HSBC to issue security tokens to its customers

NFH

NFH wrote: »

HSBC will be foolish if they require two-factor authentication just to log in. Requiring it for setting up new payees makes sense though.

I've just received a letter from Barclays stating that from 17th May 2011 they will be removing the requirement to use PINsentry (card reader) for transfers between your own accounts, payments to existing payees and payments to payees approved by Barclays.

If HSBC ignores Barclays' considerable experience and feedback in this area, they will suffer.

Just an update on my previous post. Barclays have delayed their abolition of PINsentry for most online operations until "late July to mid-September 2011". The Barclays link I posted previously in this thread has been updated with this new schedule. It's a shame that HSBC haven't learnt from Barclays' enhancements, regardless of the delay.

JuicyJesus

neesk1 wrote: »

Can somebody please explain why HSBC couldn't just make this compulsory for new payees to be set up - I really can't see the security risk of being able to view my balances and transfer money between my HSBC accounts. I am just being a bit dim?

Most people don't want anyone else looking at their accounts, even if it is "just" their balances and internal transfers.

I can think of numerous good reasons why people would want to keep such information private.

NFH

JuicyJesus wrote: »

Most people don't want anyone else looking at their accounts, even if it is "just" their balances and internal transfers.

I can think of numerous good reasons why people would want to keep such information private.

Fine, good reasons, but give that decision to the account holder. If the account holder does not require that level of security of privacy, then don't require two-factor authentication for read-only functions. If, as a bank, you mandate this security for protection of the account holder's privacy, as opposed to protecting the bank against fraud, then you will lose account holders to other banks.

Mr_K

Had the letter. As others have said I've no issue if its just for making payments, but just to view balances etc, it's way over the top. I'm not going to register the thing when it comes and see what happens, suspect blocking access might be an empty threat; if we all refuse to register they'll have to take notice. If online access gets blocked (has this actually happened to anybody yet ?) I've got a Halifax current account which I'll transfer everything to. Be brave and don't register the poxy thing !

scottgroovez

Urgh, just tried logging in for the first time having registered the new digipass device and just realised I'll need it everytime I login! I thought it was going to be for transactions etc only and logging in would still be the older, more convenient system. What a pain having to carry this thing around just to check balances.

I imagine this is also done to protect themselves as well as customers.

OffRoadOnly

what if the battery runs out?

nickmack

scottgroovez wrote: »

I imagine this is also done to protect themselves as well as customers.

I'd say this is mostly to protect HSBC rather than customers, although it's not always pitched that way. Fraud costs them time and money, but I still believe this implementation is poor.

dzug1

OffRoadOnly wrote: »

what if the battery runs out?

1 get a new device from the bank

2 (quicker) put a new battery in.

glider3560

dzug1 wrote: »

2 (quicker) put a new battery in.

The unit is sealed so a battery replacement isn't possible.

dzug1

Lith wrote: »

at least with TSB/HALIFAX/RBS/SANTANDER etc you dont need some 3rd party device.

Yet...... TSB already have them for business accounts