Finance Security

Online Banking Card Readers: How Do They Work and How Secure Are They?

Joel Lee 21-08-2015

What’s the one thing in common between online banking and tabbed browsing? As soon as you start using either, you immediately ask yourself, “How did I ever live without this?”


In this day and age, responsible personal finance Simply Frugal: How To Learn Personal Finance The Easy Way Do you fret over bills and debt on a regular basis? Do you feel lost when others speak using financial lingo? Here's the good news: it's never too late to learn about money. Read More almost necessitates the use of online banking. If you haven’t made the transition yet, just know that there are plenty of reasons why online banking is awesome 6 Common Sense Reasons Why You Should Bank Online If You Aren't Already [Opinion] How do you usually do your banking? Do you drive to your bank? Do you wait in long lines, just to deposit one check? Do you receive monthly paper statements? Do you file away those... Read More , including several convenience features The 7 Best Online Banking Features For Simplifying Your Life Does money management stress you out? What if you could effortlessly alleviate some of that stress for good? Online banking offers a lot of benefits that can help to simplify the headaches of money. Read More and highest interest rates on savings Save More Money by Using These 4 Online Banks Online banks frequently offer much better rates and perks than their brick-and-mortar counterparts. Here are four of the best options for American residents. Read More .

But is online banking safe? I suppose that’s the question on most people’s minds, and for the most part, yes — online banking is secure enough, especially with the advent of online banking card readers.

How These Card Readers Work

Online banking card readers have been around since the late 2000s and successfully offer an extra layer of security beyond traditional online authentication. These readers are most common in the UK, but have started being adopted elsewhere as well.

Typically, an online bank portal will ask for a username and a password. You can also set up a security image that’s associated with your account (to protect against phishing websites What Exactly Is Phishing & What Techniques Are Scammers Using? I’ve never been a fan of fishing, myself. This is mostly because of an early expedition where my cousin managed to catch two fish while I caught zip. Similar to real-life fishing, phishing scams aren’t... Read More ) and a security question (in case your password was compromised).

The problem is that all of these authentication methods are digital. They can be cracked, intercepted, or brute-forced over the Internet. Wouldn’t it be great if authentication also involved some measure of tangibility to truly confirm your identity?


That’s why some banks require a card reader for online banking. Here’s how they work:

  • Online banking website requests a unique code.
  • Insert your card into the reader.
  • Enter your account PIN into the reader.
  • The reader generates a unique one-time code.
  • Enter the code into the website. Done!

These card readers aren’t necessary all of the time, so they aren’t as inconveniencing as they might seem. Usually the reader is only required for the following:

  • Making payments to a receiver the first time,
  • Creating or modifying automatic bill payments,
  • Creating or modifying transfers of funds,
  • Modifying account security details, like PIN or password.

The downside is that these card readers are only compatible with a new kind of card called Europay/MasterCard/Visa cards, or EMV cards, which are colloquially known as smart cards or chip cards. Traditional cards don’t have the necessary technology to support the above-mentioned card readers.

And while it all sounds good in theory, it’s not a flawless system. (As an aside, security systems are never flawless.) As such, there are a few hiccups and vulnerabilities that you should be aware of to maximize your safety.


Potential Security Issues to Avoid

The first thing to know — and this might put you somewhat at ease — is that these card readers do not store any of your details on the device itself. Whenever you slip in your card or punch in your PIN, you can rest assured knowing that the reader isn’t holding onto any of that.

This is actually good news for those who are worried about portable online banking. Basically, by requiring a card reader for certain actions, you’re forced to carry that card reader around with you if you ever want to perform those actions while on-the-go.

Some card readers are universal, meaning they can read and generate codes for any EMV card (as long as the card is compatible with the reader’s online bank). So in that sense, you could use someone else’s card reader when necessary and their reader wouldn’t store anything about your account or card.



But here’s the risk: What happens if the card reader itself is counterfeit, modified, or infected by malware? In that case, you might find that your card info and PIN are recorded and intercepted by a third-party. (Of course, this is a potential problem for any kind of physical reader, as seen with ATM scam tactics How Scammers Can Use ATMs To Clean You Out That ATM in the wall of your local bank might look like an easy way to get some cash, but you need to make sure that the scammers didn't get there first. Read More .)

One particular way — but not the only way — that a card reader can be compromised is by way of a scam. If anyone asks you to “re-sync” your device, don’t do it. A reputable source, such as a bank, will never ask you to do that. If there are any problems, they’ll just issue you a new device.

All that being said, another big issue with these readers is that you may lose liability protection as a customer. There have been cases where fraud-by-card-reader ended up with the customer, not the fraudster, in trouble and on the hook for losses.

Card Readers: To Use or Not?

At the end of the day, the use of an online banking card reader is a trade-off. You sacrifice a bit of convenience (some features are limited if you don’t have the reader on you) for better security, but when that extra bit of security still isn’t perfect.


Some banks require that you use one of these readers, but not all do. If the risk of a card reader doesn’t agree with you, and the bank forces you to use one, you’ll just have to find another bank.

