Improving Banking Security
There is an article about the security level of chip and pin on the BBC’s web site. It got me thinking.
I am careful with my bank debit and credit cards and feel that with on-line banking, not enough is done to create a more flexible and much more secure system, by using the power of the servers to make things difficult for a criminal.
Logging In
I always log in from memory, rather than use the little machine that my bank gave me. As the customer number and passwords are not written down anywhere, even with the card and the machine, it would be difficult to log in to my account, unless they had co-operation from someone inside the bank.
There is a big flaw in the bank’s security, in the fact that all the machines are identical, which means criminals only have to get one to use this method of logging in, if they have a stolen debit card and the customer number. I needed a new one and just went into a branch and asked for one. They didn’t ask me any questions, before I got a new one.
I very much like the login system used by Zopa. It is very secure and very simple, and I would suspect most people would not need to write anything down to login first time. Something, you can’t say about many systems I’ve seen.
Restricting Cash Withdrawals
I have never understood why thee is nowhere in your on-line banking account, where you can set parameters about how and where you can draw money out through cash machines.
In a simple case, you might impose limits on the amount of money that could be withdrawn at any one time, or say in a week or month.
I would impose a limit of up to a hundred at any one time. If I needed more, I could always change the limit. You wouldn’t want to make it too complicated, as it would start to get onerous.
Better Bank Statements
When I look at my bank statement on-line, the cash withdrawals, just say how much I’ve withdrawn and the name of the bank. Some of the direct debits are well documented either.
it would be very easy to say give every cash point machine a unique reference, so when you checked the statement, you would quickly notice a transaction that was perhaps done with a cloned card.
The more information you gave customers, the more likely they would be to spot something that wasn’t correct.
An Emergency Pin Number
You hear stories about criminals threatening cash point users and getting them to draw money out. So why not have an emergency pin number, that smallows the card, perhaps gives out a few pounds and then says something like.
This machine as run out of money, please try another machine.
Whatever the system did would have to be carefully thought out, to avoid the criminal taking it out on the victim.
SMS Confirmation Of Bigger Transactions
I’ve never understood, why this couldn’t be done, as any message relating to a purchase you hadn’t made, would give you warning.
I’ve always felt that this would be very effective, even if only a few cards were setup this way. But would criminals take the chance of using a card that was, when it might start an immediate chase.
In some ways, what seems to be sad is that all on-line banking is so similar, when there are so many things that can be done to make the system much more secure for both the bank and its customers.
Banks are just so conservative and don’t innovate. Which is why they’re going to fail even more.
The Anonymous Widower 
[…] have said before in this post, that I wish my bank statement gave me more information about my withdrawals, with perhaps the […]
Pingback by Theft At Cash Machines On The Rise « The Anonymous Widower | June 6, 2013 |