Got a credit card? use our Credit Card & Finance Calculators
Thanks to Anonymous,bruncher,niord,gvonge,Shelford, for Donating to support the site
Nationwide to end login with memorable data
-
- Lemon Slice
- Posts: 363
- Joined: November 6th, 2016, 8:13 am
- Has thanked: 34 times
- Been thanked: 10 times
Nationwide to end login with memorable data
Nationwide sent me an email yesterday saying that logging into my current account using memorable data will cease on 28th November.
I will be able to use either a text code by mobile phone (I don't have a mobile phone) or use the card reader. The card reader is more inconvenient than memorable data but as I usually log in with a desktop pc the card reader is nearby, but wouldn't be available if I wanted to log in with a tablet away from home.
My question is how does the card reader generate a number that is recognised online by the bank's computer? I'm always interested in the way things work. If the card reader (or bank card) and the bank's account have a sequence of numbers built in from the start, then the two should match. However, If I generate a card reader number and don't use it, then the next time I log in the number won't match the number on the bank's server. I like to understand basic computer technology.
I know I used the word bank above when Nationwide isn't a bank, but I think it may be soon!
I will be able to use either a text code by mobile phone (I don't have a mobile phone) or use the card reader. The card reader is more inconvenient than memorable data but as I usually log in with a desktop pc the card reader is nearby, but wouldn't be available if I wanted to log in with a tablet away from home.
My question is how does the card reader generate a number that is recognised online by the bank's computer? I'm always interested in the way things work. If the card reader (or bank card) and the bank's account have a sequence of numbers built in from the start, then the two should match. However, If I generate a card reader number and don't use it, then the next time I log in the number won't match the number on the bank's server. I like to understand basic computer technology.
I know I used the word bank above when Nationwide isn't a bank, but I think it may be soon!
-
- Lemon Quarter
- Posts: 2518
- Joined: January 15th, 2017, 9:20 am
- Has thanked: 703 times
- Been thanked: 1013 times
Re: Nationwide to end login with memorable data
Its annoying they are doing this even though the legislation that requires them has been delayed, as I'd much rather have the convenience of using memorable data. But the way the keypads work is that they produce response codes using some algorithm, but with flexibility in the system that a range of 3-4 responses are acceptable, so you can generate a few codes and not use them without problem.
Some of these devices are always on, and have internal memory, so the codes you enter include data to reset the counters. Securid do this, not sure the cheaper bank card readers do.
I expect many people's response is to have larger balances in their accounts, so they don't log in so often, which will make the banks more money, but will save us time micro-managing our finances.
Some of these devices are always on, and have internal memory, so the codes you enter include data to reset the counters. Securid do this, not sure the cheaper bank card readers do.
I expect many people's response is to have larger balances in their accounts, so they don't log in so often, which will make the banks more money, but will save us time micro-managing our finances.
-
- Lemon Quarter
- Posts: 2081
- Joined: November 4th, 2016, 11:53 am
- Has thanked: 3203 times
- Been thanked: 417 times
Re: Nationwide to end login with memorable data
wickham wrote:Nationwide sent me an email yesterday saying that logging into my current account using memorable data will cease on 28th November.
I will be able to use either a text code by mobile phone (I don't have a mobile phone) or use the card reader. The card reader is more inconvenient than memorable data but as I usually log in with a desktop pc the card reader is nearby, but wouldn't be available if I wanted to log in with a tablet away from home.
My question is how does the card reader generate a number that is recognised online by the bank's computer? I'm always interested in the way things work. If the card reader (or bank card) and the bank's account have a sequence of numbers built in from the start, then the two should match. However, If I generate a card reader number and don't use it, then the next time I log in the number won't match the number on the bank's server. I like to understand basic computer technology.
I know I used the word bank above when Nationwide isn't a bank, but I think it may be soon!
is there any evidence for this please ?
