We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Do we need chip-and-pin for online banking?

Barclay's today announced that it's to send out handheld chip-and-pin devices to some of its online bank account holders. At first glance this 100 percent a good thing, but I'm sceptical. And I'll tell you for why.

The PINsentry chip-and-pin handhelds will provide an extra layer of security. When you log in to your account, you'll pop your bank card into the little device and then get a unique code which you input - along with your other details - to your online account login.

It's certainly a better defence against spyware and keyloggers than the current practice of inputting codes and keywords. Even with the proviso that each time I log in I have to put in three-or-four different numbers from my memorable sequence of numbers, it never feels entirely secure.

And people are a danger to themselves. (Genuine quote from a (tech-savvy) friend: 'It really annoys me that I have to put in three different numbers every time. Why can't it be the same ones?' Well, er, think about how much it annoys the guy in the stripey shirt and the face mask who's looking over your shoulder.)

Still, so much of the genius of internet banking is the fact that - as long as you are careful - you can access your accounts any time, any place. And I really don't want to have to carry a bulky 'handheld' device and my debit card to do so.

Plus, what happens when the chip-and-pin device gets stolen (as it will)? A PR person for the - very pro-chip-and-pin - security company Trend Micro told me that this wouldn't matter, because the thief would need the PIN and the card to use it. But cards and PINs get stolen all the time.

If my card gets nicked today (that's jinxed it), I can still use my online account to move funds to the relative safety of the joint account (where Mrs Matt can safely spend my hard-earned, well, earned cash on cushions, tiny ornaments and DIY, rather than the hard drugs and porno the thieves would, er, waste it on). Under the same situation with chip-and-pin, a thief would have access to my online account as well.

Barnaby Davis, Barclays' director for electronic banking, said: "Barclays is constantly working to help protect customers and their money and that is why we have invested in this system." Which is fair comment. But the bank's motivation is slightly more opaque than that.

In welcoming the move to online chip-and-pin, for instance, Raimund Genes of Trend Micro said: "The banking industry cannot afford the losses anymore." Which may be closer to the truth.

Technologies such as PINsentry further place the burden of banking security on the consumer. There's absolutely nothing wrong with expecting online bankers to look after their codes and passwords, and to generally behave like sentient human beings. But the responsibility for securing their investment needs to fall squarely on the establishment that, after all, makes all the massive profits (and then spends them on terrible adverts. Howard from the Halifax adverts - you are on my list).

When banks protected coins in vaults, no-one blamed the humble customer if thieves blew off the doors. And while we should all welcome technology that makes banking safer - and we should absolutely all take sensible precautions - I pay my bank to look after my (tiny amount of) money. And I expect it to do so.

IDG UK Sites

8 cheapest 4G smartphones in the UK 2014: Best budget 4G phones

IDG UK Sites

Apple MacBook Air lab tests and benchmarks: 11-inch & 13-inch, 256GB, 2014 Mac laptops tested

IDG UK Sites

How to prank people using Google Glass

IDG UK Sites

Brian Cox to step into will.i.am's shoes with IBC keynote