Reply to: Cater Allen Internet Banking - Not very secure?

I've used Cater Allen for years and never had any issues with them. Their interest rates are terrible but who's isn't!

I find all those things annoying and prefer online banking that lets me get on with things!

Not necessarily.

Most partial password systems use a method whereby at the point the full password is hashed the system calculates the possible permutations for the number of characters required for the partial password system and hashes them at the same time. When the user enters the password characters these are hashed and compared to the hash of that combination. At no point is the plain text password stored anywhere, only ever the actual characters at point of entry by the user.

The isn't efficient from a storage point of view, requirements scale quadratically, not linearly with the length of password, and the hashing process can be compute intensive, but it is more secure than either plaintext password storage or using a reversible encryption algorithm.

There is another way of doing it discussed here: Smart Architects - Home

This uses Polynomials to calculate points and indices for the character values resulting in faster computation, lower storage overheads and fewer limitations on password length or number of partial password characters selected.

Nope it's nothing to do with that.

A couple of my cards both credit and debit don't force me to the verification screen because:
1. The verification screens have shown not to be safe and are hackable.
2. What I do matches my spending pattern - the card issuer can and will block it stopping the transaction
3. People find it annoying.

I have noticed that with all my debit cards when I go to purchase online I go through that verification screen....but not with my CA card. Is it because it is deemed to be a 'credit card' and not a debit card by merchant systems?

So they're storing the unencrypted password in memory at least some of the time ...

I do agree with the OP although I never had problems. I'm not very comfortable with the level of security when logging in and how easy it is to transfer money. My first on-line banking account 15 years ago had more security.

Or they decrypt the password and then compare the one character against that character.

When I last worked in banking with CRM, we used Red Pike to encrypt and decrypt the password - the system asked for three random characters and the API decrypted the password and returned just those characters to the front-end.

They are as secure as most UK banks, which means not as secure as you might think.

Any system where you enter individual random characters from a password means they either store those passwords as plaintext or they have to encrypt every character individually

And don't get me started on the memorable pet/maiden name/primary school stuff. It's laughable.

What on earth are you talking about?

I use Cater Allen, I am very happy with the service and have no concerns over security.