Sudhanshu Ranade

Chennai , Sept. 26

NET BANKING facilities offered by most banks require you to key in your user id or account number and then sign in by entering the personal identification number (PIN).

Keying in the PIN is a security risk. Someone, in some distant place, with access to the right kinds of spyware or Trojan program, can get to know your account number and PIN simply by monitoring your keystrokes.

Once in possession of these two bits of information, he or she can then access and operate your account without let or hindrance, particularly if you, like most people, do not check or reconcile the periodic statements sent to you by your bank with your own independent record of transactions. To get around this potential problem, Citibank has for some time now been using a system in which the user is not required to, indeed cannot, key in the PIN. Instead, after entering your account number or id, the user is confronted by an online `dynamic' keyboard — one in which the positions of the alphabet, numerals, and signs (*, %, $, #, and so on) keep changing at random every time you visit the site.

The advantage is that when you use your mouse on the dynamic keyboard to point and click (even if somebody is monitoring the positions you click on) is that he or she will have no clue about the alphabet, number or sign you are clicking on at any given time.

Of course, you may still be an easy target of less high-tech ways of getting hold of sensitive personal information. So in the end, the only thing that can definitely be said in favour of a dynamic keyboard is that it is fun to use.

© Copyright 2000 - 2009 The Hindu Business Line