http://www.lloydstsb.com/banksecurehelp/banksecurehelp.asp

They billed it as a limited trial; I got one, my wife didn't, and she still
has to use her "memorable phrase" (which is so obvious to anyone who knows
her closely that it's a waste of time :( ).

Interesting, though, I would have thought they would have completed the
trial by now!

New customers only or opt in? I recently opened a new business account
with HSBC and was given the option of this 6 digit keyfob device.

What I want to know is can I use this "HSBC" keyfob with another bank
should they decide to use them or do I *have* to use their supplied fob? I
don't mind carrying *a* fob but I don't want to carry any more plus a
couple of card reading things...

From reading Xiring's blurb it appears it works something like this:

- bank website produces a challenge (this could be an encrypted version of
some or all aspects of the transaction, such as the amount)

- you enter this challenge on the reader (if this was an encrypted version
of the transaction, it uses a key on the card's chip to decrypt and show
you the details of what you're signing)

- the chip on your card encrypts the challenge to produce a response. The
bank/card issuer knows the key on your card's chip, so knows what the
correct response should be.

- you enter the response in your browser and submit it, upon which it is
validated and the transaction is accepted or denied appropriately.

Best Regards,
Alex.

I've seen it stated (I forget where) that the reader is a generic device.
You will certainly be able to use the same reader with different cards from
the same bank, and probably with cards from other banks.
No, absolutely not. The reader is just an interface, the number that is
generated for you to use to authorize a payment (etc) comes *from* the
card, and will be generated by some secure cryptographic process inside the
card.
You would never be asked to provide your PIN itself online -- there's far
too much chance of a keylogger or other malware snooping the value. The PIN
will be verified by the card but will not itself play any part in the
calculation of the dynamic password value. The fact that the cardreader
device is not connected to the PC in any way ensured that the reader can't
be infected, coerced or suborned in any way, so your PIN stays safe.

Note, too, that one could use the same reader with telephone banking: the
banking system could (digitally) 'speak' a number which you would enter
into the reader to generate a response, and the response could be entered
on the keypad of a tone-dialing phone and verified automatically by the
system (I don't know whether the banks propose to do this, but the idea
will not have escaped them).
Unfortunately there are a very large number of ATMs and POS terminals
around the world that can't cope with anything longer (at least: not
without a ROM upgrade, which would be difficult to perform on a secure
tamper-resistent box).

Cheers,
Daniel.

I tend to agree.

The biggest problem is that the customer is responsible for keeping his own
PIN secret, but has no say in the sorts of precautions that are available
for safeguarding that secret. Point-of-sale terminals with hard-to-conceal
keypads in plain view (sometimes right under security cameras) don't help
at all!

It would be nice if the card issuers could require the retailers to provide
a more easily securable environment for PIN-entry.
Yes (I made that point) ... but ONLY if the perpetrator knows the PIN.
To all practical intents and purposes the chip in a card cannot be cloned,
so Chip & PIN is actually quite secure against this sort of attack. The
problem lies in the fact that most ATMs read the magstripe and not the
chip, and magstripes are easy to copy. Unfortunately, there are still huge
numbers of ATMs (in particular) and POS terminals that can't read the chip,
so we're stuck with the copyable, insecure, magstripe for a long time to
come.

However, this is not a shortcoming of C&P, ATMs had been reading magstripe
cards, accepting PINs, and handing out cash for a long time before C&P came
in.
There would be no liability "issue" if people managed to keep their PIN
secret.

You're talking about thumbprint biometrics ... that's not a complete
solution but it certainly has different problems. The biggest problem with
any biometric method is that it is imprecise; it's very difficult for a
human expert to look at two thumbprints and say that they definitely belong
to the same individual and much harder to teach a computer to compare the
digitized "edited highlights" of the same two prints and make the same
comparison.

Biometrics specialist talk about comparing the "insult rate" with the
"fraud rate" of any technique -- that is: comparing the proportion of
people who will be offended by being told incorrectly that they are
imposters with the proportion of people who will be mistakenly recognized
as someone that they are not. A lot of work goes into fine-tuning the
matching process to give an acceptable balance between the insults and the
frauds.

In order for any biometric technique to be acceptable at the point of sale
the "insult rate" must be essentially zero because neither customers nor
retailers will accept a mechanism that only accepts payment most of the
time.

The problem with thumbprints is that in order to get the insult rate low
enough to be acceptable the fraud rate has to be allowed to be quite high.
It would also be quite easy for a fraud to smudge his thumbprint enough
that the reader could not make a reliable authentication, and the retailer
would then be in the position of having to refuse the transaction or of
making the transaction with a paper voucher ... eliminating the security
that might have been achieved by the use of the thumbprint.

There have also been a number of quite well-documented studies in which
thumbprint readers have been fooled by false thumbprints (from simple
photographs of the thumbprint of the legitimate cardholder to gelatin films
bearing an impression of the cardholder's thumbprint being worn over the
fraud's thumb).

There is also considerable resistance to any method that uses fingerprints
because people associate the process of fingerprinting with criminal
investigation and feel that giving a fingerprint -- even for the purposes
of protecting access to their own money -- in some way demeans them. Such
resistance may be irrational, but it makes it hard for the banks to sell
thumbprinting to their customers.

Much better success rates can be achieved by biometrics based on the
recognition of patterns in the iris of the eye, and although some early
iris recognition devices could be fooled using photographs modern devices
are more reliable. I think iris recognition as a means of establishing
identity at point of sale is more likely to be workable than thumbprint
checking, but I don't think we'll see either for the next five years or
more.

Cheers,
Daniel.

They don't do "blanket insistence" though, if you write the pin on the
card then you'll get taken out and shot, but this 100% customer is to
blame attitude that you seem to insist the banks have is just is a
figment of your imagination.

Yup. That's the point I was making (somewhere elsethread).

The problem, really, is that Sainsburys are free to buy whatever POS kit they
like the look of/matches their in-stroe colour scheme/they get the best
discount on and there is only token requirement for approval by the banks. If
the banks were to get together and design a spy-proof PIN pad and mandate it
for all POS applications a better level of security could be achieved .... and
all the shops would be up in arms because the kit would cost them five times
as much.
It's said that with practice a criminal can learn to read the PIN you're
entering just by watching the movement of your wrist -- he doesn't need to be
able to see you fingers or the keys.
IME the banks are quite pragmatic about that. They reserve the *right* to make
the customer liable for fraud that occurs because of PIN misuse, but they only
do so if they feel they have reason to suspect that the PIN was able to be
misused because of extreme carelessness or complicity on the customer's part.
That's still a problem, of course, because they won't always be right ... but
it's better than it might be.

Cheers,
Daniel.

They are designed to be removable, and are on a long flexible cable, Sainburys
certainly are. Take it out of the holder and use it so you can shield your
number and are comfortable.

Phil