HSBC to issue security tokens to its customers

dzug1

glider3560 wrote: »

The unit is sealed so a battery replacement isn't possible.

Those from (some) other banks have replaceable batteries so it doesn't have to be like this.

smartiedriver_2

I've had mine a month and it works fine. You register it to your internet banking, and choose a 4-digit PIN which you save to the securekey device.

You then type the PIN into the device as you are accessing internet banking. It generates a random 6-digit number.

When you log in to internet banking, you use your IB number, a secure question, and the random 6-digit code generated by the securekey device .

I's more efficient than a card reader, because you don't need your card with you, and it's highly secure as the random number changes quickly. There is no option to 'opt out' of using it.

smartiedriver_2

ngins wrote: »

Got my letter this morning and whilst I understand the legitimate need for security (with millions of customers am sure that the number of people that do fall for phishing and other scams is large), I really hate the implementation. Various forms of two factor authentication and token generators have been around for well over 10 years, and still the implementation they go for is yet another dongle.
Why this cannot be implemented as a smartphone app I don't know - Vasco (and RSA) already make Android and iPhone apps and there are other device based authentication methods out there using SMS etc for non-smartphones.
To me this is a huge missed opportunity to introduce something of real benefit to customers like an enhanced mobile banking app combined with the authentication and I guess we can only hope that there are plans to introduce something like this in the future.
For me personally this feels like a backwards step.

NGINS - not everyone has a smartphone.

spenderdave

Battery life is in excess of 5 years, and they will send you a new one well in advance of then. I have been using the business device for a few years, still working fine and very easy to use. Not received a letter yet about mine, but I don't think there will be much to worry about. I never access internet banking away from home, so those issues are not a problem here.

nickmack

I managed to get through to HSBC today and registered a complaint about this new security system. I basically told them this implementation is poor and it was extremely inconvenient to require this at login rather than just when making payments. Someone will be calling me back tomorrow to discuss.

According to the agent I spoke to, the primary reason for having this at login time is because using the existing security number, your balance could be used to gain access to your account using telephone banking. How, is still not entirely clear to me.

Strangely, from what I can gather, the telephone system or agent will not prompt you to provide the challenge response from your SecureKey once it is in use. So it appears either the telephone security will no longer request two digits from your security number or you will still need to remember this as well.

ElkyElky

I hate it and it sucks. It's a pain in the !!! that I have to carry it around wherever I go just incase I need to access online banking via my mobile phone. I used to be able to log in to online banking easily whether I was sitting in a motorway service station or on a train.

I have two choices.. limit myself to using online banking only when I'm at home or carry this awful device and run a higher risk of loosing it thus adding to my inconvenience.

I'd have rather preferred taking the chance of some criminal trying to guess my 11 digit password.

Malory

The one time passcode was actually one thing that Santander got right. It makes sense that there should be a higher level of security when moving money vs. just looking at your account.

I have a US bank that recognizes the computer you are using. If you aren't using your usual computer they call you or email you with a code before you can access your accounts. You also have to enter an additional code when you set up a new payee.

richste

I have just logged a complaint with HSBC over this, and expressed that I plan to switch banks as a direct result.

I wouldn't mind using this to set up new payments etc. but log in EVERY time with this thing? Not good.

I have also messaged first direct who I also bank with, to ask them nicely never to participate in such a scheme!

CompBunny

I recieved my secure key yesterday... I can see it being a big hassle to use as I check my online banking daily, but understand the security strengthening benefits. I won't be taking it out of the house though, as I am a scatterbrain and would most likely lose it; and like most people I don't fancy being locked out of internet banking even for a few days!

Did anyone have problems with the buttons on their device? I couldn't use my preferred PIN as one of the buttons refused to accept that I was pressing it. Its one of the number buttons with a blue box around it, and I didn't recieve an error message...it just didn't input anything.

tellmeitsfriday

richste wrote: »

I have also messaged first direct who I also bank with, to ask them nicely never to participate in such a scheme!

Have you had a reply about this query from them?

I currently have a HSBC CC and a FD bank account - if I knew FD were not going to have one of these pesky devices I would implement my HSBC pin device escape plan. (cancel HSBC card, take out FD one)

I would be interested to hear if you get a reply (either positively or negative).

Infact, I might even ring them myself