National City Bank new security measure

[Squisher]

Subject: Important Login Information
Date: April 2007

At National City, we are committed to the privacy of your personal information. Therefore, over the next several months we will be increasing the level of security used to perform online transactions.

Effective Sunday, April 22 it will be necessary for you to input your Log-In ID and Password on two consecutive screens rather than one single screen as today. This change will affect users who log in from the NationalCity.com homepage and the Online Banking Login Page.

Thank you for choosing National City for your financial needs.



So, typing the same thing twice is better? What will they think of next.......three times?

 

[dartworth]

you could just change banks...

 

[spidey07]

First time they are giving you a key. Second time you send the key.

 

[Squisher]

Originally posted by: dartworth
you could just change banks...

I'm well aware. This isn't my main bank, but the local bank I go to when I get physical checks (rebates, expense checks, etc.).

I just don't see how this is better, even with what spidey07 posted. It sounds like you're doing the same thing twice.

 

[dartworth]

I've been with NCB for almost 20 years...I've seen a lot of things I don't understand

 

[Kur]

Originally posted by: Squisher
Subject: Important Login Information
Date: April 2007

At National City, we are committed to the privacy of your personal information. Therefore, over the next several months we will be increasing the level of security used to perform online transactions.

Effective Sunday, April 22 it will be necessary for you to input your Log-In ID and Password on two consecutive screens rather than one single screen as today. This change will affect users who log in from the NationalCity.com homepage and the Online Banking Login Page.

Thank you for choosing National City for your financial needs.



So, typing the same thing twice is better? What will they think of next.......three times?

They mean you type your username, then press submit then you go to ANOTHER screen and type in your password.

 

[xarmian]

i think what they mean by two separate screens is you enter your login on the first screen and the password on the other.. that way they're transmitted in two separate transactions.. is this more secure? i highly doubt it.. one of my banks did this about 5-6 months ago, and in the process they ironically also broke the ability of firefox to work with their website (if you tried logging in with firefox it just kept reloading the login screen) which is the dumbest thing possible and defeats most of the updated security concept by forcing use of IE. Not only that, it usually took two to three login attempts in order to log in, and half the time you simply couldn't log in, and would have to try a few hours later. I told myself i'd give them a little while to fix it before i closed my account, and finally within the past month or two it started working correctly again (still login/pass on two separate screens, but at least i can log in)...

-Dave

 

[bctbct]

All the banks are doing this. HSBC takes 5 min. to log in. When I call my CU to make a CC payment (which I do every month for past 10 years) they have started asking any accounts I have with them and balances...geez.

 

[novasatori]

hm, I have to use two separate logins on my bank site - one to get in and one to access any financial information

 

[mrjminer]

You think that is bad?

My ****** bank just added two screens to my login.

It used to be my account number on one page, then password on another page--BOOM, I'm in.

Now:
1. Account number
2. Answer one of three "secret questions" that I had to set up and select from a drop-down menu whether or not the computer I am currently on is "private" so it may prevent this screen from showing up sometimes or "public" for my work computer (where I usually check my account at) wherein I must see the screen everytime (by the way, the ****** drop-down menu doesn't remember that I have set this computer to "public" so I have to select it every ****** time)
3. Ensure that a "security image" I previously setup is correct AND that it is accompanied by a "security phrase" I previously setup AND enter my password to login.

****** ridiculous.

Edit: Looks like they set up the filter now to block a certain variation of the f word.

 

[spidey07]

mrjminer,

Accept the cookie. Won't have that problem. Public is for a computer you do not trust. You can trust your work computer.

 

[mrjminer]

Originally posted by: spidey07
mrjminer,

Accept the cookie. Won't have that problem.

The problem is that I don't want this computer registered to my account because it is shared by my coworkers (computer lab staff, rotating shifts on the same computer).

I do see your point in your edit.

 

[spidey07]

Originally posted by: mrjminer

Originally posted by: spidey07
mrjminer,

Accept the cookie. Won't have that problem.

The problem is that I don't want this computer registered to my account because it is shared by my coworkers (computer lab staff, rotating shifts on the same computer). However, I do see your point.

Then the system is working as designed. This is a GOOD thing. You are being challenged to prove your identity.

 

[kranky]

Vanguard implemented the same thing a few months ago. Username on the first screen, then the second screen shows your chosen security image/security phrase, and you enter your password there.

 

[mrjminer]

Originally posted by: kranky
Vanguard implemented the same thing a few months ago. Username on the first screen, then the second screen shows your chosen security image/security phrase, and you enter your password there.

Mine has the additional step of answering a security question, too

Spidey: I know, it's just annoying to me; they implemented it to prevent phishing scams and I'm not foolish enough to fall for any of those so, to me, it just an unnecessary step, despite the intentions being good.

 

[Flammable]

Originally posted by: mrjminer

Originally posted by: kranky
Vanguard implemented the same thing a few months ago. Username on the first screen, then the second screen shows your chosen security image/security phrase, and you enter your password there.

Mine has the additional step of answering a security question, too

Spidey: I know, it's just annoying to me; they implemented it to prevent phishing scams and I'm not foolish enough to fall for any of those so, to me, it just an unnecessary step, despite the intentions being good.

unnecessary too you but think of all the not so smart people actually falling for them.

 

[TheTony]

As has been stated, banks are implementing secondary authentication measures to meet compliance.

It's slightly inconveniencing, sure, but is there that big a downside to having more secure account access?

 

[Wizkid]

I fail to see how this is more secure. Couldn't the phishing site just use something like CURL to send the username to the bank and re-display the output ('secret' picture/phrase) for the user?

 

[xarmian]

Originally posted by: Wizkid
I fail to see how this is more secure. Couldn't the phishing site just use something like CURL to send the username to the bank and re-display the output ('secret' picture/phrase) for the user?

very good point.. in a more perfect world the banks would detect attempts to log in to multiple different usernames over a specified period of time from the same IP...but in the real world who knows.

and while the intentions are good, when the new login process is not implemented properly (see bugs noted previously) the whole concept is a joke.. fortunately they seem to be finally ironing out some of the bugs, but it's taken forever.

-Dave3

 

[dartworth]

UPDATE: New information regarding log-in process for Online Banking

At National City, we are committed to the security of your personal information. To further enhance the privacy and security of your personal information, National City is implementing a new log-in process for Online Banking.

What is changing?

Today, you enter your Log-in ID and Password on one screen. When you log in to Online Banking on or after Sunday, April 22, 2007, you will be asked to enter your Log-in ID on one screen and your Password on a subsequent screen to complete the log-in process.

NOTE: Your ID and Password will NOT change.

Why are we making this change?

The introduction of two separate log-in screens ? one for Log-in ID and one for Password ? is to prepare for further enhancements in the coming months to the privacy and security of Online Banking. These include:

* Image and Image Phrases ? Images and image phrases help you verify that you are logging into the correct Online Banking site. Once selected by you, the image and image phrase will be visible on the password screen during the log-in process.

* Challenge Questions ? Challenge questions are questions and answers chosen by you. In the future, you may need to provide your answers to these questions if your identity cannot be readily validated.

Stay tuned for more information, including roll-out dates, frequently asked questions and more.

We apologize for any inconvenience this may cause, but we believe the extra authentication will provide you with the best possible safeguards for your personal information.

As always, we appreciate your business and want to make banking online a pleasant ? and secure -- experience.