
Chrome unsupported browser
In order to use the site securely, I have to not use Chrome and enable popups, so I won't know if a fake login screen pops up over the real one .. !!!!
http://www.uploadimage.co.uk/images/97833590074333262804.jpg
Nationwide Building Society customers looking to check their accounts or peruse mortgage rates via its online front door were left frustrated today as its website's front page told them it was, er, too busy. Customers typing in nationwide.co.uk today were greeted with the following: Server is too busy The front page seems to …
Apparently they've a special customs lane at Gatwick especially dedicated to the plane loads of offshore contract staff this outsourcer uses to fullfill the Nationwide core upgrade contracts.
No wonder their IT is so woefully poor...
Nationwide are really gonna be in the brown stuff once the offshore contractor guys brought in to work on this core upgrade have all secured their work permits and moved onto milk higher hourly rates from another bunch of suckers (ie JP Morgan).
Online banking is going to be a pain in the arse with Nationwide over the next week or so since they're going to force you to use those damned card readers to log-in to online banking. They already do it for online transactions (which is understandable) but I cannot be arsed finding the damn thing each time I simply want to log in.
Can anyone recommend a bank who doesn't make things like this such a hassle?
Sign in using a user name and password (user changeable), then select 3 random characters from another pass phrase (user changeable) using drop-downs and you're in to their web site.
Most transfers and other actions need your password re-entering.
As far as I know they're not planning on introducing card-reader random number generators, but who knows?
ttfn
LTSB tested 2 factor authentication, but then scrapped the project because it cost more to run that what THEY lost in fraud (allegedly)
Anything other than 2 factor = bank fraud oportunities.
So plus points to banks doing 2 factor,
minus points for any not ensuring approriate BC/DR and transition planning
Also, annoyingly, even though they supply a SecureID token for secure login, they keep pushing some third-party add-on to 'keep your computer secure'. I wouldn't mind but it's been going on for months now and I keep forgetting to use my Linux box to avoid that screen.
So to log in it's:-
User ID
Password
SecureID token
'It looks like you are trying to login, do you want us to stuff it up for you?'
Doesn't say much for how they rate their own security
Their change (card reader required; up to now this was only the case if you transferred money out of your account) seems to be meant to increase the bank's security by making it tedious and not worthwhile to use internet banking. They seem to be rowing back now, with some "two--step process" (whatever that may be) that doesn't require the card reader.
It's a long time since I used their online banking, but I remember that error messages seemed only remotely connected to the actual fault.
The generaly principle seemed to be "blame the user by listing half a dozen things they can get wrong, completely unrelated to what actually happened".
nationwide.co.uk has been taking over a minute to load sometimes. 3kB/sec on a good day.
I changed my Opera Speed dial to https://olb2.nationet.com/signon/index2.asp to take me straight to the Login page. No problems...
Today, the front page loaded in a flash. Looks like they have fixed it.
... is something we're all going to have to get used to. Banking trojans are getting very sneaky. Not that 2FA is infallible, but online bank fraud losses are accelerating to the point at which a certain amount of user inconvenience is inevitable. If you want something to truly complain about, save it for 3-D Secure.
Nationwide in my experience seem particularly prone to treating their customers/members like chldren but in this case it just means that they're doing something now that all the rest, who are still agonising about customer resistance, will almost certainly be doing shortly.
I don't mind the card reader too much (though I prefer my HBOS SecurID token), but what does tick me off is having to use the card reader for *every* transaction to a non-Nationwide destination.
For example, when paying credit card bills (with payment mandates that have been around for *years*), there's clearly no need for the card reader process.
A better approach would be to only require the card reader process when setting up a new payment, rather than pestering the user for each payment.
Alternatively, go through the card reader process the first time I make a payment in a banking session, then don't bug me again for the rest of that session.
This looks like a minor step forward to me. Still no TANs so once you get the login details you're laughing.
Does this keypad actually plug into the computer and secure the communication or is it external? In which case the authentication is still subject to MitM attacks. We're onto ones that encrypt the communication end to end here and have TANs for each transaction. All that and German online banking is still considered insecure.
Regarding call-centres: Nationwide usually routes calls round the branches which I've always found to be a pragmatic solution to the problem.
I've used Nationwide for years (among others) and I've never really had a single problem relating to their service! Other banks/Building societies refuse to accept my browser, crash all the time, have unnecessarily complicated login procedures (does it really improve security to have to enter your details on multiple pages? I think not), whereas Nationwide have been consistantly perfect throughout my time of using them. The online banking is simple but effective and I like that (hence I'm not a Mac luser).
El Reg is being a bit harsh...
To be fair Nationwide's old system was gash of the highest order. Intermittently let you log in (to shared accounts - don't think the issue is with single person accounts) before the card reader, you call up and they say you're stupid. Considering I'm a dev, the person sat opposite had the same issue, and so have others I know, lets hope this system is somewhat better, although it's not likely.