit card and PIN, and will be required for certain transactions – such as setting up a new third party payee. The free reader will be sent to half a million customers by the end of the year.
It works by creating an eight digit passcode when the user swipes their card then enters their PIN. The passcode needs to be entered when setting up certain payments and only lasts for two minutes.
Graham Cluley, senior technology consultant for security company Sophos, thinks it’s a step in the right direction. “Keyboard logging spyware and phishing emails which try to steal your login information just won’t be effective as your passcode keeps changing. This will help make life harder for the bad guys who are trying to break into your account,” he said.
While anything that stops bad guys getting their hands on your cash is to be welcomed it seems like a bit of a phaff. As it’s only used for certain things then you’ll no doubt lose it just when you need it most and not be able to make that payment.
One thought on “Barclays touts secure online banking with PINsentry”
Hi,
This program, while beneficial for some forms of malware attacks, won’t stop phishing attacks. The criminals send an email to the user that looks like it comes from Barclay’s. The user then clicks on it and goes to a look-a-like Barclay website. There they log in. In parallel, the criminal site then logs in to the Barclay’s site and forwards the data. At this point the criminals can then withdraw money from your account.
Strong authentication doesn’t stop phishing attacks. The best defences are to use transaction authentication for each transaction and to educate the users.
I have just released a new product that educates enterprise users about malware attacks. My challenge in communicating this to you is that by providing links in this message I may be guilty of getting you to click on a link and thereby avoid best security practices. So, with this in mind, here’s what I’d like you to do.
Do a search in a search engine for authenticationworld.com. That’s my website. Then click on the link in the main navigation bar “Training in a Flash”. That will take you to the website devoted to this product. Then click on the link “Training in a Flash” and you’ll see the free three minute flash program.
I also maintain a blog on authentication on my website.
Guy Huntington
Comments are closed.