What’s the one thing in common between online banking and tabbed browsing? As soon as you start using either, you immediately ask yourself, “How did I ever live without this?”
In this day and age, responsible personal finance almost necessitates the use of online banking. If you haven’t made the transition yet, just know that there are plenty of reasons why online banking is awesome, including several convenience features and highest interest rates on savings.
But is online banking safe? I suppose that’s the question on most people’s minds, and for the most part, yes — online banking is secure enough, especially with the advent of online banking card readers.
How These Card Readers Work
Online banking card readers have been around since the late 2000s and successfully offer an extra layer of security beyond traditional online authentication. These readers are most common in the UK, but have started being adopted elsewhere as well.
Typically, an online bank portal will ask for a username and a password. You can also set up a security image that’s associated with your account (to protect against phishing websites) and a security question (in case your password was compromised).
The problem is that all of these authentication methods are digital. They can be cracked, intercepted, or brute-forced over the Internet. Wouldn’t it be great if authentication also involved some measure of tangibility to truly confirm your identity?
That’s why some banks require a card reader for online banking. Here’s how they work:
- Online banking website requests a unique code.
- Insert your card into the reader.
- Enter your account PIN into the reader.
- The reader generates a unique one-time code.
- Enter the code into the website. Done!
These card readers aren’t necessary all of the time, so they aren’t as inconveniencing as they might seem. Usually the reader is only required for the following:
- Making payments to a receiver the first time,
- Creating or modifying automatic bill payments,
- Creating or modifying transfers of funds,
- Modifying account security details, like PIN or password.
The downside is that these card readers are only compatible with a new kind of card called Europay/MasterCard/Visa cards, or EMV cards, which are colloquially known as smart cards or chip cards. Traditional cards don’t have the necessary technology to support the above-mentioned card readers.
And while it all sounds good in theory, it’s not a flawless system. (As an aside, security systems are never flawless.) As such, there are a few hiccups and vulnerabilities that you should be aware of to maximize your safety.
Potential Security Issues to Avoid
The first thing to know — and this might put you somewhat at ease — is that these card readers do not store any of your details on the device itself. Whenever you slip in your card or punch in your PIN, you can rest assured knowing that the reader isn’t holding onto any of that.
This is actually good news for those who are worried about portable online banking. Basically, by requiring a card reader for certain actions, you’re forced to carry that card reader around with you if you ever want to perform those actions while on-the-go.
Some card readers are universal, meaning they can read and generate codes for any EMV card (as long as the card is compatible with the reader’s online bank). So in that sense, you could use someone else’s card reader when necessary and their reader wouldn’t store anything about your account or card.
But here’s the risk: What happens if the card reader itself is counterfeit, modified, or infected by malware? In that case, you might find that your card info and PIN are recorded and intercepted by a third-party. (Of course, this is a potential problem for any kind of physical reader, as seen with ATM scam tactics.)
One particular way — but not the only way — that a card reader can be compromised is by way of a scam. If anyone asks you to “re-sync” your device, don’t do it. A reputable source, such as a bank, will never ask you to do that. If there are any problems, they’ll just issue you a new device.
All that being said, another big issue with these readers is that you may lose liability protection as a customer. There have been cases where fraud-by-card-reader ended up with the customer, not the fraudster, in trouble and on the hook for losses.
Card Readers: To Use or Not?
At the end of the day, the use of an online banking card reader is a trade-off. You sacrifice a bit of convenience (some features are limited if you don’t have the reader on you) for better security, but when that extra bit of security still isn’t perfect.
Some banks require that you use one of these readers, but not all do. If the risk of a card reader doesn’t agree with you, and the bank forces you to use one, you’ll just have to find another bank.
Then what are some alternatives to card readers for safer online banking?
Our most recommended security measure is to enable two-factor authentication. Most banks offer this now, and the concept is simple: instead of only relying on a password (first factor), they also send a confirmation code to your phone or email (second factor). It’s more convenient than a card reader but arguably just as secure.
If most of your online banking is done by smartphone, we also recommend checking out our tips for secure mobile banking. You’d be surprise how easy it can be for someone to compromise your credentials by smartphone.
Have you ever used a card reader for online banking? What have your experiences been like? Would you recommend for it or against it? Share your thoughts with us in the comments below!