/ Money

Online banking – do we want safety over convenience?

Secure reader for online banking

Are you willing to swap a bit of speed and convenience when banking online if it means the process is safer? There’s always some trade-off, but some banks are dealing with the problem better than others…

When it comes to financial fraud, consumer protection in the UK is fairly good.

The onus is on banks and other financial providers to create systems that will protect their customers. So, for those of us unlucky enough to become a fraud victim, our bank or lender should be there to pick up the bill.

Given the balance of responsibility, it’s no wonder that banks have invested heavily in creating securer online banking facilities in recent years.

Who enjoys jumping through security hoops?

But for every extra security check, there’s a trade-off in terms of customer convenience; something that some banks have dealt with better than others.

Almost all banks now require you to use a card reader or small key pad to generate a security number when you log in to your online banking facilities; a hoop that few people enjoy having to jump through.

HSBC, which has been my bank for more than 15 years, became the latest to introduce its own version of this technology earlier this year. So customers like me can no longer access our accounts online without the help of a small device that’s easy to lose and never with you at the moment you need it.

Unfortunately, unlike many of its rivals, HSBC has not provided customers with an alternative way to log in to their accounts when they don’t have their ‘Secure Key’ device to hand. Other banks who have adopted similar technology only insist on customers jumping through these extra hoops when they’re using their online banking facilities to carry out a transaction.

For those who simply want to check their balance and look at statements, it’s possible to log in using ordinary passwords and security questions.

Banks need to find a better balance

I wouldn’t mind about the inconvenience if I felt that HSBC’s new technology was lifting its online security to a new level. But, as our online banking security report in Which? magazine shows this month, HSBC remains average for banking security, with a score of just 58%, and still has plenty of room for improvement.

In fact, all the banks have a long way to go. Nationwide, which topped our tests, only achieved a score of 69%.

There is always a balance to be struck between security and convenience, but that balance has not been achieved quite yet. Internet banking has become increasingly inconvenient without becoming markedly more secure. It’s time for our banks to have a rethink.

Comments
Guest

I have been internet banking for a lot of years now and despite the security hassles I find it well worthwhile.
I rarely have to go to the branch for bill payment. I can do it whenever I find it convenient.

Most importantly I can monitor my accounts and avoid falling into the red. I always know where I am with my money. Peace of mind is worth a lot of minor security hassles.

Profile photo of wavechange
Guest

I avoided using NatWest online banking for years because of concerns about security. What finally encouraged me to move from telephone banking was the fact that a friend had a lot of money stolen from his account and NatWest fully reimbursed him.

No problems so far and it is extremely convenient. I am still rather nervous and check my account for unauthorised withdrawals.

Profile photo of wavechange
Guest

I forgot to say that I would be would be happy to exchange some of the convenience for a higher level of security.

Profile photo of dean
Guest

Well, I personally think that my bank account IS secure. Emails/phones/personal data clearly are not because they are managed by a company whose interest it is to sell this information.

I have recently just received a new security keycard from HSBC, which is fine. Prior to this, they constantly tried to get me to install “Rapport” software, which I never did. No-one knew my security number so I didn’t see the issue.

What surprises me though is that it took HSBC so long to get round to this. When I lived in Holland, my ABN AMRO account had a digital card reader at least 3 years ago, maybe even longer. In Germany, Deutsche Bank had a paper list of secure codes that you needed to enter every time you logged in or performed a secure transaction.

So I performed my first transfers this weekend with the new security measures. I have to say that I am much more at ease, even though it is a little convoluted. As soon as I get used to it, it will be just as quick to use

Guest
Matthew Pemble says:
25 August 2011

We tested the Rapport software as part of the work for Which and it does seem to add a reasonable additional level of security, as well as reminding you about password resource. You may still choose not to use it but we do think it adds value.

Of course, this only applies to your computer – if you access online banking from work or from public computers, they are unlikely to have Rapport installed or, if they do, will not be configured with your details.

Guest
Matthew Pemble says:
25 August 2011

“Password re-use”, apologies.

Guest
John says:
25 August 2011

@matthew
I have to admit I have my reservations about Rapport and haven’t installed it, despite being prompted by several banks. I have never liked the idea of being prompted to install software from websites and years of internet usage have told me that generally this is a really bad idea.

