James Daley: Secure, yes, but way too much hassle

Click to follow
The Independent Online

If you're a customer of Barclays Bank, you may have been confused to receive something resembling a pocket calculator in the post some time in the past few weeks. In fact, this device isn't designed to help you do your sums; somewhat surprisingly, it's the latest innovation in online banking security, and it may soon become standard issue for every person in the UK who uses their bank's internet facilities.

The device goes by the name of PINsentry. It works by issuing you with a unique eight-digit access code every time you want to log on to your internet banking service. To generate your code, you simply insert your bank card into the reader, type in your PIN, and off you go. Instead of having to remember lengthy passcodes, all you need to do is type your freshly generated eight-digit number into the website, and you're done.

There's no doubt that PINsentry greatly increases security. Most current online banking services require information such as your date of birth, and perhaps your mother's maiden name, and then a random selection of digits from a passcode. All of this information, however, is in the possession of the user, and it can be lost, indiscreetly divulged or even stolen by a third party who can then use it fraudulently.

Indeed, Barclays claims that many email "phishing" scams where strangers present themselves as banks and other official institutions to help them elicit confidential information from online banking customers have often been successful. PINsentry, they claim, puts an end to such scams immediately.

In effect, this technology takes all responsibility for security completely out of the hands of customers, because they now need a password to access their online banking facilities that they don't even know themselves. A fraudster would need both the user's card and PIN to defraud them.

But the problem with PINsentry is that it's clumsy. The first I heard of it was when a colleague sent me a furious email complaining that he'd been left unable to access his online banking while he was travelling, because he'd forgotten to take his PINsentry device with him. He works in the US, so relies on the internet for his UK bank account, and is now facing up to the fact that he needs to remember to carry his PINsentry with him wherever he goes.

Quite aside from the hassle of ensuring that you have your device with you, PINsentry is also a step back in terms of consumer experience. At a time when the UK is taking its first steps towards contactless payments where you don't even need to get your card out of your wallet to make a transaction (instead you simply wave your card over a reader, as with a London Transport Oyster card) it seems perverse to be introducing technology that requires the physical use of your card to access a virtual banking world.

Other banks may follow Barclays' lead, but it's clear to me that this is a temporary fix, for which the cost may prove greater than the benefits. Inevitably, PINsentry will be superseded by better technology within a few years.

Surely it is not a very big leap of the imagination, for example, for banks to start installing contactless card technology into laptop computers, so that users will simply need to swipe their wallet across their computer, and enter their PIN, when they need to access their online banking.

Better still, contactless payment technology promises to do away with cards altogether so that soon, you may only need a tag fitted into your mobile phone, or on to your keyring, to complete a transaction (or, indeed, to log into your online banking).

Whichever way you look at it, PINsentry is a clumsy invention. If other banks take the long-term view and decide to not bother with it, Barclays could end up losing those of its customers who are infuriated by the hassle factor.

See www.barclays.co.uk/pinsentry for more information

Looking for credit card or current account deals? Search here