Estimated reading time: 2 minutes
Two examples of banks giving me ridiculously stupid security advice.
Firstly, when the original NatWest iPhone app came out but before it was well publicised, I stumbled upon it on the App store and thought I’d give it a try.
It was (and continues to be) made by an unknown third party called Monitise Group Ltd. Naturally worried about giving my bank details to a random company, I took the app into a branch of NatWest to ask if it was genuine.
They hadn’t heard of it, and could find no mention of it on their intranet. The lady at the enquiry desk took a look at the app, shrugged, and said that because it had their logo and looked like she would expect an official app to look, it must be genuine!
So there you have it. If you make some software with NatWest’s logo on it, they will happily tell their customers to trust it with their bank details.
A few months later I was at a Lloyds TSB cashpoint, and noticed a strange plastic device over the slot, and a sticker saying “this security device has been fitted to the cash machine to protect your card details”. Not likely!
We’re told not to trust ATMs which look like they’ve been tampered with in case criminals are ‘skimming’ card details as the card passes into the slot, so this immediately raised a red flag to me. I didn’t use the machine, and I called the bank, who agreed it sounded suspicious and said they’d send somebody to look at it.
When I got home, I searched the web to see if I could find any more details. Unbelievably, it seems the device is genuinely there to add security by making the slot an odd shape, so criminals can’t attach card skimmers. It’s known as an anti-skimmer, or a “full insert protruding card reader”.
They’re teaching people that it’s okay to use a cashpoint with a weird device attached to the slot. And no doubt the card fraudsters are busy making skimming devices that fit around or even look like anti-skimmers. Who made this ridiculous decision? This is a real life example of the password anti-pattern which was so prevalent online a couple of years ago.
This would be laughable if we didn’t have to trust banks with our money.