Because of this I only have limited knowledge of how Rapport works – my understanding was that it tried to ensure you were entering your details into your banks web page and not a phising page. I fail to see why this is better than a webpage bookmark and the https security highlights you now get in the url bar on current browsers.
You suggest that you have to provide it with your details? Is this right? How can entering your details into a 3rd party piece of software improve you internet banking security? Surely this is a huge security risk?

Guest
Keyless says:
16 August 2011

I use internet banking regulary to monitor my bank account and credit card details and find it a very useful service. The login checks and passwords are rigorous and yet become memorable when used frequently.

Guest
PeterMonte says:
16 August 2011

Tesco Bank has just dumped its card reader system and moved to a combination of pins and passwords which is easier to access wherever you are.

Profile photo of ivoratmaldon
Guest

I’m pleased to hear this. I opened a savings account with Tesco a year or so back, and promptly closed it again when I found I wouldn’t be able to access it without a keypad. Perhaps I wasn’t the only one ?!

Profile photo of ivoratmaldon
Guest

I too am concerned about this trend towards a separate bit of hardware to operate an online bank account. I’ve been with First Direct (an HSBC offshoot) for over fifteen years, and up to now have had little to complain about. But I’m getting a bit ancient now, and desperately trying to declutter.

They seem to have given up trying to persuade me to instal Rapport. I don’t know if they’re planning on going down the HSBC path, but if they insist on a keypad/reader I shan’t be using it. I’ll either have to move to a more accommodating bank (will there be any left?), or go back to telephone banking and paper statements. Perhaps even start to use cash again, although even that seems to be becoming less acceptable.

I appreciate that the banks are trying to keep ahead of the fraudsters. So I’m amazed that FD want me to type in the complete word in response to the same security question every time I log in. I do tend to use an on-screen keyboard – but am I fooling myself in thinking that gives more security?

Guest
ethicalpeter says:
16 August 2011

I hate these card readers……Iiked it OK before! I am with Smile and they already have 3 levels of security so why the need for card readers (some of which are difficult to read) it only complicates things and I just want to get on with it without this extremely annoying addition. I do find internet banking very useful!!

Profile photo of Hannah Jolliffe
Guest

I’m with Smile too and find the card readers inconvenient from the POV of never having one on me at work etc. This means I can only make payments to others from home, which kind of defeats the purpose of online banking! But saying that, once you get used to them they are easy to use, and you can always call them to do a payment/transfer if it’s urgent – at least their customer service staff are helpful and friendly!

Guest
Ad Refusnik says:
17 August 2011

Smile now only require the card reader when setting up new payments. If you want to make a payment to someone regularly it’s not needed. This seems a good balance to me.

Profile photo of Hannah Jolliffe
Guest

I didn’t realise this – obviously don’t make enough payments! Yes, I agree that’s a good middle ground.

Guest
John says:
23 August 2011

Nationwide have a nice similar middle ground where the extra security of a card reader is only necessary when you do something new.

Guest
Rose says:
17 August 2011

We have 4 different bank accounts between us, each with various PINs and passwords on the online system, then 2 of the banks also have the card readers. Drives us absolutely mad – by the time you get through to the account you’ve totally forgotten what you wanted to do! And if you lock the card readers away somewhere for security, it’s a pain having to keep getting them out. And when you’re away from home, invariably you don’t have them with you as you already have various phones, laptop, memory cards, etc! The Coop bank seems the worst – 2 different log in names to remember plus the PIN for the card reader, then a silly long number to type in. Plus the same for every credit/store card. Is there anyone who can carry all these passwords/PINs in their head? They must have amazing memories if they can as each system seems to require a different combination of letters/numbers etc and different length of password, plus different frequencies for changing them. So we’re probably all less secure as many people probably write all their passwords & PINs somewhere!

Profile photo of Ben Stevens
Guest

I was a bit miffed with my PIN sentry from Barclays when they first sent it out to me however many years ago, but it’s second nature now. I have one at work and one at home, and the system’s always worked well for me.

Profile photo of rarrar
Guest

I assume that all the card readers for a particular bank are identical – so its only the PIN associated with it which adds to the security; any organised fraudsters will have acquired card readers for all the banks already.

Profile photo of rarrar
Guest

Update, my HSBC reader arrive just after I posted.
Have to enter serial number of reader when activating – so probably card readers are all different !!
No longer have to enter chars #,#,# from password to login and I’ve just gone an created and remembered a new complicated one!!

