Does accessing online banking have to be so difficult?

In the continuing battle against fraud, three British banks – Barclays, NatWest and Royal Bank of Scotland – now require many customers to use specially issued card readers in order to either log in to, or send money from their online bank accounts; my own trouble-free log-in procedure has now been replaced by a laborious system involving my surname, a 12-digit membership number, my debit card, my PIN and an 8-digit number generated by the reader. Meanwhile, another online bank I use merely requires a membership number, a password and a security question to be answered on a single screen. Neither of these accounts have ever been compromised – touch wood – so is there really an advantage to carrying around this chunky, calculator-sized lump?

While I find my Barclays Pinsentry device slightly irritating, others are frothing at the mouth. Of course there’s going to be a trade-off between having a secure account and having one that’s annoyingly difficult to access – but do card readers strike the right balance? The members of a Facebook group called “I hate Pinsentry” certainly don’t think so, and nor do the people behind a website, stopthecardreaders.org, who are rallying behind the slightly half-hearted slogan of “Make Card Readers Optional!” One friend of mine observed that, as the Pinsentry generates 8-digit numbers unrelated to the time of day they’ve been produced, people at her workplace have just been generating huge lists of numbers, writing them down and carrying them around in their wallets, crossing them off as they go. Not the level of security intended by Barclays, one presumes – but then again, telephone banking still exists, with personal details being hollered down telephone lines from busy trains across the land. Indeed, BagofHammers commented on our blog that he (or she?) prefers it that way: “If online banking isn’t convenient, why bother? I just use phone banking, and I have no problems accessing my account information when I need it.”

It is possible to opt out of Barclays’ Pinsentry system and revert to the old method; detailed instructions appear on one blog [ tinyurl.com/36eoaq ] along with a plea for calm from an anonymous Barclays call centre manager. But if you ever need to set up new payees to transfer money electronically, you’ll have to opt back in again. While it’s probably easy for banks to brush off customer complaints by saying “well, it’s for your own good”, all people want is a smaller device – maybe something that can slip onto a keyring? HSBC’s business accounts, for example, use sleeker number-generating devices and, as Jerry Goldstein commented on our blog, “these are the best compromise between security and ease of use.” But one electronics whizz has gone one better: he’s constructed a contraption that allows him to get his online banking codes via his mobile phone. [ tinyurl.com/yszdxd ] Now, maybe that’s the future.