On Friday I received and “Online Banking Card Reader” from NatWest, my bank here in the UK. Let me tell you, it is one of a curious kind.
NatWest issued me a new debit card a few weeks back now, although it was actually not due. The chip in the new card looked slightly different from the one on the last one, but it is still an EPROM with 255 bytes of storage. I have not read its contents yet ... I am sure I am bound by some dubious legal agreement not to do it anyway.
The device is roughly the size of a smallish pocket calculator. It is a Xiring device, patented by French company Xiring. The device has a PIN-and-chip reader where you slide your debit card into, and it then prompts you for input. The device has three modes of operation:
- Identity, enter a secret (your PIN) and receive back a secure code.
- Respond, enter a secret and a (reference) number and receive back a secure code.
- Sign, enter a secret, a (reference) number and an amount, and receive back a secure code.
It seems like a useful device, more secure than the current password solution RBS/NatWest has. The only way to do online banking in the future with NatWest will be through this device.
I am not sure about it though. The device is nothing but a fancy electronic challenge/response card, but highly inconvenient to the consumer. The device relies on batteries and it's very bulky compared to a card you can slot into your wallet.
My bet is that we will see massive pushback.
blog comments powered by Disqus