Guest
Ad Refusnik says:
17 August 2011

In fact you can even mix and match the card readers from different banks. My old Tesco reader worked fine with my Smile account. It’s the card that seems to matter…

Profile photo of Gloran
Guest

I use a Barclays’ PINSentry and I’m pretty happy with it. I would not be willing to use software with which I did not feel reasonably secure. Bank security needs to be:
1) Secure against keylogging software
2) Secure against malware and trojans
3) Simple to use
4) Under regular review by the banks.- secure yesterday does not mean secure today
5) Underwritten by the bank – they should not be able to shrug off claims unless they can PROVE it was not due to fault on their part.

I’ll take the mild inconvenience –

Profile photo of fat sam
Guest

You can have the most sophisticated security in the world but it can all be compromised through phishing. Thankfully, most are easy to spot (spot the bad use English, for a start) but some will fool users by using exact replications of login pages and clever URLs.

One way to reduce phishing is for all financial organisations to have their log-in pages under a common domain name, perhaps fsa.gov.uk? Most banks use what phishers do – obscure URLs. E.g. Halifax’s online banking is accessed by going to ‘www.halifax-online.co.uk’. How do I know that’s real? A phisher might use ‘www.halifax-online-banking.co.uk’.

However, if I knew that a genuine log-in page could only exist at a sub-domain of, say, the FSA, then I’d have more confidence. All sub-domains would have to be regulated by the FSA.

Alternatively, if privacy is a concern, then maybe the FSA should be the gateway to all the online services of the financial organisations registered with it if anything just to provide confidence because there will always be many who won’t have bookmarked the real page.

I’m using the FSA as an example here – it could be anything – but it makes sense to use an organisation people have heard of.

Of course, the best way to prevent being scammed by phishing is to NEVER click on a link in an email – and always use a bookmarked log-in page.

Profile photo of fat sam
Guest

and spot my bad use of English!

(blush)

Profile photo of Clint Kirk
Guest

Interesting suggestion. I wonder what the security experts would think.

The domains should be preceded by https: , not just http: , otherwise some malware may alter your ‘hosts’ file (which locally maps domain names to IP addresses) and thus send your browser to a phishing site even though it does clearly say ‘xxx.fsa.gov.uk’. But otherwise it seems possibly a good idea to me (but I’m not a security expert.)

Your advice to ‘always use a bookmarked log-in page’ is at odds with advice I’ve heard from a Barclays security adviser. They said you should never use a bookmarked login site because malware (e.g. a virus) can alter your bookmarks to make them go to a phishing site.

But then if I can’t use a bookmark to go to my online banking website, what do I do? Type it in every time? You must be kidding!

(P.S. I hate secure card readers, why can’t they come up with a standard card reader that works for all banks, and possibly also public libraries, video rental shops, etc, so you only need to carry one for everything, and preferably incorporate it into a smartphone so you don’t even need to carry a separate device!)

Guest
John says:
17 August 2011

I’m a big user of internet banking and I love being able to check my account when ever I want and where ever I am. That’s the point of internet banking isn’t it? So because of this I have a dislike for any bank which makes me use a card reader or similar device to enter my security details, as these devices take away the ability to use the service from any location.
I like to separate my money into different pots, as I find it helps me spending money which needs to be spend on more important things like the mortgage, so have several current accounts with different banks. As I only need cash point access / purchasing with one of these accounts I only carry one debit card. Therefore, I do not carry the other cards / card readers around with me. So I cannot access internet banking from a location other than my home with any bank that insists on forcing me to use a card reader. This is a problem for me as I work around 200 miles away from my home and stay where I work during the week.
I understand the need for a high level of security to access internet banking, but I don’t think that card readers are the answer. Tesco or santander, I think, now allows you to designate several computers as those which you usually use, so on these computers doesn’t require extra steps when you login to ensure that it is actually you. This seems like a sensible option to me, as it means you have to go through additional security when “you” use a different computer to your usual login.

HSBC (and a few others) had previously quite strongly suggested that you should install Rapport to improve your internet banking security. I’m really against this: suggesting you should a piece of software you’ve never heard of to improve your security. This read like a scam to me – I see advert on web pages which suggest you do this all the time. I glad to see that HSBC have toned down their suggestion that you should install this software – and that you do not need to install it to be covered by their fraud protection – however, their new use of a card reader means that I will be voting with my feet and leaving the bank shortly.

Profile photo of rarrar
Guest

Maybe purely a matter of definitions but HSBC’s device isnt a card reader its a “Secure Key” , you put your chosen PIN in and it generates a 6 digit code which is used in the login protocol.
You dont need your credit/debit card to use it.
When you “activate” using the Secure Key you have to provide the serial number of the device so I assume its a “pseudo-random” number generator of some sort and cannot be used on different accounts.
The one I have for Nationwide however is a card reader.

Guest
John says:
18 August 2011

Yes Rarrar, you are correct. However, the HSBC secure key is still a physical device that I must use to login, so removing the ability to logon from any location. As a side thought, most HSBC branches have a PC that you can use to logon to their internet banking website – I guess these systems will be subject to the same security controls. So I wonder how many customers they will have who complain when they turn up in branch who are unable to logon to internet banking in the bank.
Yes, Nationwide have a card reader. But, you don’t need it to logon to internet banking. You can still use your username and password / security details combination, therefore you are able to logon from any location.

Profile photo of RussellR
Guest

I am surprised to see that you think that HSBC would waste its time by scamming customers with it’s suggestion that you install Rapport – the financial and computer press writers (including Which) would have had a field day if this was the case. Agreed, no piece of software can guarantee you 100% security (which HSBC & Rapport accept), but any help is welcome.

As far as the Secure Key is concerned, if you are away from home you could carry a couple of pre-generated numbers, suitably disguised. I agree that this is slightly less secure, but if you don’t also record the answer to your login security question with it you should be reasonably safe.

Profile photo of Clint Kirk
Guest

@Russel – wrt the Secure Key, does pre-generating numbers actually work? I thought that the generated numbers depended on the time and date, as well as the PIN and the device serial number. So that once you’d generated a number, you only had a few minutes to enter it before it became invalid. As I haven’t got such a device, can anyone test this pre-generating idea?

Guest
Francis says:
17 August 2011

Santander is warning us that they will text a number/code to us when doing certain banking operations online. What use is that to those who live in a mobile deadspot? My landline accepts texts but I understand they will not allow that.
So it may be a case for voting with feet again and changing banks!

Guest
Mick Ward says:
19 August 2011

Sure extra security is a real hassle all the pins and log ons etc BUT try having your bank account cleaned out by Fraudsters (as happened to me) that is REAL hassle, it takes weeks (months in my case) to get your money back, meanwhile your bank is charging you for all the overdraft fees, bounced DD’s etc; all the forms you have to fill in, phone calls, proving you were never in 3 different locations on the same day etc, get the idea?

The more secure the better- it saves you time and hassle in the end- beleive me!

Guest
John says:
25 August 2011

Mick – can I ask how your account details were obtained by Fraudsters (this would be useful to know for the rest of us) and if a card reader or similar device would have actually made your internet banking more secure? i.e. was it a keylogger, a phishing email, a cloned website etc???

Profile photo of ahardie
Guest

I can’t say that using my Smile card reader to generate a code for use when transferring money is that big a problem. It isn’t necessary for accessing account statements etc. I’ve been using internet banking for years without problem but I welcome the additional security.
I was surprised when I opened a Tesco account that they use my mobile phone to transmit a log in code.This does away with the card reader. Fortunately my terrible home reception on an Orange mobile line had been eliminated since changing to O2. Incidentally transferring money from Tesco to Smile is instantaneous, a welcome surprise.

Profile photo of Patrick Steen
Guest

You can read more about this in our news story about our investigation into online banking security: “Santander and Halifax put online security at risk”.

Guest
John says:
22 August 2011

Do you have any statistics of how many people are affected each year by key loggers? I have to admit I have no idea how widespread this problem is….

John

Guest
Sybilmari says:
19 August 2011

I have just got off the phone from hsbc.
They phoned me and wanted me to pass security by asking me questions.
As I had no way of knowing they were who they said they were I refused.
There needs to be a unique password for each customer with which the customer asks the bank to identify themselves i.e. by giving particular digits from that password to the customer.
Only then should the customer answer the security questions.

