Barclays PinSentry
I and 500,000 other Barclays customers have been sent the new device that aims to stop online banking fraud. The device named “PinSentry” I supposed to allow me to: “Use their online bank account to set up payments to new third party accounts will begin using PINsentry devices. The devices will be used together with the customer’s normal debit card and its PIN, to authenticate their identity at log in and for making certain payments. This will replace the need for passcodes and memorable words.”
What Barclays didn’t tell you is that it is as big as one of those scientific calculators, it requires you to have it whenever you log in and you physically need to put your card into into the device each time you want to log into your online banking. Quite plainly, it makes less sense than your nan trying to explain you what the TCP/IP stack is.
HSBC did it well with their keyring, it has one button and generates a keycode without the use of your card. With PinSentry, how you are meant to use your online bank account when you are on the move is beyond me, you are at work and you suddenly wop out a massive calculator just to authenticate your online session? I wouldn’t be surprised if people thought you were trying to clone a card you just found.
Luckily, Flipper over at Faulty Flipper has exactly the same sentiments and has attracted the interests of other like minded individuals. VW on the comments of Flipper’s blog has one way to get you out of using this awful system:
# VW Says:
September 27th, 2007 at 8:23 pmI have also recently received one of these inconvenient PINSentry devices, but have just now called Barclays and managed to get them to make the login portal NOT require me to use the PINSentry. I will have full functionality by logging in the old way, except I will need the PINSentry to pay a “non-standard†payee for the first time. I will not need the PINSentry to pay “standard†payees nor to pay non-standard payees who I have paid before.
Here is what you need to do to get them to make this change (note that only the Conventry Helpdesk team can do it):
1. Call the Online Banking Helpdesk on 0845 600 2323 or 02476 842063.
2. Press option 1 for the PINSentry Helpdesk. Then Hold.
3. When someone answers, ask whether you are speaking to the Conventry Helpdesk or the Mumbai Helpdesk. If you are speaking to neither, ask whether you can be transferred to the Conventry Online Banking Helpdesk to change your PINSentry online setup. They will probably say they are not able to transfer you to Conventry, in which case ask if you can be transferred to Mumbai please, then return to the beginning of this step. If you are speaking to the Mumbai Helpdesk, ask to be transferred to the Conventry Online Banking Helpdesk to change your PINSentry online setup. Don’t take no for an answer.
4. Once you are speaking to Conventry, explain that you have received the PINSentry device but don’t want to use it for online banking because you logon from many places including when on-the-move, and it is really impractical to lug the PINSentry around everywhere. They should tell you that they will alter your account so that you don’t need it to login or perform most actions, with the exception of setting up a new “non-standard†payee. They should do it on-the-spot. If you have any trouble, you could try asking for Sanj – she did it for me without fuss.
Note that even if you don’t do this, you will still be able to logon to online banking without your PINSentry, but you won’t be able to do anything except view your accounts – see http://www.barclays.co.uk/pinsentry/questions_noflash.html#q20
Source: VW on Faulty Flipper
Hacking of the device has already started, it’s not destructive….yet. Have a look: http://www.mrg9999.com/pub/psm/
Update – 20/12/07
I know this adds a little more wording to the mix but an Anonymous manager working at one of the Barclays call centres took the time to answer some of the questions raised on this article. He writes:
I am a manager at one of the Barclays call centres (but I’m not telling yuo which one for fear of reprisals from my boss!) and we are just has hacked off at this whole system as you, our customers are.
I would ask you to try and be as patient as you can be with the advisors you speak to on the phone. At the end of the day, they have had no say whatsoever in the implementation of this stupid service and there is nothing they can do to opt you out, cancel your accounts etc. What I would ask you to do however is log it as a formal complaint, and insist that it is a formal complaint.
If logged as a formal complaint it HAS to be escalated to Retail Banking Customer Relations and you must be given a complaint reference number and response (if if it is just to say the complaint is received) within 5 working days. You may not get the complaint resolved to your satisfaction (i.e. they aren’t going to be able to opt you out of PINSentry) but the more customers that do this, the more likely John Varley, Deanna Oppenheimer and all the other top level management are to sit up and take notice.
Plus each escalated complaint costs Barclays at least £40 in man hours, telephone calls, compensation etc so it’ll hit them where it hurts.
