Nothing ground breaking, but it would appear UK banking consumers are starting to feel the pain of increased online banking security trade-offs, due to UK banks trying to save money by cutting previously acceptable losses from online account fraud.
"One person, one bank: three devices
But despite the evidence that new measures are more than just inconvenient, many banks are pressing ahead. Lloyds, Barclays, Cooperative Bank, RBS and Nationwide Building Society all require customers to use a card reader when amendments are made to standing orders, direct debits or when setting up payments.
"This is called two-factor authentication," said independent bank security expert Dave Whitelegg.
How two-factor authentication works
The idea is that no fraudster can access your account, however much they know about your life, your pets and your mother's maiden name, unless they also physically possesses the device. "It's the same theory as for chip and pin," Whitelegg told MSN.
The biggest worry for banks is phishing attacks, by which fraudsters send emails hoping to get customers to log into cloned bank websites and enter their details, which are then captured and used to empty the real accounts.
"Phishing emails are sent out by the million, so even if 0.1% of recipients fall for them, they are a success," Whitelegg said.
Most such phishing attempts are easy to spot, failing to address the customer by name and littered with bad grammar and mis-spelling. But a new generation are more convincing. They may not only have your name, but much more convincing cloned websites.
Mobile banking: a worrying new frontier
The next frontier in banking fraud is coming with smartphones, which are increasingly enabled for transactions, but which experts say add a new vulnerability.
"They have never been targeted before, so they have never matured with fraud in the same way that PCs have," Whitelegg said.
Sending a text to confirm payment changes, which Santander among others allows, will become less secure if the entire transaction was originated from a stolen mobile.
So who are the people behind online fraud? There is a whole ecosystem out there, with software masterminds writing key logger and phishing programmes and devising convincing copies of bank websites. Then there are communities of hackers and fraudsters who meet online, and buy this software off the shelf, Whitelegg says.
The result is that just a few clever people have seeded a whole crime industry for thousands of criminals who would never have the brains to devise the whole process themselves.
How you can protect yourself
There are no absolutely foolproof ways to avoid data or identity theft but here are a few sensible precautions.
1) Treat your personal data like cash: Don't leave it lying around. Shred unwanted documents, don't disclose financial details or potential answers to security question (eg your mother's maiden name) except on verifiable and encrypted sites.
2) Use reputable anti-virus software and keep it up to date.
3) Never download an attachment from an untrusted source as it may contain viruses.
4) Phishing attempts usually begin with alarming warnings about a breach of your security. Banks never alert their customers this way. Even if you are concerned by an email, either ring your bank, or type in the web address from a bank statement. Never follow a link on the email.
5) Change your email address so it's not identical to your real name as used in any financial accounts, so you can easily spot crude phishing attempts which address you by your email name.
6) If you must write down passwords or security details, disguise them. This is particularly important if they are kept on a computer. Use a long and secure password to 'lock' laptops.
7) When inputting details onto a bank website, don't input them in the same order as the questions appear, and use the mouse rather than tab buttons to move around the screen. This can help foil key loggers and other trojan devices.
8) Go ex-directory: keeping your phone details out of circulation stops most phone-based frauds as well as irritating sales calls.
9) If your bank phones you unexpectedly, protect your interests by asking THEM a security question. Ask what your balance was on the date of your last statement, or a recent transaction that you can check. Banks will not ask for online security codes by phone, so don't give them. If in doubt say you are going to ring them back on the usual customer service number."