By Richard Scarlett
Congratulations to Barclays Bank: so far, not one customer using PINsentry – its two-factor authentication device – has been the victim of online fraud.
However, as someone who carries out a lot of online transactions, my feelings toward this little calculator-type device – that the marketeers promised would provide stronger authentication, greater security and peace of mind – aren’t necessarily as welcoming or congratulatory as you might expect.
As a tech PR, my technical abilities are (I like to think) pretty good. So it was with great reluctance that I resorted to the customer helpline when I couldn’t get my device to work. After a very long chat, it emerged that the card that I was issued was in fact ‘last generation’ and unable to work with the ‘new generation’ card readers. With the helpline running at £1.25 per minute, my patience was fast running out.
Not wanting this to become a frustrated rant about said bank, let’s just say that the issue was resolved and I am now securely shopping and banking online once again.
However, while Barclay’s PR machine may want us to believe that PINsentry is the bulletproof solution to card fraud and ID theft that we’ve all been waiting for, I’m not so sure. But this exaggerated sense of security could actually cause people to take more risks when online eg. logging on from ‘dirty’ PCs, or buying from sites that they wouldn’t normally touch, with the belief that the device will protect them from everything.
And even though banks may claim not to see any evidence of fraud among those customers using PINsentry and the like, I can’t help thinking that these devices are just a decoy to deflect attention from poor security elsewhere – especially as we live in an age where people in positions of responsibility still think it’s OK to download classified data onto a laptop and leave it in the car, lose USB sticks full of unencrypted private customer records, or send CDs full of sensitive information unsecured in the post.
I think that the banks should ditch the smokescreen consumer devices and focus more on evaluating their own internal security policies and procedures. That way, customers will no longer be forced to jump through ridiculous hoops, have usability compromised, or even be followed around by Big Brother Banking – or have to put up with the PR song and dance that says it’s all for our own good.
Comments