We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Coventry BS - bizarre password setup procedure
student100
Posts: 1,059 Forumite
I'm in the process of opening a Coventry Building Society savings account.
I've just been sent a letter from them about setting up an online password, asking me to choose a password, write it down, and post it back to them! (Albeit on a form that identifies me only by a barcode).
Now I don't wish to be obtuse but this seems at odds with even their own security advice - their T&Cs say:
You must do everything you can to keep your Security Details secret. You must not allow anyone else to know or access your Security Details. [...]
You must not write, store or record your Security Details (whether in an encrypted form or otherwise), in such a way that they can be identified with you, your relationship with the Society or your account(s).
[...]
10.7 You must inform us immediately of the following:
(i) if you have forgotten your Security Details;
(ii) if you suspect someone else knows or may know or may have had access to your Security Details or Payment cards;
[...]
Failure to notify us of (ii) or (iii) above will result in you being liable for any fraudulent transactions on your account(s).
and
If you use our telephone or Online Services to manage your money, you will have been provided with additional Security Details which may include a password, Grid Card and Web ID.
Please follow this basic advice:
• Your Security Details are important – keep them safe.
• Don’t write down or share your Security Details with anyone.
Now surely writing my password and putting it in an envelope addressed to "Coventry Building Society" is allowing someone else to access my security details?
What are they on? Why can't they do the same as every other bank and send me a temporary access code that allows me to log in and choose my own password online?
I've just been sent a letter from them about setting up an online password, asking me to choose a password, write it down, and post it back to them! (Albeit on a form that identifies me only by a barcode).
Now I don't wish to be obtuse but this seems at odds with even their own security advice - their T&Cs say:
You must do everything you can to keep your Security Details secret. You must not allow anyone else to know or access your Security Details. [...]
You must not write, store or record your Security Details (whether in an encrypted form or otherwise), in such a way that they can be identified with you, your relationship with the Society or your account(s).
[...]
10.7 You must inform us immediately of the following:
(i) if you have forgotten your Security Details;
(ii) if you suspect someone else knows or may know or may have had access to your Security Details or Payment cards;
[...]
Failure to notify us of (ii) or (iii) above will result in you being liable for any fraudulent transactions on your account(s).
and
If you use our telephone or Online Services to manage your money, you will have been provided with additional Security Details which may include a password, Grid Card and Web ID.
Please follow this basic advice:
• Your Security Details are important – keep them safe.
• Don’t write down or share your Security Details with anyone.
Now surely writing my password and putting it in an envelope addressed to "Coventry Building Society" is allowing someone else to access my security details?
What are they on? Why can't they do the same as every other bank and send me a temporary access code that allows me to log in and choose my own password online?
student100 hasn't been a student since 2007...
0
Comments
-
I seem to remember I thought the same - but they will also send you a unique "grid card" and as part of the login process you will be asked to enter the content of some grid squares, which they will choose randomly. IMO secure & low tech - only possible to login to your account if you have the correct grid card, which only you have.0
-
Unless someone photocopies/photographs it... seems like a poor man's chip card & card reader!
I'm not really bothered but it does seem that their procedures are rather low tech!student100 hasn't been a student since 2007...0 -
Make sure you don't get locked out by entering the wrong login information - as I did the first time.
Otherwise, you will have to go through the whole process of paperwork again.
I must say though, that I've been very pleased with the customer service from Coventry. UK call people in UK call centre.
The grid card details, I put on Keepass on a memory stick.0 -
student100 wrote: »Now surely writing my password and putting it in an envelope addressed to "Coventry Building Society" is allowing someone else to access my security details?
No, because as you point out yourself, it's on a barcoded slip with nothing on it to identify you personally. If the slip was intercepted before it got to Coventry it would be no use to anyone else.
What are they on? Why can't they do the same as every other bank and send me a temporary access code that allows me to log in and choose my own password online?
Perhaps they consider that using a mix of media for setting up security details is more safe? For instance, if you've got a keylogger on your PC then setting up your own password online would be a distinct no-no.0 -
I've just opened an account with them and have also been very impressed with their telephone service and online access.
Yes it does seem a bit strange to write down one's password and put it in the post but as said above it's completely anonymous to an outsider. The gridcard is low-tech and effective. Much easier than carrying around a Barclay's PIN Sentry, for example.
The only downside I see is I wonder how many of us have a picture of the gridcard on their phones?
FWIW I found I couldn't register for online services via their web site - it kept giving me an error message saying "unable to complete registration at this time, please try later or phone us". I tried several times and eventually phoned them. Their helpline quickly said, "no problem, I'll put your internet ID in the post for you now". I would suggest using the phone first.0 -
Like already said it is only bar coded and no personal info, however...
I agree writting it down anywhere and anyhow is a "potential" risk.
I didnt like the idea myself. I assumed you could probably change it online once set up and I was correct.
I changed my password first day of logging in via the online system0 -
Not a good idea!SliAbhaile wrote: »The only downside I see is I wonder how many of us have a picture of the gridcard on their phones?Stompa0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.8K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 453K Spending & Discounts
- 242.8K Work, Benefits & Business
- 619.5K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards