Clearly keyloggers win, but I do know of people who have worked with (eg: inadvertently employed) fraudsters. I know it’s not a suitable approach for organised crime, but it’s clearly still something to take into account.

Telephone banking seems to just require a customer number and 2 digits from a pin. So once you’ve got the customer number it seems you’ve got a 1 in 100 chance of guessing the pin number, scary really. Online banking requires 3 digits of password (alpha-numeric) and 3 digits of pin, which is in excess of 1 in 238 million.

Keyloggers are less important with Natwest (still quite important) as you would have to see multiple login attempts in order to get all of the digits of the pin and password.

I’m sure that online banking is a major source of fraud, I just don’t think that their method of tackling it has been very well thought out.

In further news, Natwest did today suggest that we consider switching to a different bank. That was after phoning me from a withheld number, announcing themselves as being from “the bank” and asking for my password.

Point 1. I’m quite convinced that fraud on accounts is not due to people “snooping on the line” - they wouldn’t be any online fraud if this was the case, as SSL would see to that.

Point 2. Mass installs of keyloggers verses people sat around you hearing a few letters from your password (or indeed wiretaps on your line). Humm. I think keyloggers win. Unless organised criminals are now putting people into buildings around the country in order to get banking passwords. (are the digits from your PIN entered into the phone via DTMF or read aloud?)

Point 3. As it’s been over 8 years since I did telephone banking, what details do they have for online banking that they don’t use for telephone banking?

Of course another source of fraud (other than keylogging) is phishing sites, again organised crime. Now, it is conceivable that criminals in far flung countries will, rather than use a botnet of computers to log into accounts and transfer money, that they will individually phone up the online banking services one by one and transfer money to their accounts. But doing it using online banking is a much safer bet for the criminal and probably the way most of it is done.

Now, I know that *you* check for keyloggers everytime you use online banking (or su on a server for that matter) and that you’re not going to fall for a phishing site - thus making *your* online banking as safe as it could be, but as for telephone banking being less secure than online banking for the general population - I’m less convinced.

I’d be interested to see statistics for bank fraud via different banking instruction methods. I’d imagine in the current climate that online banking would be at the top of the list, which you are now protected from, like it or not!

It is however crazy that they can’t rollout a magic box to you - or just tell the computer that they have even if they haven’t and let you use your personal magic box…