Has Barclays stamped out fraud with PINsentry?

Barclays claims to have reduced online fraud to zero among users of its two-factor authentication system, PINsentry.

The UK's third-largest bank said this week that it has distributed the card reader, made by Amsterdam-based Gemalto, to more than one million customers, and that none have been hit by fraud.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

Take-up of the devices has been higher than expected, exceeding 30 per cent of the online user base, Barclays said.

The bank chose PINsentry because of its similarity to chip and PIN, rolled out in 2006 across UK retailers.

Barclays began distributing the authentication devices in the second half of last year, initially sending out 500,000 units, becoming the first UK bank to distribute end-user chip and PIN terminals. Any user wishing to set up an online transfer to a new third-party account, other than a standard supplier such as a utility company, is required to use the system.

Barnaby Davis, director of electronic banking at Barclays, said last year that the arrangement was intended to limit the damage that could be caused by someone using stolen bank details. Barclays digital banking director Sean Gilchrist said the system was designed to be easy to use and highly secure. "Adoption of the PINsentry reader by one million cardholders in one year is a clear demonstration that we made the right choice," he stated.

Not everyone agrees that PINsentry is as secure as Barclays claims. The devices are still vulnerable to sophisticated man-in-the-middle attacks, said Sophos senior technology consultant Graham Cluley at the time of the rollout. "These chip and PIN devices do not prevent all identity theft - hackers can still steal screenshots of what you are doing on your PC, and find out information about you and your account which could potentially be used for fraudulent purposes," he said.

Some users have also complained about the necessity of carrying the device with them, leading one user to hack PINsentry to send new access codes to his mobile phone via SMS.

Earlier this month Barclays offered all its online customers free Kaspersky security software, including parental controls as well as protection from spam, adware, spyware and viruses.

Original article: Barclays claims card-reader has eliminated fraud from ZDNet UK