Donate to Remove ads

Got a credit card? use our Credit Card & Finance Calculators

Thanks to Walkeia,genou,Anonymous,Fluke,barchid, for Donating to support the site

Nationwide to end login with memorable data

wickham
Lemon Slice
Posts: 342
Joined: November 6th, 2016, 8:13 am
Has thanked: 30 times
Been thanked: 8 times

Nationwide to end login with memorable data

#260039

Postby wickham » October 25th, 2019, 7:30 am

Nationwide sent me an email yesterday saying that logging into my current account using memorable data will cease on 28th November.

I will be able to use either a text code by mobile phone (I don't have a mobile phone) or use the card reader. The card reader is more inconvenient than memorable data but as I usually log in with a desktop pc the card reader is nearby, but wouldn't be available if I wanted to log in with a tablet away from home.

My question is how does the card reader generate a number that is recognised online by the bank's computer? I'm always interested in the way things work. If the card reader (or bank card) and the bank's account have a sequence of numbers built in from the start, then the two should match. However, If I generate a card reader number and don't use it, then the next time I log in the number won't match the number on the bank's server. I like to understand basic computer technology.

I know I used the word bank above when Nationwide isn't a bank, but I think it may be soon!

JohnB
Lemon Slice
Posts: 801
Joined: January 15th, 2017, 9:20 am
Has thanked: 46 times
Been thanked: 136 times

Re: Nationwide to end login with memorable data

#260042

Postby JohnB » October 25th, 2019, 7:57 am

Its annoying they are doing this even though the legislation that requires them has been delayed, as I'd much rather have the convenience of using memorable data. But the way the keypads work is that they produce response codes using some algorithm, but with flexibility in the system that a range of 3-4 responses are acceptable, so you can generate a few codes and not use them without problem.

Some of these devices are always on, and have internal memory, so the codes you enter include data to reset the counters. Securid do this, not sure the cheaper bank card readers do.

I expect many people's response is to have larger balances in their accounts, so they don't log in so often, which will make the banks more money, but will save us time micro-managing our finances.

jackdaww
Lemon Quarter
Posts: 1116
Joined: November 4th, 2016, 11:53 am
Has thanked: 1044 times
Been thanked: 168 times

Re: Nationwide to end login with memorable data

#260043

Postby jackdaww » October 25th, 2019, 8:02 am

wickham wrote:Nationwide sent me an email yesterday saying that logging into my current account using memorable data will cease on 28th November.

I will be able to use either a text code by mobile phone (I don't have a mobile phone) or use the card reader. The card reader is more inconvenient than memorable data but as I usually log in with a desktop pc the card reader is nearby, but wouldn't be available if I wanted to log in with a tablet away from home.

My question is how does the card reader generate a number that is recognised online by the bank's computer? I'm always interested in the way things work. If the card reader (or bank card) and the bank's account have a sequence of numbers built in from the start, then the two should match. However, If I generate a card reader number and don't use it, then the next time I log in the number won't match the number on the bank's server. I like to understand basic computer technology.

I know I used the word bank above when Nationwide isn't a bank, but I think it may be soon!


is there any evidence for this please ?

:)

swill453
Lemon Quarter
Posts: 2536
Joined: November 4th, 2016, 6:11 pm
Has thanked: 158 times
Been thanked: 701 times

Re: Nationwide to end login with memorable data

#260047

Postby swill453 » October 25th, 2019, 8:20 am

wickham wrote:I will be able to use either a text code by mobile phone (I don't have a mobile phone) or use the card reader. The card reader is more inconvenient than memorable data but as I usually log in with a desktop pc the card reader is nearby, but wouldn't be available if I wanted to log in with a tablet away from home.

If the tablet has biometric security like a fingerprint reader or face recognition then that can be used to login.

