[access-uk] chip & pin banking

From The Guardian 12 May 2007
Banks impose home chip and pin to fight internet accounts fraud
Tony Levene

All the big banks - except HSBC, which also controls First Direct
are to demand that online customers use "chip and pin at home"
devices to identify themselves before moving money out of their
accounts, in the biggest change to personal banking since chip
and pin replaced signatures at the checkout.

Millions of hand-held card reading devices will be sent, free of
charge, to bank customers over the next six months in the latest
attempt to fight online fraud. Regular internet users will be the
first to receive the devices, in which they will have to place
their debit card before making any online banking transactions.
Only balance inquiries, and payments to "known and trusted" big
firms such as telephone and power companies will be possible
without using the devices.

Account holders at Barclays, NatWest and Nationwide will be given
a calculator-style gadget which, once they insert their debit
card, will produce a randomly generated number which they will
have to key in as well as their usual passwords and
identification numbers.

Lloyds TSB customers will have a keyring-style device with an
inbuilt chip, which will also produce a random number. A big
advertising campaign is due to run this summer.

Banks hope the devices will beat the fraudsters because they will
be independent of a user's computer, thereby preventing scams
such as "key logging" in which trojan software records every key
stroke on a computer, including access codes.

The introduction of chip and pin at home will coincide with an
industry-wide "faster payments" scheme, which from November 4
will finally end current clearing times of three to five days,
even where money is transferred between accounts online.

The banks are concerned that instant money transfers - demanded in
the government-sponsored Cruickshank report in 2000 - would
expose them to greater fraud, and are introducing the hand-held
chip and pin readers to combat the risk.

Barclays and NatWest are leading the move to "multi-layer
authentication" while other banks are still choosing which
technology and card readers to adopt.

"There is no hiding that fraud is on the increase and that
fraudsters are becoming increasingly cunning. Our access code
device will deal a major blow to these internet thieves," said a
spokesman for Lloyds TSB.

Welcome to chip and pin for the home

It will be the biggest change in how we bank since chip and pin
made signing for a credit or debit payment seem a thing of the
past, writes Tony Levene. Most of Britain's top banks - except
HSBC and First Direct - are due to send out millions of "chip and
pin at home" gadgets to customers who bank online, as an extra
defence in the anti-fraud battle.

For customers, the machines - most look like the calculator-style
gizmo pictured on this page - will be as essential a part of
internet banking as a password and a mouse. Anybody wanting to
move money around their bank accounts or send cash to accounts
owned by family and friends, or make payments to third parties,
will have to use a card reader.

The devices generate a random "access" or "challenge" code, which
will be recognised by the customer's bank as belonging to you
once it is keyed into your home computer. Each transaction will
need a new code - so it is claimed that fraudsters, who
concentrate on penetrating computers, will be unable to discover
what the next number will be.

The big gadget roll-out starts in early summer, but some banks
have more advanced plans than others.

Barclays and NatWest intend to send out calculator-style card
readers which use the chip on a customer's debit card to generate
a random eight-figure number. LloydsTSB will send out "dongles" -
a keyring-style gadget which does not need a card as it has an
inbuilt chip, but which also generates a random number; this time
six figures.

But no bank is obliged to bring in chip and pin at home. HSBC
believes its fraud losses are so low that the expense of the new
system would outweigh the potential fraud saving.

Other big banks, however, believe the cost of sending out devices
at no cost to customers is well worth it.

Banks fear internet banking fraud losses will continue to soar
without the new security devices. In 2004, they lost  12m; pounds
in 2005, fraudsters grabbed  23.2m pounds while last year the
figure jumped again to  33.5m pounds.

Under the banking code, the banks have to pick up the bill for
online fraud losses, unless they can show account holders were
complicit in the theft.

The banks intend to mount a chip and pin at home publicity
campaign in the autumn. Some may combine this - and counter
customer moans about yet more layers of security - by telling
account holders that, from November 4, they will introduce faster
payments.

That means that online banking transactions will move through the
system at broadband speeds, rather than the three to five days it
currently takes to clear a payment. This extra speed is part of
an industry-wide initiative intended to drag the banks out of the
Victorian era.

"Faster payments increase fraud risk so banks need extra security.
These handheld devices are one answer to this," says Georges
Lieberman of technology firm Xiring, which supplied the reader
shown here.


** To leave the list, click on the immediately-following link:-
** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe]
** If this link doesn't work then send a message to:
** access-uk-request@xxxxxxxxxxxxx
** and in the Subject line type
** unsubscribe
** For other list commands such as vacation mode, click on the
** immediately-following link:-
** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq]
** or send a message, to
** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq

Other related posts: