Barclays is hoping to pin down fraud with its PINsentry device
Barclays banks on two-factor authentication
/v3-uk/news/1948925/barclays-banks-factor-authentication
11 Jun 2007, Iain Thomson , V3
Barclays is to use two-factor authentication for the first time in an effort to prevent fraudsters plundering bank accounts.
The bank's PINsentry devices will be sent free to half a million customers later this year for use with their online accounts.
Other customers will be able to get the devices if they are using online banking to make transfers to third-party accounts.
Barnaby Davis, director for electronic banking at Barclays, said: "Barclays is constantly working to help protect customers and their money and that is why we have invested in this system.
"PINsentry is the next generation of fraud prevention technology and Barclays is proud to be the first organisation in the UK to roll it out to its customers.
"The popularity of Barclays' online banking service comes down to convenience and security, and the introduction of PINsentry will enhance both these features."
Barclays has done more than most to combat the phishing industry. The bank gave free antivirus software to its customers last year, and introduced an SMS alert service covering activity on online banks accounts.
While broadly welcomed, many in the industry have been concerned at the slow introduction of two-factor authentication.
"It has taken banks a while to get round to tokens because it is a cost to them," said Tony Redmond, chief technology officer at HP Services and HP Security.
"Some bankers have said that this is because it is more expensive to introduce tokens than the cost of the fraud because they can offset the losses against tax.
"But they are now being forced to introduce them because of the damage to reputation."
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
not impressed
As a barclays pinsentry user for two months now I won't bore you with the details of what a pain in the arse pinsentry is but I will tell you that I think this is a backward step as regards security. Here's why..
Pinsentry is a handheld device that prompts the user to insert their pin&chip card and enter their pin which it then verifies and passes back a code which is used to log in at barclays online banking. Read that bit again... yes it is A CHEAP DEVICE WHICH CAN READ YOUR PIN OFF YOUR CARD. Blimey - how long vbefore someone reprogrammes it to display your cards pin rather than just verrify what you enter!!!!!
Posted by bikeman, 19 Oct 2007
Inconvenient and Insecure
As previsouly posted, it will only be a matter of time before these can be hacked. Fraudsters must be wetting themselves with glee.
Secondly, I for one will be demanding to be taken off this farcical scheme. When this was originally promoted on the Barclays website, I would only need to use this to setup and make payments to 3rd parties. Now when it arrives this morning I have to use it EVERY SINGLE TIME I want to sign in.
Barclays have either not their homework properly or taken a look at the public view and deemed they dont care and gone with option.
They have certainly not "enhanced security and convenicen", they have COMPROMISED both. In the case of convenience, they have undeniably, categorically removed any convenience. And on the barlcays FAQ wesite when when asked "if I don't have the PinSentry but desperately need to use the online banking..." the response is "Sorry, you can't use it... please phone telephone banking".
Sorry Barclays.... big black mark against your name. I can already see on several other forums that the complaints are building up. We don't like it and wont stand for it!
Sort it out. If someone has to suffer, make sure it's not the customers who keep you in business. Go and save yourself the £50K+ salry that you pay the project managers who put this in and demand a refund from the market researchers/focus groups who only showed you the positive response from the public.
SORT IT OUT... NOW... WHILE YTOU STILL CAN ... AND BEFORE IT'S TOO LATE!
Posted by Steve Norton, 09 Nov 2007
Doubt that
I doubt they read your PIN from your card -- that would be a security risk!
I don't know the details of chip and pin, but I imagine they use some sort of one-way hash to store your pin so that it doesn't ever have to be read in clear-text.
Posted by Neil, 27 Apr 2008
looks like a portable device is out now!
Just saw an article about a thin version of the PInSentry device that can be used with any bank in the UK. It is apparently very thin and light and meant to be carried in a wallet allowing more convenience to the average user.
I have just bought one from http://boutique.gemalto.com/boutique/GEMALTO-B2CCORP-Site/E-Banking/cat-WFS-en_US-GBP-TSUKAwOEhUoAAAEisM4o8Cyn and will report if it is indeed as thin as they say!!!!
Posted by James Benneton, 19 Dec 2009