Just to clarify a few things mentioned in some of the other posts:
1. Card machines cost £6 each to get another one (this is the base cost and no profit is made from this)
2. ALL Barclays customers now have to pay for a second card machine (Premier included)
3. The policy (for the moment at least) is set in stone – there is no opt out. This has always been the case for Premier clients but since the 26/11/07 this has also been the case for Retail customers too.
4. We are dealing with incredible amounts of calls regarding PINSentry at our call centres, which is impacting a level of service we are able to give to non-PINSentry related calls so people are queueing longer and longer to get through. Because of the incompetence of the offshore operation we are then having to wait 20+ minutes in a queue to get through to Online Banking help desk to get a problem fixed which should only take a few seconds. If you think verifying yourselves as Barclays customers is hard with Mumbai, I’d welcome a job swap with you for a day to show you how hard it is to inform them that we are staff coming through on a customers behalf!
5. If you live abroad and you haven’t received your PINSentry machine yet, this is because we are unable to ship them abroad at this stage. What we are trying to do to get around this is ship them to a UK address (your mum’s, your best friend, whoever you as a customer trust) and then get them to FedEx it to whereever you are in the world. Barclays will then refund you the cost of the FedEx for you to pass on to whoever it is that has sent it abroad for you.
I hope this helps any of you! If you have any questions, please stick them on here and I will do my best to answer them ASAP.
Update: 11/01/08
The Register has covered the technical problems this device has caused. You can read the article by clicking here. To view other customers comments on this, click here.
There is also a Facebook Group for people who hate the device….click here to view.
Natwest Card Reader
Whilst we haven’t received any complaints about the Natwest card reader, I feel obligated to post this here too. At work we have been given a new reader to authenticate any transactions made from the business account. This works the exact same way as the Barclays PinSentry does and has caused just as much controversy.
Over on Jez McKean’s blog, he has a post similar to this one detailing the woes of using the Natwest card reader. Take a look.
Conclusion
Im not sure this is a long term solution but it could help for the short term. I have decided to add a petition to the bottom of this post, maybe if we can drum up enough support, we can get Barclays to drop the scheme. If you know of people who maybe interested, please send them the link!
Our Petition Is Now Closed!
We had received over 250 signatures against using the PinSentry system. The only reason it was closed was due to a fault caused by a site upgrade. If anyone has a good idea as to how we can use these signatures to impact the current banking system, please leave a comment.
Christ almighty. I finally got the pinsentry but the first time I used it it wouldn’t accept the first generated code. Now, predictably, I have lost it and, having just spoken to Barclays I’ve been told it will cost £6.00 to get another one. Oh! My wife has just texted me. It’s in her bag……..
I don’t know whether this has already been mentioned.
You do NOT have to have the PinSentry device and debit card with you when logging in. What you do need is the next 8 digit number. The numbers can be generated in advance and used in turn any time in the future.
If you know the account number and amount for any new payee you could also generate that in advance too.
The generated codes do not have a time limit.
I wrote (snail mail) a letter of complaint, and eventually got a letter back with the phone number of a real person. I spoke to her and she changed me over to the old system, but of course I need a new number so I have no internet banking until the new number arrives as the old code doesn’t work. I will have to set up new payees by phone or at a branch so it will be interesting to see how the branch network copes.
I also pointed out there is a distinct possibility and I know because I did it, of leaving a card in the machine, and forgetting about it. How handy when doing a transaction at work, or just before going to the shops!
This must have cost barclays a fortune, and I look forward to seeing Pinsentry machines on ebay.
Pinsentry is as embarrassing in name as it is in practice. It is the size of a s**t eighties calculator and over complicates the log in procedure. It is a short term, un-visionary and stupid solution. In a world where more visionary solutions are needed to technological problems and environmental concerns Barclays have proven itself to be mediocre, short sighted even indifferent to these global issues and their customers needs. The material waste involved in PInsentry devices and their packaging is hideous! Shame on you Barclays. What a dinosaur you are!
Just a note on your grammar. The very first word in your entry should be “I”, not “myself”. Otherwise it reads wrong, and you’re treating the subject of the sentence as an object.
@Starkey
Me fail English? That’s unpossible!
Thanks for the grammar update, I’m bad when it comes to reading back through what I write. I will update in due course.
I am in the US, I saw these in Ireland on a recent trip. In theory they seem to make sense. I don’t know why they don’t have them in the US. Once your credit card is out of your hand at a restaurant who knows what they are doing with it. Do the whole transaction at the table.
