With millions of people now regularly doing their banking online, fraud on the internet has risen fast in recent years.
In an effort to step up security banks have come up with new ways to try and keep our accounts safe.
A new technique has been the introduction of card readers, which are aimed at providing customers with an extra layer of security.
The handheld devices issued to some bank customers generate a random number each time they want to log into their accounts online.
WHAT'S YOUR VIEW? EMAIL US USING THE FORM BELOW
...overkill and highly inconvenient.
...online banking as secure as possible...
But not everyone is happy with this new method, including Working Lunch viewer John Leuba, who says he cannot get the system to work to log in and check his balance.
Another viewer Simon Rodwell says: "PINsentry has its uses, especially when creating new payees, but for general access to one's account it is overkill and highly inconvenient."
Card readers make online banking as secure as possible for customers, according to Sean Gilchrist, the Digital Banking Director at Barclays.
"Unfortunately the fraud gangs are very good at tricking customers out of their log on details and one of the ways to combat that is to bring in a one-time only password.
Example of a typical phishing email to obtain bank details fraudulently
"So if you are tricked by a fraud gang and do give away your details, actually they become invalid because when you've used that once, it's only useful for that session," he told the programme.
Phishing is one of the most common types of online fraud, which usually starts with an email claiming to be from a bank.
The email tricks customers into clicking on a weblink for a genuine-looking website and revealing all their online bank details - with these going straight to the fraudster.
Have you received a card reader or a similar device? Do you think it's made your online banking more secure? Or is it just an additional inconvenience?
Whatever your thoughts on this topic, we would like to hear from you. Get in touch by clicking here.
Of course a one time security system doesn't eliminate the problem of bogus bank websites. They simply act as a 'man in the middle' by asking for your one time credentials then using them to instruct the real bank website to empty your account.
I was interested to hear the problems people have had when trying to use internet banking. I always use telephone banking to check my balance. It's quick and easy, costing no more than a local call (it's an 0845 number).
I don't use internet banking as I'm very good at forgetting my password. Telephone banking is easier and only requires the 16 digit card no as well as a five digit passcode.
Why can't the banks use SPF (Sender Policy Framework) so spam software will know the phishing email is a fake!
Alan Smith, Manchester.
As someone with a visual impairment (I have myopic macular degeneration) and am registered partially sighted, I could feel the panic rising as I listened to Rachel's account of what is coming. I use the Barclays online banking system and have been very pleased with it - I use screen magnification software and large monitor to use my computer and so have maintained my banking independence.
From what I could see of the reader, I realised it would be unlikely that I could use the new Barclays PINsentry reader. So I then spent 30 minutes trying to explain my problem to Barclays staff and the best they could offer was sending me an audio version. Even though they know I have some sort of issue as I have my bank statements sent in large print, no-one was going to ask how this change would affect me (and as for the key ring size versions - yuk!)
If I had not seen this article (so thank you!) the first I would have known about it would be when it arrived, and then I would have a battle on my hands to get an alternative in place before I lost access to my bank account. I appreciate the need for security but this is an example of when an impairment becomes disabling!
How many other people are going be disenfranchised in this manner?
On 04/01/08 I received by normal business mail an unsolicited letter from my bank reminding me of my PIN number.
This letter contained last four digits of card number, PIN number concealed under scratch-off panel with instructions on how to reveal it, and of course my name and address.
Had this letter gone astray the recipient would have PIN number, last four digits to recognise card and address to steal card from.
This hardly seems a secure system?
G G Etherington.
I would like to make a couple of points regarding your article today on phishing.
If I get a phishing email (I know what it is because I don't bank online). I click on the link and if it has already been picked up as a fraud I get a warning from my browser. Then I would simply delete the email.
If the browser does not show an alert I would go to the bank's website and attempt to forward the email to them. Some banks allow this and I would get a polite - automatic- "thank you" in reply.
Other banks, Abbey for one, don't allow this and only provide a contact telephone number. That is my first point. Am I wasting my time or are these banks missing something?
My second point is if you look at the URL in the header (of fake websites) it is obvious that it has not originated from the bank at all.
Just watched your feature about online banking security and thought I would put forward an idea which keeps coming into my head.
Briefly stated, the concept is that mobile phones could be used as the 'gatekeepers' of online accounts so that for instance I could text a message to a special Sentry phone number such as 8787878 OFF.
This would mean that all ad hoc withdrawal requests from my account are to be refused until such time as I text the message 8787878 ON to the Sentry number.
Using the same process I could for instance text the message of 8787878 ALERT 50 so that any withdrawals over £50 thereafter would result in details of any transactions being sent as a text message to my phone.
Any rogue withdrawals could then be spotted quickly and an OFF message sent. I suppose other settings could be controlled in this fashion - these are the first that came into my head.
As far as security is concerned, only the Sentry would know the correspondence between the value of 8787878 and the actual account number and actual bank holding the account and would only accept any such request from the registered mobile number of the account holder.
The idea assumes that the Sentry system is being run by a central banking organisation on behalf of various members.
As I stated - very vague but that would put access control and monitoring of the account in the hands of the account owner.
John Tuach, Inverness.