mikey@Sun

closer look at rbs card reader

Tuesday Jul 24, 2007


Today morning I received my card reader from RBS. This piece of technology
is to ensure customers secure transactions over their on-line banking system.

The actualdevice looks like of the picture.
There are three function buttons on the device, called identify, respond, and sign respectively. According to enclosed instruction manual the first one has use to login to the banking system, the second to verify the transactions, set up new standing orders, etc. and the third remains quite a mystery to me (maybe a feature of some kind), and is not documented.

The actual device has a card reader that reacquires your RBS debit card to work. So for instance to create a new standing order you need to:
(to make its easier lets presume you're already logged in the digital banking and only need to verify that you are who you say you are)

a) insert your RBS debit card into a card reader
b) punch in your card's PIN
c) enter the query number shown on your computer screen
d) respond with a securecode given by your card reader



Now you may say, “cool finally my internet banking would be safe from hackers, yay!”. Or you may alternatively say “I don't have a MIT engineering degree, help!”, neither do I, and here is how I see it...

First of all you need to carry your card reader with you whenever you go, same applies to your card, that you probably already have in your wallet. I tend to wear jeans and there are only two pockets. And I usually have my wallet, mobile and keys with me, so both pockets are in use. Where I am expected to carry this card-reader anyway?

The other issue is, it's still possible to login to digital banking using your passwords combination. The thing sometimes I just want to look up my balance, and it would really annoy me if I had to use the card-reader each time I want to do so.

Anyway, its good to see that RBS takes security of their customers very seriously, and balance can be checked on *selected* ATMs also.


P.S.: I'd like to thank to Glynn Foster for the best, greatest hackergotchi I ever had :D -- thanks Glynn!

 

[3] Comments
Like this post? del.icio.us | furl | slashdot | technorati | digg
Posted at 01:02PM Jul 24, 2007 by Michal Nowak in Technology
Tags:
Comments:

I phoned to try and opt-out of this service and the staff member who I spoke with said (amongst other things obviously)that they “agree completely, you should be able to opt out” and “I can see how it could be impractical” and suggested I eMail to complain.

I complained, in writing, to RBS about being forced to use the card-reader and the lack of an opt-out option… after a week I got a letter from RBS that will be posted on my own website shortly, but in the meantime here are a few choice quotations showing the general grasp of the English language (or poor stock letter templates) that the RBS seem to have, adding insult to injury considering they didn’t answer any of the points raised in my eMail.

"…we at Royal Bank of Scotland are the first Banks within the UK to introduce…"

"…This is when you wish to create or amend and payment details…."

And last but not least

"I hope this resolves your query, however if you have any further questions please contact our Royal Bank of Scotland on Royal Bank of Scotland* and we will be happy to help"

Believe it or not the letter actually seemed to carry a real signature, so Richard Csizmazia obviously didnt read either my original eMail, or his own reply!!

Posted by Ross on January 24, 2008 at 07:35 PM GMT #

@Ross,

I received the SECOND card reader plus a chip card (for use with the reader only), still can't figure out what is this second kit for... plus I've got only one account with RBS.

What a waste of corporate resources.

Posted by Michal Nowak on January 27, 2008 at 12:10 PM GMT #

i got a card reader from rbs through the post with NO instructions, had no idea what it was or what it was for, after some research on the net found it was a card reader but still cant use it and have no idea where to use it, seems im the only one in this town who got one and everyone else shrugs when i ask for more details. My branch are of equal help, seems they haven't been trained on how to demonstrate one and the only reply to its use was making online transactions safer.Never been asked to use it by my online banking or branch either so exactly why have i been sent it?

Posted by leanne marshall on September 30, 2008 at 10:45 AM BST #

Post a Comment:
  • HTML Syntax: NOT allowed