-
- Lemon Half
- Posts: 8016
- Joined: November 4th, 2016, 6:11 pm
- Has thanked: 999 times
- Been thanked: 3669 times
Re: Nationwide to end login with memorable data
wickham wrote:I will be able to use either a text code by mobile phone (I don't have a mobile phone) or use the card reader. The card reader is more inconvenient than memorable data but as I usually log in with a desktop pc the card reader is nearby, but wouldn't be available if I wanted to log in with a tablet away from home.
If the tablet has biometric security like a fingerprint reader or face recognition then that can be used to login.
Scott.
-
- Lemon Quarter
- Posts: 1022
- Joined: November 7th, 2016, 4:21 pm
- Has thanked: 515 times
- Been thanked: 124 times
Re: Nationwide to end login with memorable data
fao JohnB
qq
I expect many people's response is to have larger balances in their accounts, so they don't log in so often, which will make the banks more money, but will save us time micro-managing our finances.
uq
i thought the opposite!
I have reduced my balance to £100...taken the £2500 and invested somewhere to earn interest (sadly not as much as was here previously)
set up a £13 s/o for Nationwide fee each month and need not log in at all
thereby having travel insurance...phone insurance...UK/europe breakdown insurance for much less than if bought elsewhere
for me....at least this made best sense in view their lack of interest in my custom
I expect many people's response is to have larger balances in their accounts, so they don't log in so often, which will make the banks more money, but will save us time micro-managing our finances.
uq
i thought the opposite!
I have reduced my balance to £100...taken the £2500 and invested somewhere to earn interest (sadly not as much as was here previously)
set up a £13 s/o for Nationwide fee each month and need not log in at all
thereby having travel insurance...phone insurance...UK/europe breakdown insurance for much less than if bought elsewhere
for me....at least this made best sense in view their lack of interest in my custom
-
- Lemon Half
- Posts: 8016
- Joined: November 4th, 2016, 6:11 pm
- Has thanked: 999 times
- Been thanked: 3669 times
Re: Nationwide to end login with memorable data
JohnB wrote:I expect many people's response is to have larger balances in their accounts, so they don't log in so often, which will make the banks more money, but will save us time micro-managing our finances.
The OP's situation is the exception rather than the norm, most customers will have mobile phones and will find it easy to log in more often.
Scott.
-
- Lemon Half
- Posts: 8016
- Joined: November 4th, 2016, 6:11 pm
- Has thanked: 999 times
- Been thanked: 3669 times
Re: Nationwide to end login with memorable data
mutantpoodle wrote:I have reduced my balance to £100...taken the £2500 and invested somewhere to earn interest (sadly not as much as was here previously)
set up a £13 s/o for Nationwide fee each month and need not log in at all
thereby having travel insurance...phone insurance...UK/europe breakdown insurance for much less than if bought elsewhere
I'm the the same, though I won't do it till November 1st. Make the most of the "high" interest while it lasts.
Scott.
-
- Lemon Quarter
- Posts: 1022
- Joined: November 7th, 2016, 4:21 pm
- Has thanked: 515 times
- Been thanked: 124 times
Re: Nationwide to end login with memorable data
you are right Scott (of course) but my account is a joint acct (specifically so we both covered on each benefit)...so us each losing a share of the monthly £6 interest BEFORE tax...didnt cause me loss of sleep!!
-
- Lemon Half
- Posts: 6385
- Joined: November 4th, 2016, 11:35 am
- Has thanked: 1882 times
- Been thanked: 2026 times
Re: Nationwide to end login with memorable data
My question is how does the card reader generate a number that is recognised online by the bank's computer? I'm always interested in the way things work. If the card reader (or bank card) and the bank's account have a sequence of numbers built in from the start, then the two should match. However, If I generate a card reader number and don't use it, then the next time I log in the number won't match the number on the bank's server. I like to understand basic computer technology.
Re the OP's question above, I assume the card reader uses a similar system to RSA SecurID
https://en.wikipedia.org/wiki/RSA_SecurID
This is what I use to access the VPN for work, using a soft token on my iPhone
Re the OP's question above, I assume the card reader uses a similar system to RSA SecurID
https://en.wikipedia.org/wiki/RSA_SecurID
This is what I use to access the VPN for work, using a soft token on my iPhone
-
- Lemon Quarter
- Posts: 2518
- Joined: January 15th, 2017, 9:20 am
- Has thanked: 703 times
- Been thanked: 1013 times
Re: Nationwide to end login with memorable data
swill453 wrote:The OP's situation is the exception rather than the norm, most customers will have mobile phones and will find it easy to log in more often.