Scott.

mutantpoodle
Lemon Slice
Posts: 265
Joined: November 7th, 2016, 4:21 pm
Has thanked: 97 times
Been thanked: 25 times

Re: Nationwide to end login with memorable data

#260048

Postby mutantpoodle » October 25th, 2019, 8:21 am

fao JohnB
qq
I expect many people's response is to have larger balances in their accounts, so they don't log in so often, which will make the banks more money, but will save us time micro-managing our finances.
uq

i thought the opposite!

I have reduced my balance to £100...taken the £2500 and invested somewhere to earn interest (sadly not as much as was here previously)
set up a £13 s/o for Nationwide fee each month and need not log in at all
thereby having travel insurance...phone insurance...UK/europe breakdown insurance for much less than if bought elsewhere


for me....at least this made best sense in view their lack of interest in my custom

swill453
Lemon Quarter
Posts: 2536
Joined: November 4th, 2016, 6:11 pm
Has thanked: 158 times
Been thanked: 701 times

Re: Nationwide to end login with memorable data

#260051

Postby swill453 » October 25th, 2019, 8:23 am

JohnB wrote:I expect many people's response is to have larger balances in their accounts, so they don't log in so often, which will make the banks more money, but will save us time micro-managing our finances.

The OP's situation is the exception rather than the norm, most customers will have mobile phones and will find it easy to log in more often.

Scott.

swill453
Lemon Quarter
Posts: 2536
Joined: November 4th, 2016, 6:11 pm
Has thanked: 158 times
Been thanked: 701 times

Re: Nationwide to end login with memorable data

#260052

Postby swill453 » October 25th, 2019, 8:25 am

mutantpoodle wrote:I have reduced my balance to £100...taken the £2500 and invested somewhere to earn interest (sadly not as much as was here previously)
set up a £13 s/o for Nationwide fee each month and need not log in at all
thereby having travel insurance...phone insurance...UK/europe breakdown insurance for much less than if bought elsewhere

I'm the the same, though I won't do it till November 1st. Make the most of the "high" interest while it lasts.

Scott.

mutantpoodle
Lemon Slice
Posts: 265
Joined: November 7th, 2016, 4:21 pm
Has thanked: 97 times
Been thanked: 25 times

Re: Nationwide to end login with memorable data

#260055

Postby mutantpoodle » October 25th, 2019, 8:34 am

you are right Scott (of course) but my account is a joint acct (specifically so we both covered on each benefit)...so us each losing a share of the monthly £6 interest BEFORE tax...didnt cause me loss of sleep!!

AleisterCrowley
Lemon Quarter
Posts: 3560
Joined: November 4th, 2016, 11:35 am
Has thanked: 738 times
Been thanked: 791 times

Re: Nationwide to end login with memorable data

#260057

Postby AleisterCrowley » October 25th, 2019, 8:49 am

My question is how does the card reader generate a number that is recognised online by the bank's computer? I'm always interested in the way things work. If the card reader (or bank card) and the bank's account have a sequence of numbers built in from the start, then the two should match. However, If I generate a card reader number and don't use it, then the next time I log in the number won't match the number on the bank's server. I like to understand basic computer technology.


Re the OP's question above, I assume the card reader uses a similar system to RSA SecurID
https://en.wikipedia.org/wiki/RSA_SecurID

This is what I use to access the VPN for work, using a soft token on my iPhone

JohnB
Lemon Slice
Posts: 801
Joined: January 15th, 2017, 9:20 am
Has thanked: 46 times
Been thanked: 136 times

Re: Nationwide to end login with memorable data

#260061

Postby JohnB » October 25th, 2019, 9:02 am

swill453 wrote:The OP's situation is the exception rather than the norm, most customers will have mobile phones and will find it easy to log in more often.


