One-Time Pad Irritation

NatWest have recently introduced a one-time pad device on their on-line banking system, which I’ve just got my hands on. As someone who travels a lot, it’s going to be an inconvenience to carry around, so I phoned up NatWest to see if I could have it disabled. The chap I spoke to implied it was being introduced by all UK banks in one form or another and wasn’t going to be optional. Does anyone know if this is true? I wonder if they have really thought through the implications for their customers. Online banking is often of the most use when you are away from home, and carrying a physical device seems like a very stone-age method of providing security. Why can’t I choose not to have it?


I have the same device from Natwest for several months, and I was similarly concerned regarding travelling. However, having read the documentation, it appears that it is only necessary when creating a new third-party payment order. This makes sense as it's the main way anyone hacking into your account could transfer the money out, and also means that it's a lot less necessary when I'm travelling (as I rarely need to add a new payee when I'm out of the country)
Surely the "verified by visa" (if you are referring to the password for online shopping with a visa card) can only add to security. Of course the downside with most extra security measures, is that if someone figures them out then it becomes much harder to prove it was fraud and not you
Well, going on past security enhancements like 'Verified by VISA' I'd guess the likelihood of it being a gimmick was high!
`unless it’s just a gimick that doesn’t actually enhance security' - how will you ever know? :)
I might be more stone age than this device by still not using online banking! For me, it's just not worth the risk; banks clearly want me to use internet banking because it's cheaper for them, but they don't seem to be willing to provide anything like a reasonable level of security, or take any responsibility when things go wrong. (At least that's my perception, though I haven't made any effort to investigate.) I prefer to phone my bank. They don't tell me I have to pay for any anti-eavesdropping software for my phone and I don't have to update my phone's software every five minutes. (It also helps that TalkTalk are very slightly better at providing a phone service than broadband... although even that is beyond them every now and then.) Plus, you get to talk to a real human being, which is a nice change after looking at a computer screen all day. Having said that, unless it's just a gimick that doesn't actually enhance security, I might actually be marginally more likely to use internet banking with a one time pad.
@Helena, I think that says it all. @Richard, I do :) That's one of the problems. And it's branded NatWest, with a complementary plastic card (and yet another PIN) also branded NatWest. So I doubt very much they are share-able. @Anton, it's similar. It's like a very basic (and cheap) calculator (remember those? :) with a slot for the special chip-and-PIN card in the back. No phone line, OS, USB, etc. needed. Personally, I'd rather do it without it and take the risk (I'm careful with my passwords), but it would be nice to have the choice.
What is the device like? I heard of a keypad type device that uses your chip and pin card and pin number to generate an auth code. Not sure if that device needs a phone line or anything (or usb + windows) but it sounds like better security than secret data. Of course carrying 2/3 of these things will be a complete pain, so hopefully they can come up with a small compatible one Of course, being able to check my bank balance from any computer is nice, though I consider carefully whose computer I would trust to use. As yet I have not got one, but I suspect it is a matter of time...
"carrying a physical device seems like a very stone-age method of providing security." Does anybody know if the banks' devices will be compatible? If you think it's bad now, imagine what it would be like if you had multiple accounts with different institutions!
Barclays have just sent me one too. It's very annoying. Online banking was so useful and easy before.