Good idea, but why cant all the banks at least standardise on the card reader used so that one card device will work for all banks. Im accumulating card readers per bank, its becoming a joke travelling! When I go to pay for an item in a shop I dont expect to see a row of chip and pin machines, one for each bank, so why cant banks issue devices that will work for any branded card. At least then I could travel with only one device, and be able to use other peoples devices when staying at relatives, friends, hotels anywhere!
WAYS to AVOID CARRYING PINSENTRY:
The codes the pinsentry generates are sequential.
If you generate a whole bunch of numbers (by inserteing the card and identifying)
you write down these numbers and you enter those number one after the other.
This will avoid the need to carry around the pinsentry device. all you need to carry around is the codes (Like in the movie airforce 1).
NB: Remember the codes are sequential, so if you generate a new code and use it to logon, all older codes are invalidated ENJOY
Bloody whingers. It’s just a small device. Most people are more than happy to cart round an mp3 player, mobile phone and other stuff, and these days most people carry a bag. What’ the big deal?
Why does everybody liken it to a scientific calculator, when it looks more like a 7-year-old’s ‘my first pocket calculator’?
You know, if it even WAS a calculator, it would have at least had some use.
Hahaha this thing is cracking me up. What in the heck were they thinking. I think they could have come up with a better design and maybe a better method on not released it at all. One more thing. Whats to say that the software for generating the code will not be cracked soon and you can install a software number generator and the use for the “calculator” will be eliminated anyway. Just a thought.
Maria Terrys last blog post..Cheap Wheelchairs Online
What a pile of crap, used for the first time yesterday, it worked ok.
Later that day went out to get petrol, filled up and realised i’ve left my debit card in the pin machine at home. Doh
Not happy at all.
Time to change banks.
Always found Barclays online banking the worst and most user unfriendly of the three I use.
I don’t want to have to remember to have my pinsentry machine with me whenever I am at the office or go away for a few days.
Ease of use of online banking is the single most important thing to me, so my account is being closed.
I receieved PINsentry today…Once I’ce got my new card I’ll give it a test a report back!
Andrew Kendall: you have missed the point a little. People enjoy carrying things around that enhance their lives.
Sure, it’s possible to continue online banking if you carry one of these around, however in reality sometimes it makes things more awkward. Imagine if you had to carry one device around for EVERY secure logon website you ever visit. Every shop that stores your credit card details (eg. Amazon), every website that requires secure logon to ensure people can’t intercept your password and damage your personal identity (eg. webmail)…
a. Simply read the comments here to discover why people find it does the opposite to ‘enhancing their lives’
b. It has been noted by a number of experts on security engineering that this device doesn’t actually improve security, and in some security compromise scenarios the system can actually decrease overall security. One argument that really can’t be ignored is that it improves a street-mugger’s chance of getting your PIN from you after he has stolen your card. He points a knife at your head whilst he checks the PIN you told him was correct, which he can do by using his own PINSentry on the spot in a darkened street. Before, he had to believe you when you told him your PIN, or take you at knife-point to the nearest cashpoint to check (nobody would do such a thing, as most cashpoints now have security cameras).
GRRR, it really winds me up when people don’t think these things through.
I was not a Premier Customer!! I suggested that if they did not revert me that they would be one Premier Customer less – but they were not having it.I believe there was a security breach with online banking. Pinsentry does seem like a PITA.I advised to go to the ATM to unlock my password and the ATM did not let me do this. I then say to go to the branch and the manager spent an hour on the phone with the online helpdesk trying to solve the problem.PINsentry into any web-site other than Barclays on-line banking is must.
http://www.wheel-chair-lifts.com/
I would like to say about- The codes the pinsentry generates are sequential. inserteing the card and identifying – If you generate a whole bunch of numbers. you write down these numbers and you enter those number one after the other.
This will avoid the need to carry around the pinsentry device. all you need to carry around is the codes.
so what are you waiting for…….!
What a fantastic site! I’m glad there are so many people out there who also think the PINsentry idea is the biggest load of shit ever to grace the minds and hands of the people of this world. What moron came up with this idea? I would love to meet the person who has the patent for the PINsentry idea and see how proud they are now of their ingenious notion?!
On a more serious note, I’ve often thought that the device is impractical due to it’s sheer size and my poor memory, but what happens when it runs out of battery power? Am I going to have to wait at least 20 minutes on the phone to then be rewarded with a call centre operative, who lives and works at least 2000 miles from myself, and then informs me that I will have to pay for the privelidge of a replacement? Who knows?
I’m definately gonna try Ladies Briefcase’s tip tho then hopefully I will never have to use the stupid thing ever again.