I can't see how adding the barrier of two-factor authentication and removing functionality is going to get people to use the service more. While most people have mobiles, not all have them powered on when at home, or have good reception, or want them linked to their bank account (I'd certainly not want a mobile banking app on a device I could leave on the bus). And while things might work at home, it might not be so smooth on that Caribbean island.
-
- Lemon Half
- Posts: 8016
- Joined: November 4th, 2016, 6:11 pm
- Has thanked: 999 times
- Been thanked: 3669 times
Re: Nationwide to end login with memorable data
JohnB wrote:swill453 wrote:The OP's situation is the exception rather than the norm, most customers will have mobile phones and will find it easy to log in more often.
I can't see how adding the barrier of two-factor authentication and removing functionality is going to get people to use the service more. While most people have mobiles, not all have them powered on when at home, or have good reception, or want them linked to their bank account (I'd certainly not want a mobile banking app on a device I could leave on the bus). And while things might work at home, it might not be so smooth on that Caribbean island.
I accept it's not all, but many do. Reception at home isn't a problem for most, as wifi is pretty ubiquitous.
For myself I find that when I'm sitting at my computer reconciling my finances into Quicken, I'm logging into my bank accounts on my phone rather than having multiple windows open on the PC, simply because the apps make it much easier than using two factor authentication web banking.
My opinion is that overall, online bank logins will continue to increase, rather than your position that they will decrease. Time will tell.
Scott.
-
- The full Lemon
- Posts: 12636
- Joined: November 8th, 2016, 7:21 pm
- Been thanked: 2609 times
Re: Nationwide to end login with memorable data
wickham wrote:My question is how does the card reader generate a number that is recognised online by the bank's computer?
Chip Authentication Program
https://en.wikipedia.org/wiki/Chip_Authentication_Program
-
- Lemon Half
- Posts: 6139
- Joined: November 4th, 2016, 1:12 pm
- Has thanked: 1589 times
- Been thanked: 1801 times
Re: Nationwide to end login with memorable data
wickham wrote:The card reader is more inconvenient than memorable data but as I usually log in with a desktop pc the card reader is nearby, but wouldn't be available if I wanted to log in with a tablet away from home.
If I'm going abroad I take a spare card reader with me, in case it is needed. They are mostly interchangeable, as supported by the link just provided by XFool which includes:
However, card readers issued by most, possibly all, UK banks conform to a CAP subset defined by APACS, meaning that, in most cases, cards issued by a UK bank can be used in a card reader issued by a different bank.
-
- Lemon Half
- Posts: 6385
- Joined: November 4th, 2016, 11:35 am
- Has thanked: 1882 times
- Been thanked: 2026 times
Re: Nationwide to end login with memorable data
XFool wrote:wickham wrote:My question is how does the card reader generate a number that is recognised online by the bank's computer?
Chip Authentication Program
https://en.wikipedia.org/wiki/Chip_Authentication_Program
Ah, that looks right. Very secure, allegedly.
-
- Lemon Slice
- Posts: 363
- Joined: November 6th, 2016, 8:13 am
- Has thanked: 34 times
- Been thanked: 10 times
Re: Nationwide to end login with memorable data
Without requiring any further input, the CAP reader interacts with the smartcard to produce a decimal one-time password, which can be used, for example, to log into a banking website.
I understand that bit, but how does the bank's server recognise the number generated by the card reader? Does the bank and card hold a sequence of numbers that have to match, or a list from which any number can be selected and approved if the card reader has been used out of sequence?
combinations. The server, which also has a real-time clock and a database of valid cards with the associated seed records, authenticates a user by computing what number the token is supposed to be showing at that moment in time and checking this against what the user entered.
The card reader and cards don't have a clock!
