My bank got crazy.

My on-line banking is becoming a nightmare or better a daymare. A true story.

My bank sends me a device by postal mail, that looks like a pocket calculator, but it's a bankcard reader.

This is what I have to do for logging in :

01. I have to take my bankcard out of my wallet.
02. I put that bankcard in the bankcard reader
03. I push a button
04. I type a number of 8 digits, mentioned on the login window
05. I push a button
06. I type a number of 4 digits
07. I push a button
08. Then a number of 8 digits appears on the bankcard reader
09. I type that number of 8 digits in the login window
10. I click the login-button and than I can do what I want to do
11. I remove my bankcard in the bankcard reader
12. I put my bankcard back in my wallet.
Pffffffffft.

The very first time, when I clicked on the login-button, the login window said, your login was too slow, try again and I had to start all over again.

I have to do this each time when I log in and each time, when I sign a money-transfert.

The bankcard reader works on batteries and I don't even know how to replace them. I can't open it. Maybe it works on solar batteries, like my pocket calculator, hopefully.

High time to look for another bank.

 

Sounds like you have a million dollars with them. And that they're treating you like James Bond. Are they doing that with everyone? Cause I'd like one of those devices. Does it have bright lights & make sounds?

 

That's for every customer of that bank, if he does online-banking and I'm not like Bill G. either.
Nope, no lights, no sounds, no tv.

 

Me too. My bank sends me a security device which will generate random ID every time I login to internet banking.

 

It's probably very secure, but very unpractical too. Nobody is going to like this.
Most probably every bank in Belgium will do this on long term, they all have the same bankaccount number structure.

 

You might use PayPal or Moneybookers account instead.
You will transfer as much money as you can afford to loose.
I myself would never use a real account for online payments.

 

Online-banking at home is very easy, I hardly visit the office of my bank, so I don't have to wait either. If they steal my money via internet, I get it back and it never happened in all these years.

 

That sounds like a really good bank, I guess, that it is in Switzerland.
PayPal is faster, it does not verify so much, but that is also more dangerous.

 

I paid my bill online at home. I’m too lazy to queue. My opinion the Bank security device was secure as a second layer security.
I’m not confident enough to use Paypal. How secure it is?

 

I have a PayPal account too, which I created to collect my American free lotto winnings, but I stopped playing, because the free lotto world isn't interesting anymore.
I bought a few softwares with it and it's almost empty now.
And yes it isn't so safe, just a password, but I never lost any money either.

 

Heh: sounds like they dont want you to be able to get your money out E-A.

My bank in Oz the NAB has taken an altogether more scary and confronting route.

My "domestic CEO" and I have joint back acc's and shared CC accounts:
( I KNOW... SCARY STUFF...
What the heck I'm a snaggy kind of guy )

The bank allows simple log-in to access the accounts and transfer $ between our various accounts personal loans cc business etc..

BUT: when we want to transfer $ to an external acc IE pay bills etc, the bank sends an SMS with a code to authorise the transfer.
I was not aware of this 'till after the fact: the mail mysteriously dissappeared. ?

Guess whose cell phone the SMS goes to ??: LOL, not mine.
I have to ask permission to pay bills She has to agree.

I've checked with the bank about adding another cell phone or changing the the arrangements: she has to agree LOL

(had to ask: what happens if she has an accident or loses the phone>>PITA is what happens. LOL

Just another layer in the increasing complexity of life.
And another lost battle before I even knew there was one: as usual.
LOL

In some ways it's not a bad scheme really but there are some holes:
However for simplicity and a "layered" system it's not too bad as we do most of our e-banking from home with cell phones nearby.

It's more question of UAC on the domestic front lol.

 

You got that right, I won't visit my online-bank-website so often anymore, one time a week and that's it.

 

Seems like an unpolished system. But, your bank seems to take security seriously and this is a good thing.

 

This is a very dangerous practice of letting bank customers use card readers at their home's. How do you know the signal from the card reader can't be pickedup by a scanner near by or how do you know the signal is only going to the bank. They're been cases of thieves putting their own card readers in place of the banks ATM's card reader, how do you know for sure the card reader actually came from the bank and not from some Identify thief. But using your own card reader at home would prevent people from standing over your shoulder. If I sounds paranoid it is because I am, just because the odds on this not happening are small doesn't meant it can't happen. It does't mean I am Mr. Gloom and Doom ether.

 

I wish that financial institutions in the USA took security this seriously, yes, even if it is a pain in the a$$. If it works, and I repeat "IF", then the patience require to make it work is worth it. It is waaaaaaaaay to easy to steal money from accounts in the USA and I have long admired the security standards set in place in Europe.

Acadia

 

Erik,
Very soon all banks will follow suit with OSD's, as things are they are losing
too much money to online banking hackers and keyloggers.

Why you must be reasonably quick when typing in the necessary numbers is
that if you should have a Keylogger on your machine IT only has 20 seconds
to get the vital number and enter it, otherwise it's too late, the number has changed.That would not be possible to do, because it can't come in over the top of you logging in.

 

It works Acadia, just takes a couple of goes to get used to being quick,
because the OSD's generate a random number each time.

 

I'm not against the concept, I'm against the way they solved it and as usual the user is always the victim.
There are always different ways to solve a problem, if you think a little LONGER.
This method was obvious the most easy one for the banks, but not for their clients, who have to live with this EVERY day.

 

I do like changes, but only GOOD changes. A malware is also a change on my harddisk, but a BAD one.
Of course, I will get used to it, I have no other choice, but that doesn't mean I have to agree with it.
That's how the world works, the average man doesn't rule the world, they have to accept what they tell him to do.

 

Security means PATIENCE. It's the bad guy's fault, let's not blame the banks.

Acadia

 

Hello,

No it's not the bad guy's fault.

It's the fault of:

Bad security design of the bank's website. They have invented the new methods to protect themselves, from insurance problems that could stem from frauds, rather than to protect the customer. Your money in their safe. Go figure.

People falling for all kinds of crazy things. Getting confused as to where your site is and clicking links in emails - just to confirm username and password.

Bad guy is just there to reap fruit.

Mrk

 

A card reader isn't being used - instead the bank is issuing a device that is more like a pocket calculator which generates a code number that can only be used for a short period of time. It has no connection, wired or wireless, to compromise - aside from the one between seat and keyboard...

 

That is correct.