I also have a ‘secure key’ which they recently introduced.
As I have to input a code in order to produce a random number I cannot see how this can possibly be more secure.
If someone gets hold of my code, they will probably also have access to my ‘secure key’.
I previously had a code to access my account online.
Now I use the code to access this gadget.
Therefore, it is just an inconvenient extra layer which serves no purpose that I can see.
I also don’t want to carry this gadget with me when I go away from home.
So it limits my online access.
Bizarre idea of security and convenience!!

Profile photo of RussellR
Guest

If you weren’t 100% happy it was HSBC (or any organisation) calling you, the best idea is to take a name and department then call back on the published number to be reconnected.
The Secure Key will make it difficult to intercept your login deatils online, as the number will only be of use for one login. Anyone using a keylogger will not be able to build up your code from the ‘type characters 1 & 5’ system.
I agree that the new key can be difficult to carry – if you know that you will be away from home, you could generate one or two numbers and then record them suitably disguised? Less secure, but convenient.
You should not keep a written copy of your code to access the Secure Key (or at least not with the key), so anyone finding your key would have a useless piece of electronics.
I think that the issue of a Key to personal customers was a very good step forward – I have been using them for many years with other HSBC accounts both here and overseas and have never had a problem.

Guest
omotn says:
21 August 2011

And they have made the new field you now complete secure, so you can’t see what you have typed. Given that this code will only be used once surely this is unnecessary. Making it visible would help with detecting typos

Profile photo of rarrar
Guest

When I have had phone calls from HSBC they have always provided me with partial answers to security questions and I would provide the rest of the answer.
This for me proved they were who they said they were !

Guest
John says:
22 August 2011

@Russell – Sybilmari has a point about the security of the secure key. However, I take your point about key loggers, but drop down menus for numbers achieves the same goal and doesn’t mean I have to carry another card with me. Each secure key has a serial number on the back and it is linked to your account. That means, lose the secure key – lose access to your internet banking. Really not a good system, especially if you have carry it with you to multiple locations. The card readers are a better idea, as you can always use another one as the pin number is your debit / credit cards pin number and this is used to generate a random number. This at least proves you have your card and your pin. Still I would prefer something not linked to my debit/credit card and pin number – what was wrong with security questions?

@rarrar – when HSBC phone me, yes they do have bits of information about me. Its never a security question though. Its my postcode, phone number, or date of birth – information like that. Information that is not that hard to obtain, and information that someone who was trying to steal your bank details would have available. I’m not trying to be paranoid here – it just smacks of double standards. On one hand HSBC have introduced a secure key to make internet banking more secure and then on the other hand cold call their customers with no use of decent security information to let you know that its actually HSBC.
It would be more useful if they published a phone number which they would contact you on. This would then appear on your mobile (you could even save it as a contact) and then you could be reasonably confident that it was the bank contacting you. Egg bank do something similar – the number they phone you on is the same number that they use to phone you.

Profile photo of rarrar
Guest

John
Okay I’ll accept your arguments that the questions asked by HSBC dont provide security – maybe even worse they give a false sense of security.
A challenge phrase would be useful as would a phone number to ring them back on. I must admit that the CLI number shown on my phone is always the same for HSBC .

Guest
Kasey says:
9 October 2011

I assumed that HSBC’s security key was credit card size so it can be carried around with you. As someone who is away from home quiet a bit, this was important for me. Not so apparently. The pressure of your purse/wallet on that little green button will bleed the battery within a matter of weeks ! It should be called home banking rather than internet banking. Does anyone know a bank that has a better way of doing this ?

Guest
Rob W says:
19 August 2011

Last we logged on to my wife’s Barclaycard account and paid her bill, then logged off. Then on the same computer I logged on to my account to pay my bill. Unnoticed by me, when I clicked on the tab to access my card it took me back to hers. I paid the amount due on my car to hers, with the result that I missed a payment on mine. I was able to replicate this several weeks later when I discovered the problem,

When I complained about the subsequent interest charge, I got a very robust letter back from Barclaycard, complaining that I should not have logged on to her account at all (well, we do stuff together – she was in the same room) and that they recommend a different internet browser to the one I used. I was astonished! Out of curiosity I tried again recently and the problem didn’t recur, so perhaps they were listening after all…

Guest
Salobrena says:
19 August 2011

I am very disappointed that Tesco Bank has stopped using the Card Reader. I felt more more secure with it, and it wasn’t a hassle as it only needed to be used occasionally, eg when adding a new payee.

