James Daley: Secure, yes, but way too much hassle

Saturday 01 December 2007 01:00 GMT
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

If you're a customer of Barclays Bank, you may have been confused to receive something resembling a pocket calculator in the post some time in the past few weeks. In fact, this device isn't designed to help you do your sums; somewhat surprisingly, it's the latest innovation in online banking security, and it may soon become standard issue for every person in the UK who uses their bank's internet facilities.

The device goes by the name of PINsentry. It works by issuing you with a unique eight-digit access code every time you want to log on to your internet banking service. To generate your code, you simply insert your bank card into the reader, type in your PIN, and off you go. Instead of having to remember lengthy passcodes, all you need to do is type your freshly generated eight-digit number into the website, and you're done.

There's no doubt that PINsentry greatly increases security. Most current online banking services require information such as your date of birth, and perhaps your mother's maiden name, and then a random selection of digits from a passcode. All of this information, however, is in the possession of the user, and it can be lost, indiscreetly divulged or even stolen by a third party who can then use it fraudulently.

Indeed, Barclays claims that many email "phishing" scams where strangers present themselves as banks and other official institutions to help them elicit confidential information from online banking customers have often been successful. PINsentry, they claim, puts an end to such scams immediately.

In effect, this technology takes all responsibility for security completely out of the hands of customers, because they now need a password to access their online banking facilities that they don't even know themselves. A fraudster would need both the user's card and PIN to defraud them.

But the problem with PINsentry is that it's clumsy. The first I heard of it was when a colleague sent me a furious email complaining that he'd been left unable to access his online banking while he was travelling, because he'd forgotten to take his PINsentry device with him. He works in the US, so relies on the internet for his UK bank account, and is now facing up to the fact that he needs to remember to carry his PINsentry with him wherever he goes.

Quite aside from the hassle of ensuring that you have your device with you, PINsentry is also a step back in terms of consumer experience. At a time when the UK is taking its first steps towards contactless payments where you don't even need to get your card out of your wallet to make a transaction (instead you simply wave your card over a reader, as with a London Transport Oyster card) it seems perverse to be introducing technology that requires the physical use of your card to access a virtual banking world.

Other banks may follow Barclays' lead, but it's clear to me that this is a temporary fix, for which the cost may prove greater than the benefits. Inevitably, PINsentry will be superseded by better technology within a few years.

Surely it is not a very big leap of the imagination, for example, for banks to start installing contactless card technology into laptop computers, so that users will simply need to swipe their wallet across their computer, and enter their PIN, when they need to access their online banking.

Better still, contactless payment technology promises to do away with cards altogether so that soon, you may only need a tag fitted into your mobile phone, or on to your keyring, to complete a transaction (or, indeed, to log into your online banking).

Whichever way you look at it, PINsentry is a clumsy invention. If other banks take the long-term view and decide to not bother with it, Barclays could end up losing those of its customers who are infuriated by the hassle factor.

See www.barclays.co.uk/pinsentry for more information

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in