Barclays PINsentry
I had to do pay some bills on-line today. For the last few months I’ve been forced by Barclays to use this PINsentry device. I really don’t like it. I know the aim is to improve security for on-line accounts but this really makes accessing my account so clumbersome.
- I have to enter into the browser a 12 digit membership ID (ok this can be saved in the cookie)
- I then have to enter 5 digits from the card in to the browser.
- Insert the card into the PINsentry and enter a 4 digit PIN into the sentry.
- Then I have to enter the 8 digit number displayed on the PINsentry into the browser.
So thats a total of SEVENTEEN digits (best case) or TWENTY-NINE if the membership ID isn’t in the cache, to view my account information! This is overkill!
With that number of digits to type in I usually, I make at least one typo and have to start over. Also the Barclays website is very tempremental. Hit the browser back button… you get logged out. Get a double bounce with the mouse… you get logged out. Leave the page for more than a couple of minutes because you are looking up some other data…. you get logged out. I know! All of the above happend to me this morning!
Ok, rant over.
Did you hear in the news that, “A fraudster walked into a branch of Barclays Bank posing as its chairman Marcus Agius and managed to walk out with £10,000”. http://news.bbc.co.uk/1/hi/business/7181741.stm It seems Barclays needs even tighter security!
What’s more, you leave nice fresh fingerprints on the four keys that you pressed to enter your pin.
Fingerprint kits are cheap and easy to use. If a thief steals your card and your PINsentry then they can easily find which four digits you use for your pin.
There are 256 combinations of any 4 digits and you get three tries to get it right. So that’s a 1 in 85 chance of hitting the jackpot.
That’s better odds than the lottery and worth a gamble for any thief.
Harold
Michael, Don’t get me started on them not asking for ID. I once got a bankers draft for £9000 from my account without the bank asking for any form of ID. All I did was give my name and account number.
Harold, thanks for the comment. That’s a good observation. For my part I’ve taken a couple of precautions, firstly my PINsentry and my card never live together – the card is normally with me the PINsentry normally wiith the computer. As of this morning I also ‘fingered’ ALL the keys on the device so anyone lifting my dabs will find them on every key.