Barclays claims card-reader has eliminated fraud

Pioneering end-user chip and PIN system has eliminated online scams, the bank claims, though not all are convinced

Barclays claims to have reduced online fraud to zero among users of its two-factor authentication system, PINsentry.

The UK's third-largest bank said this week that it has distributed the card reader, made by Amsterdam-based Gemalto, to more than one million customers, and that none have been hit by fraud.

Takeup of the devices has been higher than expected, exceeding 30 percent of the online user base, Barclays said.

The bank chose PINsentry because of its similarity to chip and PIN, rolled out in 2006 across UK retailers.

Barclays began distributing the authentication devices in the second half of last year, initially sending out 500,000 units, becoming the first UK bank to distribute end-user chip and PIN terminals. Any user wishing to set up an online transfer to a new third-party account, other than a standard supplier such as a utility company, is required to use the system.

Barnaby Davis, director of electronic banking at Barclays, said last year that the arrangement was intended to limit the damage that could be caused by someone using stolen bank details. Barclays digital banking director Sean Gilchrist said the system was designed to be easy to use and highly secure. "Adoption of the PINsentry reader by one million cardholders in one year is a clear demonstration that we made the right choice," he stated.

Not everyone agrees that PINsentry is as secure as Barclays claims. The devices are still vulnerable to sophisticated man-in-the-middle attacks, said Sophos senior technology consultant Graham Cluley at the time of the rollout. "These chip and PIN devices do not prevent all identity theft — hackers can still steal screenshots of what you are doing on your PC, and find out information about you and your account which could potentially be used for fraudulent purposes," he said.

Some users have also complained about the necessity of carrying the device with them, leading one user to hack PINsentry to send new access codes to his mobile phone via SMS.

Earlier this month Barclays offered all its online customers free Kaspersky security software, including parental controls as well as protection from spam, adware, spyware and viruses.