Technical problems mar Barclays' PINSentry roll-out

The tricky business of thwarting online fraud

"The roll-out has been ongoing since August and has being going pretty smoothly, although there have being peaks and troughs," he said. "There's been a lot of requests, 614,000 in total, more than expected so there may have been delays in call centres."

Pressed on whether customers would need new cards, he said this wasn't necessarily the case. "Customers can use existing debit cards. They shouldn't need to change cards," he told El Reg.

Reg reader Shane, a Barclays business customer, was able to get the system up and running without a new card, but only after the intervention of his bank manager. Shane was the first to draw our attention to potential problems with the roll-out.

"It seems that when they did the preparation for the roll-out of the PINSentry system they either created a series of duplicate entries which meant that when I put in my details it didn't match what they had," Shane explained.

"I got it sorted by my bank manager eventually (apparently he sat on hold for 45 minutes to their call centre rather than I) but I suspect that judging by the comments online and the very long hold times that it is a problem."

Users are revolting

Some users have taken a bit of a dislike to the technology, complaining it's too bulky, among other gripes. Barclays said that since most users carry out e-banking transactions at home, this oughtn't to be much of a problem. At least one enterprising user has taken matters into his own hands by jerry-rigging technology to send SMS messages.

Like other corporations that claim to be web-savvy, Barclays failed to take the precaution of registering a domain featuring a name closely tied to an online project. The pinsentry.co.uk domain is registered and parked with a low-cost domain registration firm by a private individual. There's no evidence of any wrongdoing, but the possibility of fraudsters registering domains on the back of technology designed to make online transactions secure is troubling.

Although the technology stands a good chance of reducing exposure to basic phishing frauds - a greater problem than most in the UK banking industry care to admit - it isn't a "silver bullet" solution and still leaves open avenues for more sophisticated (man in the middle-style) attacks. ®

Sponsored: Network DDoS protection