-
- The full Lemon
- Posts: 12636
- Joined: November 8th, 2016, 7:21 pm
- Been thanked: 2609 times
Re: Nationwide to end login with memorable data
wickham wrote:combinations. The server, which also has a real-time clock and a database of valid cards with the associated seed records, authenticates a user by computing what number the token is supposed to be showing at that moment in time and checking this against what the user entered.
The card reader and cards don't have a clock!
There is nothing about "real-time clock" or "seed records" in the CAP article.
-
- The full Lemon
- Posts: 10897
- Joined: November 4th, 2016, 8:17 pm
- Has thanked: 1482 times
- Been thanked: 3029 times
Re: Nationwide to end login with memorable data
It's a cryptographic challenge-response.
Run a transaction through it, and think about it as you go. The bank sends you a number (the challenge), which you type in to the card reader. The card reader then uses it with the cryptographic key on your card to generate a response, which the bank can then verify.
Making you read and enter those numbers manually is IMHO an ergonomic horror. It's the kind of thing that computers are supposed to do for us, and in other circumstances routinely do. To avoid it one could for example use a card reader with USB connection, so you'd never have to type in more than your PIN to authenticate. Though perhaps cards as we know them today (with no builtin connection) might become obsolete first.
Run a transaction through it, and think about it as you go. The bank sends you a number (the challenge), which you type in to the card reader. The card reader then uses it with the cryptographic key on your card to generate a response, which the bank can then verify.
Making you read and enter those numbers manually is IMHO an ergonomic horror. It's the kind of thing that computers are supposed to do for us, and in other circumstances routinely do. To avoid it one could for example use a card reader with USB connection, so you'd never have to type in more than your PIN to authenticate. Though perhaps cards as we know them today (with no builtin connection) might become obsolete first.
-
- Lemon Half
- Posts: 6120
- Joined: November 5th, 2016, 9:05 am
- Has thanked: 21 times
- Been thanked: 1427 times
Re: Nationwide to end login with memorable data
UncleEbenezer wrote:Though perhaps cards as we know them today (with no builtin connection) might become obsolete first.
Mobile phones can scan cards using the built in camera, so laptops and PCs with webcams presumably could as well. You can use your phone as a scanner to pay when remotely ordering in a Wetherspoons although keying in the card number is on balance easier and quicker.
-
- Lemon Half
- Posts: 7981
- Joined: November 4th, 2016, 11:24 am
- Has thanked: 7 times
- Been thanked: 3074 times
Re: Nationwide to end login with memorable data
UncleEbenezer wrote:It's a cryptographic challenge-response.
Run a transaction through it, and think about it as you go. The bank sends you a number (the challenge), which you type in to the card reader.
Mostly not. The readers have Identify , Respond and Sign buttons and for the most part you press Identify and stick in your PIN and it gives you a code which you then enter into the bank's website.
There is no "challenge" from the bank that you have to enter into the reader with the Identify button. I have two readers, Barclays & LLoyds (aside from the branding they are identical and interchangeable) and the Identify function is what both use for logging in, and what Lloyds at least uses for setting up new payees (my Barclays account is a legacy savings a/c with £0 in it that I haven't used in a many years and I can't remember if it's the same).
I think I have had to use Respond, which does require a challenge to be entered, but IIRC it was only once and I can't remember what it was for. I don't remember ever having to use Sign.
-
- Lemon Half
- Posts: 8016
- Joined: November 4th, 2016, 6:11 pm
- Has thanked: 999 times
- Been thanked: 3669 times
Re: Nationwide to end login with memorable data
Alaric wrote:UncleEbenezer wrote:Though perhaps cards as we know them today (with no builtin connection) might become obsolete first.
Mobile phones can scan cards using the built in camera, so laptops and PCs with webcams presumably could as well. You can use your phone as a scanner to pay when remotely ordering in a Wetherspoons although keying in the card number is on balance easier and quicker.
Scanning a card won't be as secure, as you're then not using the chip&pin.
Scott.
Return to “Bank Accounts Savings & ISAs”
Who is online
Users browsing this forum: No registered users and 5 guests