Then what are some alternatives to card readers for safer online banking?


Our most recommended security measure is to enable two-factor authentication. Most banks offer this now, and the concept is simple: instead of only relying on a password (first factor), they also send a confirmation code to your phone or email (second factor). It’s more convenient than a card reader but arguably just as secure.

If most of your online banking is done by smartphone, we also recommend checking out our tips for secure mobile banking 5 Vital Security Tips For Smarter Smartphone Banking As smartphones have become more capable, many people have begun to use them as a banking tool, and logging in to a bank account on-the-go is much easier and quicker via mobile data than any... Read More . You’d be surprise how easy it can be for someone to compromise your credentials by smartphone.

And lastly, it’s just a good idea to develop smarter security habits Change Your Bad Habits & Your Data Will Be More Secure Read More in general. For example, learn the warning signs of digital identity theft 6 Warning Signs Of Digital Identity Theft You Shouldn't Ignore Identity theft isn't too rare of an occurrence these days, yet we often fall into the trap of thinking that it'll always happen to "someone else". Don't ignore the warning signs. Read More so that you aren’t blind-sided by online fraudsters 3 Online Fraud Prevention Tips You Need To Know In 2014 Read More .

Have you ever used a card reader for online banking? What have your experiences been like? Would you recommend for it or against it? Share your thoughts with us in the comments below!

Image Credits: Credit card reader by Rihardzz via Shutterstock, Stack of Bank Cards by Alix Kreil via Shutterstock, Mobile Banking by Sedlacek via Shutterstock

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Michael
    April 23, 2020 at 2:30 pm

    Article title: "Online Banking Card Readers: How Do They Work...?"

    So it was quite disappointing to get to the end of the article and realise that it is NOT about how card readers work! How do they generate the code? How does my bank assess whether that code is correct or not?

  2. Anonymous
    May 25, 2018 at 4:18 pm

    This article doesn't explain how they work, like the title says. This explains how to use them.

    How does a card reader generate the one-time code? How does the website know that the code generated by the card reader is the correct code?

    You say card readers don't store card details or PIN numbers typed into them. How do you know? Who told you this and why should I trust that person?

  3. Anonymous
    August 25, 2015 at 5:27 pm

    "Credit card fraud fell by 32% once smart IC cards were introduced"
    Tell that to the remaining 68% that WERE victims of fraud. Don't you just love statistics. They can be used to support any position one wishes.

    "Anytime a human is involved in the transaction, it cannot be guaranteed secure."
    To err is human, to really f* things up takes a computer.

    • Thomas
      January 3, 2017 at 8:46 pm

      Your use of the statistic is completely wrong. For example, if before the smart IC cards were introduced, there was 100 incidents of fraud, then a 32% reduction means there are now only 68 incidents.

      You, for some unknown reason, decided to then say, 68% of people, obviously by taking 32% away from 100%, are victims of fraud. Which doesn't add up. As there are more than 100 people using banks. I think you should go back to school and learn the basics again, no wonder you can't grasp online banking.

  4. Anonymous
    August 22, 2015 at 1:34 am


    Agree that online banking has its risks. But so does the old-fashioned way of "in person transactions" and reliance on monthly statements by mail.

    Even if you wish to continue with "in person" transactions -- you really should set up online banking -- to automatically notify you of any check, ATM or credit card transactions -- by email or by text. This is far superior to waiting for your monthly paper statements to find out if something has gone wrong.

    • Anonymous
      August 23, 2015 at 10:22 pm

      "Agree that online banking has its risks. But so does the old-fashioned way of “in person transactions” and reliance on monthly statements by mail."
      Are the risks of equal magnitude? Remember the old saying "To err is human, to really f* things up takes a computer."

      Identity theft did not blossom until all this online activity became the rage, online shopping, online banking, online bill paying, etc. Before databases were accessible "online", one never heard of 100's of millions of credit card records being stolen.

      So if you wish to expose yourself and your data online, feel free. I will bank the old fashioned way until all the banks close their physical branches.

  5. Anonymous
    August 21, 2015 at 8:40 pm

    " responsible personal finance almost necessitates the use of online banking"
    I would not use the words "responsible" and "online banking" in the same sentence. banking certainly is convenient but I would not call it responsible. As you pointed out, there are too many ways it can be compromised.

    Smart card readers may not retain any personal information but the chip on a Smart Cards may be scanned without your knowledge while in your pocket.

    "Our most recommended security measure is to enable two-factor authentication"
    For the most secure banking, I conduct all my transactions in person. Any time WiFi is involved at any point in the transaction, that transaction cannot be guaranteed to be secure.

    • James Bruce
      August 25, 2015 at 4:54 pm

      Credit card fraud fell by 32% once smart IC cards were introduced in the UK and magnetic stripe nonsense was phased out. So whatever you have against the technology, it is safer than what you have now – fact. Unless you're running around carrying cash, which is obviously ridiculous.

      Anytime a human is involved in the transaction, it cannot be guaranteed secure.