This is my personal blog. The views expressed on these pages are mine alone and not those of my employer.

Monday, 2 November 2009

Why I hate the bank card readers

All the major banks are now supplying the darned card readers to be used for online transactions.

If you don't know what I mean they're the little "calculator like" devices which you insert your debit card (and pin) to allow yourself to be authenticated via online banking.

However (like all security) there are downsides:

  • You have to carry one everywhere you do your online banking
  • For some reason most institutions lock them to only work with their cards (so you cannot simply borrow one from someone)
Most people mis-understand how these devices work, the clue is in the name, they are a reader, they don't have any logic on-board regarding anything financial. The processing all happens within the chip itself on the card, the readers are simply a means of communicating with your card.

Regarding having to use one for each institution would be very understandable if each used their own algorithms for card transactions, but this would be both a massive overhead and simply isn't the way its done (do they have different card readers for each bank in the shops?). Instead a marker is set on the card detailing the banks 5 digit number. The readers must simply compare this to a pre-set value and if not identical "Wrong Card", god dam!

Forcing most people to have to carry this stupid things around with them.

Regarding security they can actually make it worse. Picture this. Dark alley late at night. Thieves mug you, get your card, and demand your pin. It can be checked on the spot, without the thieves having to risk marching you to the nearest cash machine. This is stupid that these things actually issue "wrong pin, try again". A better way would to be simply issue the authentication codes anyway, which would of course be wrong had the pin being incorrect.

Nevermind, maybe the banks will catch up with technology one day...

Shame on you banks for locking down on internet banking when the whole ethos is around making it more convenient for their customers.


  1. Agreed, these are poorly implemented and inconvenient - it feels like the banks are fighting to shift responsibility for fraud back onto the customer.

  2. Exactly. These machines have been implemented purely selfishly for the banks with the facade of being more secure for the customer. In reality they are there to protect the banks for paying out in situations where responsibility is currently questionable (card reported stolen etc) whilst actually increasing risks for the customer. This allows them to hide behind the ever so popular "sorry as the PIN was used we can't do anything about it".

  3. Bank card readers ? Give me "CRONTO Technology".