Seems to be working fine now.
Nationwide Building Society customers looking to check their accounts or peruse mortgage rates via its online front door were left frustrated today as its website's front page told them it was, er, too busy. Customers typing in nationwide.co.uk today were greeted with the following: Server is too busy The front page seems to …
Seems to be working fine now.
Please wait while content loading ... for ever :)
Let me guess... You have flashblock :)
...what, no Indian translators on-hand?
Possibly the consequence of another quality outsourcing decision...and an omen of things to come, given the big banks recent hard-ons for costs, rather than service quality?
Apparently they've a special customs lane at Gatwick especially dedicated to the plane loads of offshore contract staff this outsourcer uses to fullfill the Nationwide core upgrade contracts.
No wonder their IT is so woefully poor...
Nationwide are really gonna be in the brown stuff once the offshore contractor guys brought in to work on this core upgrade have all secured their work permits and moved onto milk higher hourly rates from another bunch of suckers (ie JP Morgan).
In order to use the site securely, I have to not use Chrome and enable popups, so I won't know if a fake login screen pops up over the real one .. !!!!
Online banking is going to be a pain in the arse with Nationwide over the next week or so since they're going to force you to use those damned card readers to log-in to online banking. They already do it for online transactions (which is understandable) but I cannot be arsed finding the damn thing each time I simply want to log in.
Can anyone recommend a bank who doesn't make things like this such a hassle?
Natwest doesn't need a card reader to logon but they have repeatedly let me down, failing to pay standing orders and redusing my overdraft without telling me.
I will be leaving them for first direct pretty soon.
but they have a habit of Ripping you off in charges.... throwing you bank statements out with normal rubbish and selling your details to scammers through their Indian Call centre.
The choice is yours...
Sign in using a user name and password (user changeable), then select 3 random characters from another pass phrase (user changeable) using drop-downs and you're in to their web site.
Most transfers and other actions need your password re-entering.
As far as I know they're not planning on introducing card-reader random number generators, but who knows?
I'd agree that having to use the card-reader to login would be a major pain, but according to the announcements I've seen, it's optional - we can still login using the existing password + PIN procedure. Best of both worlds?
LTSB tested 2 factor authentication, but then scrapped the project because it cost more to run that what THEY lost in fraud (allegedly)
Anything other than 2 factor = bank fraud oportunities.
So plus points to banks doing 2 factor,
minus points for any not ensuring approriate BC/DR and transition planning
Also, annoyingly, even though they supply a SecureID token for secure login, they keep pushing some third-party add-on to 'keep your computer secure'. I wouldn't mind but it's been going on for months now and I keep forgetting to use my Linux box to avoid that screen.
So to log in it's:-
'It looks like you are trying to login, do you want us to stuff it up for you?'
Doesn't say much for how they rate their own security
Using the card reader will speed up the login, the message they sent everyone states that you can still login without it.
Their change (card reader required; up to now this was only the case if you transferred money out of your account) seems to be meant to increase the bank's security by making it tedious and not worthwhile to use internet banking. They seem to be rowing back now, with some "two--step process" (whatever that may be) that doesn't require the card reader.
"...seems to be meant to increase the bank's security by making it tedious..."
as in secure?
as oppossed to easy and simple for the crooks to login taking over your account?
First Direct, for the moment at least. Their phone service speaks English too .............
Nationwide's site is always slow, even when it is working normally. And it has too many stupid rules about what characters and values it will accept in password and 'memorable data' fields.
LLoyds TSB does not need a fiddly card reader
English Call Centre too
nationwide.co.uk has been taking over a minute to load sometimes. 3kB/sec on a good day.
I changed my Opera Speed dial to https://olb2.nationet.com/signon/index2.asp to take me straight to the Login page. No problems...
Today, the front page loaded in a flash. Looks like they have fixed it.
It's a long time since I used their online banking, but I remember that error messages seemed only remotely connected to the actual fault.
The generaly principle seemed to be "blame the user by listing half a dozen things they can get wrong, completely unrelated to what actually happened".
smile.co.uk (part of the Co-op bank) - no card reader, British call centre (think it's in Lancashire) and you can use Post Offices to pay money in. I've been with them over 10 years and never had an issue.
... is something we're all going to have to get used to. Banking trojans are getting very sneaky. Not that 2FA is infallible, but online bank fraud losses are accelerating to the point at which a certain amount of user inconvenience is inevitable. If you want something to truly complain about, save it for 3-D Secure.
Nationwide in my experience seem particularly prone to treating their customers/members like chldren but in this case it just means that they're doing something now that all the rest, who are still agonising about customer resistance, will almost certainly be doing shortly.
I think you meant 3D IN-secure ...
Verified by bloody visa as well
2FA is fine - I'd like some choice thanks and not that sodding "my first calculator" thing. I always have my mobile with me - why not use that? Or allow an RSA keyfob etc
Nationwide will not be pushing this onto me - I'll leave
I don't mind the card reader too much (though I prefer my HBOS SecurID token), but what does tick me off is having to use the card reader for *every* transaction to a non-Nationwide destination.
For example, when paying credit card bills (with payment mandates that have been around for *years*), there's clearly no need for the card reader process.
A better approach would be to only require the card reader process when setting up a new payment, rather than pestering the user for each payment.
Alternatively, go through the card reader process the first time I make a payment in a banking session, then don't bug me again for the rest of that session.
This looks like a minor step forward to me. Still no TANs so once you get the login details you're laughing.
Does this keypad actually plug into the computer and secure the communication or is it external? In which case the authentication is still subject to MitM attacks. We're onto ones that encrypt the communication end to end here and have TANs for each transaction. All that and German online banking is still considered insecure.
Regarding call-centres: Nationwide usually routes calls round the branches which I've always found to be a pragmatic solution to the problem.
The card reader does not interface with a computer in any way shape or form. Slide the card in the reader, authenticate with your 4 digit pin code then simply follow the instructions on-screen to make a transaction.
I've used Nationwide for years (among others) and I've never really had a single problem relating to their service! Other banks/Building societies refuse to accept my browser, crash all the time, have unnecessarily complicated login procedures (does it really improve security to have to enter your details on multiple pages? I think not), whereas Nationwide have been consistantly perfect throughout my time of using them. The online banking is simple but effective and I like that (hence I'm not a Mac luser).
El Reg is being a bit harsh...
To be fair Nationwide's old system was gash of the highest order. Intermittently let you log in (to shared accounts - don't think the issue is with single person accounts) before the card reader, you call up and they say you're stupid. Considering I'm a dev, the person sat opposite had the same issue, and so have others I know, lets hope this system is somewhat better, although it's not likely.