Profile photo of dodger
Guest

I’ve been using internet banking both with UK and Continental Banks now for several years and it’s a real bonus.
I can understand the need for security measures but quite honestly, these new electronic keys are a pain, i travel to and from the continent regularly and these small keys have to be carried around and kept safe.
Woe betide you if you mislay the key (usually when you desperately need to log on) the hassle that follows is very off putting. Personally, i would prefer less gadgets and a return to memorising the codes

Guest
Internet Banking says:
20 August 2011

HSBC providing lots of security in e-banking providing digital signature in e-checks. N lots of protocols to send important data via network in different different layers…

Guest
omotn says:
21 August 2011

HSBC has produced an advertisement featuring a puzzle box which completely frustrates its owner and denies access to the savings. Bit like their security system really.

Guest
Dr B C Conochie says:
21 August 2011

For a number of years I have been using a random 6 figure number generator supplied by Lloyds to access my account on line.It lives in a drawer near to my PC and as I never use a mobile phone to access my account it is always readily available. The number changes every 30 seconds, so I think this must be a very secure method of operating one’s account on line.

Guest
Peter Hulse says:
23 August 2011

Yes, I have the same thing from HSBC. It works fine, so long as you accept the limitations of effectively doing all your financial business from one computer.

But I don’t understand how HSBC’s system knows the number that has been generated. Perhaps not so random?

Profile photo of rarrar
Guest

They are not “real” random numbers just pseudo-random numbers. 2 devices can be synchronised so that they produce the same series of pseudo-random numbers as long as both know the seed number ( PIN) that is being used.

Guest
Bob Payne says:
26 August 2011

Really good security should require something you have, something you know and something you are. Unless every device used to access systems has finger print or iris readers we cannot do the last of these. However we should not stint on the first two. Just requiring passwords and other data to be typed in does not give adequate security. You must add something like a card reader to read your banking debit card to give anything like satisfactory security. It annoys me intensely that the banks have yet to get together and agree on a common standard for such devices.

Guest
Clive says:
9 September 2011

I am amazed that Nationwide tops the poll. I have moved my personal banking to First Direct and my business banking to HSBC.
The problem with Nationwide is that often you have to use the card reader to confirm every transaction which was driving me to distraction. It got to the point where we’d had enough and despite many emails and complaints to Nationwide they weren’t interested in listening.
In our opinion the security at First Direct is good and at HSBC is excellent.
If Nationwide top the poll for security then Which have got it very wrong.

Guest
Robert says:
10 September 2011

Received a new card in connection with my Tesco savings account, had to phone them to get it activated, which is fair enough. They launched into a long explanation of their new security system which requires a new PIN and password. But I kept getting passed around and had to identify myself four times. I think this is ludicrous, I’ve always been a fan of Tesco but now I’m considering closing my account. I mean, twenty minutes on the phone, I really have better things to do.

Guest
trott3r says:
20 September 2011

Do users of non windows machine really need this since we are not infected by viruses etc?

ie Linux and Mac to a large extent along with other OSes

i dont like having more hoops to jump through when i dont use such a computer.

Profile photo of RussellR
Guest

No computer system is invulnerable to viruses, whether they be Mac/Linux or anything else. Anything produced by one man can be broken by another (and given that Linux is open source I would say that the ability is even greater than for, say, Windows which in theory at least has some form of protection).
The only reason that Windows is the main interest for hackers and crackers is that it is generally the first option for PC buyers, particularly the less technically minded 90%. If you have a Linux system you probably have some technical knowledge so may be less likely to fall for attempts to load malware.
Windows’ market share brings with it the greater risk of being attacked. This does not mean that it is impossible that other systems will be infected.
The only way to categorically ensure that your computer cannot be infected after purchase is to never ever connect it to another device or load software/data from some form of external media. And even then, you can’t be totally sure that something extra hasn’t been loaded at the manufacturing stage or (getting paranoid) in the shop which sold it to you.

Yes, perhaps I am extra cautious (and I have used Apple & Mac systems) but I’d rather pay a modest amount and accept a small performance cut to reduce the risk that my system will be compromised at some point in the future which would cost me a lot more in just time alone.

