Subscribe by Email!
October 23rd, 2009
Safe Internet banking in Costa Rica has been an issue for some time. In December 2007, I wrote this post about how insecure it can be and giving suggestions on how to make it less so. It is clear that I have not been impressed with Costa Rica online banking at least from from a security standpoint… until now that is.
I personally bank at three Costa Rica banks: BAC San Jose, Scotia Bank and Banco Nacional. All were subject to various schemes that could easily cause serious security problems, especially if the customer did not use adequate security protection in their computers or worse, used Internet cafes or a wireless connection while banking online.
Now along comes Banco Nacional with a high tech but easy-to-use gadget that all but guarantees your security even if banking from an Internet cafe or using a wireless connection. I got one about three weeks ago and have since been trying to figure out how someone could get into my account. My conclusion? They cannot or if they can, they are a whole lot smarter than I am.
If this topic interests you, read on!
So how does it work?
Well first let’s look at security at most Costa Rica banks. Almost all use a password that must be longer than x but shorter than y numerals or numbers. Because of their antiquated operating systems, symbols cannot be used i.e. ^%)@ etc. Most require that you change your password regularly. but people being people, folks often choose passwords that can be “guessed”.
All have a login name as well, of course. Logins are often easy to find, however, as they often are your cedula numbers, email address, account name… whatever. So, if the password gets compromised (stolen), entry to your account is not hard and you have issues. All of these things are made far worse if you are using wireless or are on a computer where a keylogger has been installed without your knowledge.
So what has Banco Nacional (BN) done that is so great? Well they still require a login and it is usually your cedula # (dumb), passport number (dumber) or other and is thus NOT very secure.
After you enter that, you are then taken to a pop-up window that is just silly! (yeah, I know, the good part is coming!). In this window you type 4 characters and use your mouse to click 4 numerals. Why is it silly? Because it is fully visible to anyone standing or seated anywhere near you while you are typing this stuff… Then they have (well they had) all they needed to get into your account.
But…. here is the cool part:
If you look at the picture above left at the beginning of this post, you will see what looks like a key fob with a little window. You get this from BN for 3,000 colones (but see below).
With this gadget BN adds a final login step which makes everything incredibly secure! After you log in doing the same old useless stuff… you are asked for a code number. You now press a button on the key fob (llevero in español) and enter that generated number. Also available is a card type device (see right) for generating the code. You now have access to your account.
Why is this cool and more important, safe? Because each number generated is “one-use”. Even if someone sees you entering it or actually sees the number, it can never be used ever again. This number is mathematically tied to your account, and no other llavero (or card) will work in your account.
This thing is called a token. You can either go to your local BN office and get one for 3,000 colones or, if you have them, you can use your entertainment points that you get for paying bills online.
With this new security option, I would say this places Banco Nacional miles ahead of their competition in terms of keeping your account safe. As I know many of you here must use Internet cafes, shared computers or wireless, this new gadget can now make all the difference in keeping your money safe. In fact, until the other banks “catch up”, I would suggest using BN as your primary bank using other only for spreading the wealth.Filed under Banking & Finance, Banking in Costa Rica, Internet, Internet Fraud | Comments (12)