9 replies to this topic

[Y0Y0]

I for one won't be using it and will be transferring my balance out and closing my account.

ING has long had one of the most complex and confusing log-in processes, but has now made it worse with their ridiculous new "Pin Guard" process.

In addition to entering your customer number and be challenged by their rotating 5 questions, you now must enter you pin number by means of a virtual keyboard whose layout is scrambled each time the screen is accessed or refreshed. The numbers 0-9 are in the same places, but they are accompanied by letters that change places on each screen access/refresh.

You cannot enter the numbers in your PIN, you must enter the corresponding letters that currently appear beside each number [digit] in your PIN.

So, one time you might need to enter ABCD, the next time DEFG, the next time FHBD, and so on.

OK, so some of you will say that you should not store your logins and PWs on your PC, but the fact is that many people do. With the ING system, there is no way to do that as the PIN basically changes every time you log-in.

Security minded tech folks may think this is a good step, but I feel it is very poor for customer convenience. No one else has access to my PCs, so there is no danger of anyone getting casual access to my info.

[markber]

I agree that ING Direct made it less convenient for customers to login into their accounts. However, it is a relatively minor annoyance for me in comparison with my disappointment with ING Direct rates. I can live with an extra-security measure if ING Direct offers good rates. If it does not, then I do not really care how convenient its login is because I am not going to use this bank anyway.


Whether this new security feature actually improves security is a different issue. Most banks survive without this fancy on-screen keyboard. I do not reject a possibility that Kuhlman introduced this security step not because it was absolutely necessary, but rather because it looks cool, because it helps him to maintain his impression of ING Direct uniqueness and gives customers a false impression of improved security. I wished he had different priorities and paid his customers a better interest instead of spending money on security measures of questionable importance, internet cafe, ING Direct-branded merchandise and stupid commercials.

[scottjm]

Have not logged into ING for a few months so I just gave it a try and found it not bad. I keep an eye on all my bank, investment accounts and credit cards by using a portfolio gateway program from one of my banks. One login and all my accounts come up refreshed and shows any activity for the past week. Only time I would need to log directly into ING is if I want to do a transfer. If it does offer more security I am for it. Some accounts have become a little more difficult to get you extra security, Like when I did a CD thru AmTrust, They told me I will need to send a notarized letter to close account and get funds transferred out. Kind of pain but I guess necessary in today's World

[pangya88]

Mark,

ING Direct's "Pin Guard" is actually a good feature. It prevents keyloggers from recording your pin number. A keylogger is a spy program surreptitiously installed on your computer. It records every keystroke you make. If you had a keylogger on your computer, it would just record the "ABCD", "BCDE", and not your pin number.

Although it's a nice gesture that ING Direct started this security feature, I still bank with Emigrant Direct. The added values of the "Pin Guard" do not add up to their sucky rates !!!

^_~ Panyaster

PS: To stop and destroy keyloggers, you need to have a good firewall (not the one in Windows XP), an up-to-date anti-virus program, and updated Windows. You can learn more about keyloggers below.

Keylogger works even when you're offline
http://www.komando.c...asp?showID=8375

[markber]

Panyaster,

Thanks for explaining us the rationale behind the ING Direct "PIN Guard"! I have not had problems with keyloggers but, I guess, ING Direct have had enough cases of keylogger-related fraudulent activity to justify implementation of the PIN Guard. I use Trend Micro PC-cillin antivirus that includes a firewall. It is important that you mentioned that Windows firewall is not good enough to stop keylogger transmission. I use Windows firewall instead of the Trend Micro's one in an attempt to decrease CPU and memory usage on my aging computer. I guess I should switch to the Trend Micro firewall or ZoneAlarm.


Mark

Mark,

ING Direct's "Pin Guard" is actually a good feature.  It prevents keyloggers from recording your pin number.  A keylogger is a spy program surreptitiously installed on your computer.  It records every keystroke you make.  If you had a keylogger on your computer, it would just record the "ABCD", "BCDE", and not your pin number.

Although it's a nice gesture that ING Direct started this security feature, I still bank with Emigrant Direct.  The added values from the "Pin Guard" do not add up to their sucky rates !!!

  ^_~  Panyaster

PS: To stop and destroy keyloggers, you need to have a good firewall (not the one in Windows XP), an up-to-date anti-virus program, and updated Windows.  You can learn more about keyloggers below. 

Keylogger works even when you're offline
http://www.komando.c...asp?showID=8375

[scottjm]

Read this in the Boston Globe this morning. Maybe ING is just trying to follow Fed guidelines? I look forward to better security in all my accounts. I know when it comes to Credit Card fraud you are not responsible, But have read very little concerning Bank account fraud. Anyone know how responsible you are and what is a Banks liability if someone hacks into your account? I subscribe to McAfee anti-virus and firewall and update daily. Anyone know if any of those other devises mentioned in this article are available?

Regulators tell banks to fortify Internet security
By Associated Press | October 18, 2005

Federal regulators will require banks to strengthen security for Internet customers through authentication that goes beyond mere user names and passwords, which have become too easy for criminals to exploit.

Bank websites are expected to adopt some form of ''two-factor" authentication by the end of 2006, regulators with the Federal Financial Institutions Examination Council said in a letter to banks last week.

In two-factor authentication, customers must confirm their identities not only through something they know, like a PIN or password, but also with something they physically have, like a hardware token with numeric access codes that change every minute.

Other types of two-factor authentication include costlier hardware involving biometrics or ''smart" cards that would be inserted into designated readers on a user's computer. Banks might also issue one-time passwords on scratch-off cards or require ''secret questions" about a customer's account.

[Y0Y0]

The thing is ING already had that with their rotating question process. This is an unnecessary step.

Yes I understand the rational behind it, but that doesn't mean I have to agree with it.

[pangya88]

I just started "online banking security" post, which should help answer some of your questions. Czech my post for more info.

If you follow those steps, you should be able to do your online banking securely.

[markber]

Anyone know if any of those other devises mentioned in this article are available?

Thanks for letting us know about the new regulations.


PCBanker offers SecurID Tokens.

[nosatalian]

Also, keyloggers are very often pieces of hardware than can be sneakily installed between keyboard and PS2 port on computer, they read all keystrokes, store them internally, and then in response to some special key combination will dump out the contents of their memory to the crook. Keep this in mind if you ever plan to use public pcs to check bank information- even if you trust the software (ie. a library where any changes a person makes are reset for every new logon) don't trust the hardware. So this really is useful, but nobody in their right mind still leaves money in ING anyways, so its a rather moot point.

Here's wishing ED would state your daily interest accumulation on the website like ING did.