Feeds

Technical problems mar Barclays' PINSentry roll-out

The tricky business of thwarting online fraud

Security for virtualized datacentres

"The roll-out has been ongoing since August and has being going pretty smoothly, although there have being peaks and troughs," he said. "There's been a lot of requests, 614,000 in total, more than expected so there may have been delays in call centres."

Pressed on whether customers would need new cards, he said this wasn't necessarily the case. "Customers can use existing debit cards. They shouldn't need to change cards," he told El Reg.

Reg reader Shane, a Barclays business customer, was able to get the system up and running without a new card, but only after the intervention of his bank manager. Shane was the first to draw our attention to potential problems with the roll-out.

"It seems that when they did the preparation for the roll-out of the PINSentry system they either created a series of duplicate entries which meant that when I put in my details it didn't match what they had," Shane explained.

"I got it sorted by my bank manager eventually (apparently he sat on hold for 45 minutes to their call centre rather than I) but I suspect that judging by the comments online and the very long hold times that it is a problem."

Users are revolting

Some users have taken a bit of a dislike to the technology, complaining it's too bulky, among other gripes. Barclays said that since most users carry out e-banking transactions at home, this oughtn't to be much of a problem. At least one enterprising user has taken matters into his own hands by jerry-rigging technology to send SMS messages.

Like other corporations that claim to be web-savvy, Barclays failed to take the precaution of registering a domain featuring a name closely tied to an online project. The pinsentry.co.uk domain is registered and parked with a low-cost domain registration firm by a private individual. There's no evidence of any wrongdoing, but the possibility of fraudsters registering domains on the back of technology designed to make online transactions secure is troubling.

Although the technology stands a good chance of reducing exposure to basic phishing frauds - a greater problem than most in the UK banking industry care to admit - it isn't a "silver bullet" solution and still leaves open avenues for more sophisticated (man in the middle-style) attacks. ®

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Forget silly privacy worries - help biometrics firms make MILLIONS
Beancounter reckons dabs-scanning tech is the next big moneypit
Microsoft's Office Delve wants work to be more like being on Facebook
Office Graph, social features for Office 365 going public
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.