Feeds

Technical problems mar Barclays' PINSentry roll-out

The tricky business of thwarting online fraud

Top three mobile application threats

"The roll-out has been ongoing since August and has being going pretty smoothly, although there have being peaks and troughs," he said. "There's been a lot of requests, 614,000 in total, more than expected so there may have been delays in call centres."

Pressed on whether customers would need new cards, he said this wasn't necessarily the case. "Customers can use existing debit cards. They shouldn't need to change cards," he told El Reg.

Reg reader Shane, a Barclays business customer, was able to get the system up and running without a new card, but only after the intervention of his bank manager. Shane was the first to draw our attention to potential problems with the roll-out.

"It seems that when they did the preparation for the roll-out of the PINSentry system they either created a series of duplicate entries which meant that when I put in my details it didn't match what they had," Shane explained.

"I got it sorted by my bank manager eventually (apparently he sat on hold for 45 minutes to their call centre rather than I) but I suspect that judging by the comments online and the very long hold times that it is a problem."

Users are revolting

Some users have taken a bit of a dislike to the technology, complaining it's too bulky, among other gripes. Barclays said that since most users carry out e-banking transactions at home, this oughtn't to be much of a problem. At least one enterprising user has taken matters into his own hands by jerry-rigging technology to send SMS messages.

Like other corporations that claim to be web-savvy, Barclays failed to take the precaution of registering a domain featuring a name closely tied to an online project. The pinsentry.co.uk domain is registered and parked with a low-cost domain registration firm by a private individual. There's no evidence of any wrongdoing, but the possibility of fraudsters registering domains on the back of technology designed to make online transactions secure is troubling.

Although the technology stands a good chance of reducing exposure to basic phishing frauds - a greater problem than most in the UK banking industry care to admit - it isn't a "silver bullet" solution and still leaves open avenues for more sophisticated (man in the middle-style) attacks. ®

Top three mobile application threats

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.