Happy tapping!
They should have an option for you ‘computer-savy’ users to opt out of Pin Sentry in exchange for being personally responsible for any money lost due to fraud on your account.
You would be surprised to learn the reduction in fraud due soley to the introduction of this device.
Smaller keyfob devices (with slider keypads) are on their way (not free though!) as is an application to generate the keys for symbian and windows mobile devices (phones and pda’s), this is a standard that has been introduced by Visa, Mastercard and Maestro so you can expect to see it on all of your accounts soon. The introduction of these devices has been a part of the newer faster payments system which APAC has been introducing.
There is an awful lot of misinformed people posting on here. I work for Barclays and through some enquiries and reading of the official literature I know all the facts.
PINsentry has literally cut online fraud at Barclays by 100%. And all those people saying “I’m too smart to be a victim” clearly are delusional. There’s a little thing called a trojan virus. Now this trojan virus comes in many different forms and most of them install something called a keylogger on your system. With the old system you would use a static password which would be picked up by the keylogger and allow the fraudster to access your account.
PINsentry stops this with the use of a single use access code.
I’ve also read comments about people not being able to log on due to having 2 CIS records, or customer records. This is not the fault of PINsentry but branch staff who incorrectly set up customer accounts. And yes 2 CIS records would cause some of the accounts to drop off telephone banking services also, as each CIS is treated as an individual person so the system thinks you are 2 separate people.
Premier customers cannot be reversed from PINsentry. This, it seems, is something that has been coded into the system so it’s Premier Banking management you need to complain to about this one.
And contrary to what branch staff seem to have been telling customers for years – it is not ok for husband & wife or business partners to share log on details. It’s always been part of the T&C’s that each person use their own log on.
Please stop blaming the folk in the contact centres – be it Mumbai or elsewhere – for any problems as most of them are likely not their fault. I have found them to be very helpful for the most part and in the few instances they could not do what I’d asked of them they at least explained why.
Forgot to mention in my last post – we had some of the guys from Online come to our centre recently and they told us that they are working on new smaller devices for PINsentry. It seems the current ones are as big as they are to ensure DDA compliance.
@Barclays Employee
Thank you for taking the time to post in the comments here. From my point of view it isn’t that I mind verifying my identity, it’s the sheer size and awkwardness of the device when before I was able to verify with special usernames and passwords. I have an HSBC Business account and their fob device is marvellous compared to the PinSentry.
I hate the pin sentry mahcine, i travel a lot and hate that i have to use it. My wife likes to use my access as she can check my business accounts for me, accounts she does not have signature to but occassionarlly checks for me as does my secreatary, these are people who not have permission to sign but I like to have permission to look at my account under my trust i do not want to the the bank whom i trust that is up to me. the banks are increasingly taking over the we we act. I hate the chip anjd pin and infact i regularly hit it (see goggle ) and delete the pin forcing people to ask me to sign, its amusing and what a joke. When will they realise these systems make our life harder and quite frankly they are making it more difficult for normal people than for th
e fraudsters. I work in the industry and they are not reducing crime, it just getting more sofisicated and the numbers are bigger, the problem now if the detection is harder.
I’m in Northern Ireland, and the only Barclays nearby is in Belfast city centre. I don’t drive, so I have to take half a day off work just to go to the goddamn bank, which is why I signed up for the so-called “convenience” of online banking in the first place. Then once I actually WANT to use the service? No dice! I need a magical card reader.
All I wanted to do was make a single payment to a friend’s bank account, but I guess that plan has been foiled so I’ll just have to send a cheque through the post.
Wow. Cheques are now quicker than online banking! It’s such a step toward the future, isn’t it?
I’ve been using the pin sentry reader ever since I recieved it. It does suit my purposes quite well. I only use online banking on the odd occasion.
Only today i noticed that something went wrong with the barclays website for a some time. It was offering me only the old login. I have no clue what my 5 digit code is now. Haven’t used it for almost a year.
However I do not see how it enhances security in any way. All someone would need to do is follow you arround while your shopping. See you enter your pin.
Then follow you arround until you leave your bag ungarded for a second and bam. They have your card, pinsentry and probably your Online banking membership numer.
I keep mine in my wallet. I’m sure most people do. Its impossible to remember.
In fact they dont even need your pinsentry as they are all the same.
pinsentry is such an inconvenience that i’ve had to change banks in order to carry out online banking with some amount of sanity, not only do you need the enormous gadget to set up a new payments, you also need it to login which is a comeplete and utter farce.