I can't see how adding the barrier of two-factor authentication and removing functionality is going to get people to use the service more. While most people have mobiles, not all have them powered on when at home, or have good reception, or want them linked to their bank account (I'd certainly not want a mobile banking app on a device I could leave on the bus). And while things might work at home, it might not be so smooth on that Caribbean island.

swill453
Lemon Quarter
Posts: 2536
Joined: November 4th, 2016, 6:11 pm
Has thanked: 158 times
Been thanked: 701 times

Re: Nationwide to end login with memorable data

#260065

Postby swill453 » October 25th, 2019, 9:13 am

JohnB wrote:
swill453 wrote:The OP's situation is the exception rather than the norm, most customers will have mobile phones and will find it easy to log in more often.


I can't see how adding the barrier of two-factor authentication and removing functionality is going to get people to use the service more. While most people have mobiles, not all have them powered on when at home, or have good reception, or want them linked to their bank account (I'd certainly not want a mobile banking app on a device I could leave on the bus). And while things might work at home, it might not be so smooth on that Caribbean island.

I accept it's not all, but many do. Reception at home isn't a problem for most, as wifi is pretty ubiquitous.

For myself I find that when I'm sitting at my computer reconciling my finances into Quicken, I'm logging into my bank accounts on my phone rather than having multiple windows open on the PC, simply because the apps make it much easier than using two factor authentication web banking.

My opinion is that overall, online bank logins will continue to increase, rather than your position that they will decrease. Time will tell.

Scott.

XFool
Lemon Quarter
Posts: 4345
Joined: November 8th, 2016, 7:21 pm
Been thanked: 203 times

Re: Nationwide to end login with memorable data

#260066

Postby XFool » October 25th, 2019, 9:20 am

wickham wrote:My question is how does the card reader generate a number that is recognised online by the bank's computer?

Chip Authentication Program

https://en.wikipedia.org/wiki/Chip_Authentication_Program

PinkDalek
Lemon Quarter
Posts: 4415
Joined: November 4th, 2016, 1:12 pm
Has thanked: 1033 times
Been thanked: 1187 times

Re: Nationwide to end login with memorable data

#260072

Postby PinkDalek » October 25th, 2019, 9:38 am

wickham wrote:The card reader is more inconvenient than memorable data but as I usually log in with a desktop pc the card reader is nearby, but wouldn't be available if I wanted to log in with a tablet away from home.


If I'm going abroad I take a spare card reader with me, in case it is needed. They are mostly interchangeable, as supported by the link just provided by XFool which includes:

However, card readers issued by most, possibly all, UK banks conform to a CAP subset defined by APACS, meaning that, in most cases, cards issued by a UK bank can be used in a card reader issued by a different bank.

AleisterCrowley
Lemon Quarter
Posts: 3560
Joined: November 4th, 2016, 11:35 am
Has thanked: 738 times
Been thanked: 791 times

Re: Nationwide to end login with memorable data

#260076

Postby AleisterCrowley » October 25th, 2019, 9:46 am

XFool wrote:
wickham wrote:My question is how does the card reader generate a number that is recognised online by the bank's computer?

Chip Authentication Program

https://en.wikipedia.org/wiki/Chip_Authentication_Program

Ah, that looks right. Very secure, allegedly.

wickham
Lemon Slice
Posts: 342
Joined: November 6th, 2016, 8:13 am
Has thanked: 30 times
Been thanked: 8 times

Re: Nationwide to end login with memorable data

#260080

Postby wickham » October 25th, 2019, 10:02 am

Without requiring any further input, the CAP reader interacts with the smartcard to produce a decimal one-time password, which can be used, for example, to log into a banking website.

I understand that bit, but how does the bank's server recognise the number generated by the card reader? Does the bank and card hold a sequence of numbers that have to match, or a list from which any number can be selected and approved if the card reader has been used out of sequence?
combinations. The server, which also has a real-time clock and a database of valid cards with the associated seed records, authenticates a user by computing what number the token is supposed to be showing at that moment in time and checking this against what the user entered.

The card reader and cards don't have a clock!

