Quote:
Originally Posted by Draby
Regarding Phorm as a "man in the middle" and able to see even https sites if they choose to.
Today I received in the post from Nationwide (whom I bank with), a battery powered card reader, that's not connected to my pc in anyway.
What happens is, I log in as usual to their secure site, select the third party I want to send a payment to, Nationwide then asks me to insert my debit card into the reader, which asks for the "atm" pin, then asks for the ref. no.that Nationwide gives me, plus the amount to pay.
Still with me? The reader gives me an eight digit number to enter on the website, and after confirming, the payment goes through.
So... it seems that Nationwide no longer, implicitly trusts https and ssl encryption, and has inserted an extra layer. I wonder if Phorm are the trigger for this, or just the (what seems to be), trend towards profiling of users via traffic interception. Does anyone know of other banks making similar moves?
Richard
|
Hi Richard,
Barclays have a similar scheme which they call PINSentry, you insert your card into the calculator like device and it gives you an 8 digit number to enter when logging into the online banking section, or if you're making a payment to someone new. I'm sure it's a similar thing to the nationwide one.
The PINSentry info is here
http://www.barclays.co.uk/pinsentry/
I read somewhere that HSBC have plans for something similar too