I’ve just had a nightmare with this single peice of usless crap i’ve ever seen in my life!!!
I would rather cut off my left nut than use this pinsentry device and after making a complaint, the mumbai lot said I’d get a call back in 24 hours…..after no calls for 5 days i’ve just had a letter saying they will call me before the 28th Nov….I’m moving my money to under my mattress lets be honest its safer there and if I need to use it I’ll go home and get it……similar to if I want to use my online banking when I’m out without a 70′s calculator with me
I don't mind using the card reader, except sometimes when I enter my details and the generated number, it still fails login relatively frequently. I can't actually login at all at the moment.
Also my surname has a hyphen in it – when it was still possible to login to the service without the card reader I tried this however and it wouldn't work. Cust support informed me that my “surname was in the wrong format” and that there wasn't anything they could do about it.
Extra security is good, but when it hinders people from accessing their own money then it's clear that the system still needs improvement.
This is a complete joke.
http://www.nominet.org.uk/about/bestpracticecha...
pinsentry has reduced online banking fraud by about 95% for the Barclays network, it has won countless awards and means you have less codes to remember.
im for it, sure it makes it harder for me to login but it makes it harder for the fraudsters too.
i give it my full support. all the other banks will catch up soon.
i only wish it was a calculator too, that would be so much more pratical!
I have pin the pin sentry machine I also have 4 other accounts. So I have quite a few passwords to remember. i have never had a problem with the pin sentry machine and have always found it work fine. On the other hand barclays phone banking can be very hit and miss
am i right in saying that if a pinsentry owner has their house burgled and have their cards and pinsentry device stolen then the thieves have instant access to online banking ?
@Stuart Hallam
No, because they shouldnt know your pin. Your pin is needed to access online banking.
I have been sent a pinsentry & armed with my list of numbers & passcodes & several attempts as one of the pin numbers was illegible on the rub off strip. i eventually typed all the info in, only to be told Ive been locked from using internet banking & now I have to ring the helpdesk. Do I have 3hrs to try this? No…. Im going to bin it. Its much easier to drive down to town, park the car, walk up the high st & wait for a real person at least to give me the info I require. Or better still! Change Banks! :0)
Yes I think I`ll do that…..
I have been sent a pinsentry & armed with my list of numbers & passcodes & several attempts as one of the pin numbers was illegible on the rub off strip. i eventually typed all the info in, only to be told Ive been locked from using internet banking & now I have to ring the helpdesk. Do I have 3hrs to try this? No…. Im going to bin it. Its much easier to drive down to town, park the car, walk up the high st & wait for a real person at least to give me the info I require. Or better still! Change Banks! :0)
Yes I think I`ll do that…..
The device isnt as big as this idiot makes out its only palm sized, wouldnt be that difficult to take with you, as for how it works i havent had any problems yet.
As a customer who has had fraudulent transactions made on my bank account a few times, I welcome the PINsentry reader! I would also welcome the planned introduction of the PINsentry reader to authorise internet purchases, the simple fact of the matter is that you cannot trust anyone that you give your card details to, especially as they also require the cvv number on the back. This gives fraudsters all the information they need to make transactions. Also as you may have seen reported undercover by the media, our card details are sold by frausters working in these Indian call centres, and now Barclays has shipped their call centre over there!! FAB!!! I am assuming that the people complaining about the card reader have never had money stolen from their bank accounts, and had to go through the long drawn out process of trying to get it back??? It is no joke!! Yes the card reader may be a little on the large side, but I would rather carry that around with me, and make sure that my money was safe!
What can one do? Formal complaint – yes, yes, yes. Find another bank – does anybody know one that has a simple online system like the old Barclays system that works? Santander, which once used to be Abbey – dear dead days beyond recall – has also changed its system to work with a mobile phone and SMS. I don't have one and I don't want one. What do I do about that? Between Barclays and Santander I've been all day trying to send an important payment (I'm abroad, so nobody sent me a card reader anyway) – and – zilch. I had to phone up my son 1000 miles away and send him down to pay out of his account at his local Barclays. That's the 21st century for you – regression in practically every way – especially including bankers, their technology and their despicable attitudes to customer service. (Notice the smugness of the banker apologist in this correspondence below.)
got mine today, it works, it's not a problem, yes, it takes longer, but so what, you lot would find anything to bitch about.
Here is another good 'Moan at Barclays!'