XFool
Lemon Quarter
Posts: 4345
Joined: November 8th, 2016, 7:21 pm
Been thanked: 203 times

Re: Nationwide to end login with memorable data

#260095

Postby XFool » October 25th, 2019, 11:16 am

wickham wrote:
combinations. The server, which also has a real-time clock and a database of valid cards with the associated seed records, authenticates a user by computing what number the token is supposed to be showing at that moment in time and checking this against what the user entered.

The card reader and cards don't have a clock!

There is nothing about "real-time clock" or "seed records" in the CAP article.

UncleEbenezer
Lemon Quarter
Posts: 3820
Joined: November 4th, 2016, 8:17 pm
Has thanked: 428 times
Been thanked: 635 times

Re: Nationwide to end login with memorable data

#260389

Postby UncleEbenezer » October 27th, 2019, 5:41 am

It's a cryptographic challenge-response.

Run a transaction through it, and think about it as you go. The bank sends you a number (the challenge), which you type in to the card reader. The card reader then uses it with the cryptographic key on your card to generate a response, which the bank can then verify.

Making you read and enter those numbers manually is IMHO an ergonomic horror. It's the kind of thing that computers are supposed to do for us, and in other circumstances routinely do. To avoid it one could for example use a card reader with USB connection, so you'd never have to type in more than your PIN to authenticate. Though perhaps cards as we know them today (with no builtin connection) might become obsolete first.

Alaric
Lemon Quarter
Posts: 3602
Joined: November 5th, 2016, 9:05 am
Has thanked: 13 times
Been thanked: 713 times

Re: Nationwide to end login with memorable data

#260408

Postby Alaric » October 27th, 2019, 10:10 am

UncleEbenezer wrote:Though perhaps cards as we know them today (with no builtin connection) might become obsolete first.


Mobile phones can scan cards using the built in camera, so laptops and PCs with webcams presumably could as well. You can use your phone as a scanner to pay when remotely ordering in a Wetherspoons although keying in the card number is on balance easier and quicker.

mc2fool
Lemon Quarter
Posts: 1496
Joined: November 4th, 2016, 11:24 am
Has thanked: 5 times
Been thanked: 356 times

Re: Nationwide to end login with memorable data

#260417

Postby mc2fool » October 27th, 2019, 11:31 am

UncleEbenezer wrote:It's a cryptographic challenge-response.

Run a transaction through it, and think about it as you go. The bank sends you a number (the challenge), which you type in to the card reader.

Mostly not. The readers have Identify , Respond and Sign buttons and for the most part you press Identify and stick in your PIN and it gives you a code which you then enter into the bank's website.

There is no "challenge" from the bank that you have to enter into the reader with the Identify button. I have two readers, Barclays & LLoyds (aside from the branding they are identical and interchangeable) and the Identify function is what both use for logging in, and what Lloyds at least uses for setting up new payees (my Barclays account is a legacy savings a/c with £0 in it that I haven't used in a many years and I can't remember if it's the same).

I think I have had to use Respond, which does require a challenge to be entered, but IIRC it was only once and I can't remember what it was for. I don't remember ever having to use Sign.

swill453
Lemon Quarter
Posts: 2536
Joined: November 4th, 2016, 6:11 pm
Has thanked: 158 times
Been thanked: 701 times

Re: Nationwide to end login with memorable data

#260418

Postby swill453 » October 27th, 2019, 11:34 am

Alaric wrote:
UncleEbenezer wrote:Though perhaps cards as we know them today (with no builtin connection) might become obsolete first.


Mobile phones can scan cards using the built in camera, so laptops and PCs with webcams presumably could as well. You can use your phone as a scanner to pay when remotely ordering in a Wetherspoons although keying in the card number is on balance easier and quicker.

Scanning a card won't be as secure, as you're then not using the chip&pin.

Scott.


Return to “Bank Accounts Savings & ISAs”

Who is online

Users browsing this forum: No registered users and 6 guests