Guest
trott3r says:
22 September 2011

Yes i agree no computer is invulnerable but linux has a better user account/root account setup than windows seems to have and is less likely to be infected.

I agree that novice users are easier targets and are more likely to use windows rather than linux but there are plenty of novice mac users that are just as easy to target.

To me this keypad system should be optional rather than being forced on more experienced users like me who are very unlikely to infected.

Another reason for me to leave HSBC along with their laughable complaints procedure.

Profile photo of RussellR
Guest

trott3r wrote “To me this keypad system should be optional rather than being forced on more experienced users like me who are very unlikely to infected.”

Fair enough – as long as you also waive any right to compensation from the Bank in the case of any fraud which could otherwise have been prevented.

We are all fallible and make mistakes – a bit of technological inconvenience is to be welcomed if it saves us from ourselves!!

As use of the keypad is part of HSBC’s Terms & Conditions, you are doing the right thing in moving your business to another bank whose requirements meet your needs.

Profile photo of wavechange
Guest

I agree absolutely, Russell. Fraud costs money and ultimately other customers will pay the costs of investigation and any reimbursement of funds.

Guest
Peter says:
27 March 2012

Lets remember that most of us use banks to hold OUR cash. The modern system of financial transactions makes it almost imperative that we have a bank account, but the Banks are making money by USING OUR cash. They have a duty to secure it but passing that responsibility back to us is simply a way of minimizing their liability in looking after OUR cash securely.
When I want to use Internet banking I have to go through a secure log on procedure just to open my computer. There is a second lair of security when I access the bank’s website. Then I have to provide them with three or four separate items if secure data. At this point I think I have been sufficiently responsible in helping them to protect MY cash and I’d like to be able to access my information without the added foolishness of having to secure each transaction with a card reader. It becomes Kafka-esk when they require the card reader just to get into their website – making mobile Internet banking too cumbersome for words.

Guest

I find the enhanced First Direct security process a complete pain. It is two stage, but the problem is, like many people i have other accounts and this one requires two separate passwords and it won’t accept the ones i normally use. With other 80 passwords to manage, i find almost all other Online Banking services easier and so after 25 years with First Direct i shall leave them. I think they have been taken over by process orientated computer programmers, as opposed to being customer orientated

Guest
David Hayter says:
18 June 2016

I use internet banking frequently, including making online payments. I’m always very careful about checking bank account and sort code details before committing a payment, but I consider it very risky, as there is no check on the validity or accuracy of your entry. The name of the account entered is not used and if 2 digits are reversed and the result is an valid account then you may have a struggle to get your money back. I seem to recall many years ago entering bank details into a computer system with a check digit. This used a simple algorithm to perform a specific calculation on individual digits from the account number entered to produce a single digit result This result was then compared on entry with the check digit – usually the last digit of the account number. It was a simple way of catching mis-keying and it worked. Why isn’t it used now in internet banking?

Guest
llew says:
23 October 2016

I was told years ago that it’s vital to log out of a secure site to close the session properly. It’s not good to simply shut down the page or browser as there may still be an open link with the site. If this is the case why are logout buttons/links so difficult to find on many sites?

Profile photo of John Ward
Guest

That’s a very good point, Ilew. I frequently have trouble finding the log-out command – presumably because they do not want you to leave the site but that’s hardly a serious concern nowadays. Amazon’s log-out is particularly obscure. It’s at the bottom of a long list of options on a dropdown menu under “Hello John . . . Your account” where it says “Not John? Sign Out”. I just want to click and close, not play hunt the symbol. Some sites, like Nationwide, ask you if you really mean it. Why? . . . If I had made a mistake I would just sign in again.

Profile photo of malcolm r
Guest

If you aren’t active on your Nationwide site for a short while it automatically logs you out. Personally, with fat fingers I can hit the wrong buttons (that bl**dy Caps Lock too often) so I don’t mind being asked if I want to log out. M&S banking also do that. It is little effort to click “yes”.

I agree about Amazon – not obvious where to find it and you don’t want others taking advantage – particularly near Christmas to see what you’ve ordered.

Profile photo of John Ward
Guest

Yes Malcolm, I am in favour of the automatic closedown after a few minutes of inactivity. I have no serious objection to being asked whether I am sure I want to leave; as you say it is effortless and I know the question is coming so my mouse is poised to pounce upon it.