We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
HSBC to issue security tokens to its customers
Options
Comments
-
Sent this to servicequality@hsbc.com today after asking to opt out over the phone which apparently you cannot do:
Dear Sirs,
My details as follows:
Name
Acc No: ****
Sort Code: ****
I have been an HSBC account holder for around 25 years. I have used your internet banking since it was first introduced and found yours to be far easier and clearer to use than any other bank or credit card website I have used. As such it is regrettable that I feel I will no longer continue to use your services due to the introduction of your secure key.
I spoke to an HSBC representative this morning to express my concerns, and asked if I could opt out of this scheme but was told it was mandatory.
Here are the reasons I do not want to use the new Secure Key:- I have never had a single security issue whilst using HSBC online or otherwise and see no reason I should have a problem in the future.
- Inconvenient – I log on from home, work and families homes so this would mean carrying the secure key with me at all times meaning there is a chance of losing it and not being able to log on at all and it is another thing to have to remember to take with me.
- My partner has one as well so there’s a chance they will be mixed up.
- No one other than myself has access to my current log in or password and this is not kept anywhere other than in my head so it is already secure enough.
- At a time when interest rates are so low I would much prefer my bank to offer customers better rates rather than spending what must be a huge amount of money producing, implementing and posting these devices in a glossy card holder.
Please advise me as to whether this is something I can opt out of and continue to use HSBC online in the future.
Otherwise I will be taking my business elsewhere over the coming months. I expect I am not your only customer that is not happy with this, so should you stop using the secure key due to customer loss/technical problems in the future please do let me know so I may consider carrying out my internet banking with you again.
Sincerely,0 -
I contacted HSBC about these Secure Keys a while back when it was first announced. The woman I spoke to said there is a way to opt out - by agreeing to not use the online service any more :mad:
I had the warning letter last week but not received my key yet (I'm guessing once the key has been sent then the online system will keep nagging you to upgrade and then eventually force you to). I usually only access HSBC online from home anyway so I don't think it will make that much difference to me - I don't think I'll bother carrying the key with me everywhere I go.
I'm not keen on this new system but I guess I'll get used to it eventually, changing to another bank just sounds like too much hassle.
I am concerned that this new system is potentially putting even more liability on the customer though.0 -
Well, just got mine.
Didn't ask for it. Didn't want it. Can't opt out of it.
I can however change my account and let somebody who listens to me, earn some interest on my money.
Bye HSBC!!!0 -
I have never had a single security issue whilst using HSBC online or otherwise and see no reason I should have a problem in the future.0
-
I quite like the idea of us all claiming to be overseas, however I am sure they could monitor login via IP addresses, but I cant see why we couldnt through a concerted effort create some kind of petition... anyway I do hope like others that they reconsider the need to make its use compulsory for internet banking and simply offer an opt out option with restricted access and transaction privileges as with Barclays and the basic login access!
Well, if any of you think it might just make a difference... here is a petition that I have set up. I'll see how it goes and forward the results to the relevant parties of the HSBC (should we all agree to do so!)..
Sign up (or not) here.. (note: I've had to split up the web address as I'm not allowed to post links... just delete the spaces in between)
petitionbuzz .com / petitions / hsbc
0 -
john_duncan wrote: »Well, if any of you think it might just make a difference... here is a petition that I have set up. I'll see how it goes and forward the results to the relevant parties of the HSBC (should we all agree to do so!)..
Sign up (or not) here.. (note: I've had to split up the web address as I'm not allowed to post links... just delete the spaces in between)
petitionbuzz .com / petitions / hsbc
I googled "petitionbuzz hsbc" and it was second link down.0 -
Surely all they'd need to to is bounce a customer over to a verification page when they set up a new bill payment or modify their personal details. Seems no reason why it would be more difficult to hook in a verification page at that stage rather than at login.
Never this simple.
For one, they might be using an out of the box application which they can't just change simply without a 3rd party or the security mechanism would need to be wholly rewritten to accommodate because it never had this in mind at the start.
If it were possible to make the changes there is a whole lot more business analysis required to sort out where and when you are authenticated to do what (and for how long), you have to do full regression testing as well as testing the new functionality to make sure you don't break anything existing, etc etc.
Putting an extra step in the existing authentication negates all of that and uses the existing session security, one use case scenario changed, relatively minor testing and bam, you're done.
Banks are completely risk averse and won't make changes unless they really have to (look at first directs internet banking for instance).
If some senior manager told me to implement the secure tokens as cheap/quickly as possible (aka, just get it done) I know what I would do (speaking as a software IT project manager).0 -
Never this simple.
For one, they might be using an out of the box application which they can't just change simply without a 3rd party or the security mechanism would need to be wholly rewritten to accommodate because it never had this in mind at the start.
If it were possible to make the changes there is a whole lot more business analysis required to sort out where and when you are authenticated to do what (and for how long), you have to do full regression testing as well as testing the new functionality to make sure you don't break anything existing, etc etc.
Putting an extra step in the existing authentication negates all of that and uses the existing session security, one use case scenario changed, relatively minor testing and bam, you're done.
Banks are completely risk averse and won't make changes unless they really have to (look at first directs internet banking for instance).
If some senior manager told me to implement the secure tokens as cheap/quickly as possible (aka, just get it done) I know what I would do (speaking as a software IT project manager).0 -
Nice to see some people are signing the petition.
I think "Sharky Oleary" might has missed the point! Real names need to be put on an official petition and the comment "don't contact me" is not relevant to HSBC (or is it?!?!?)..I kind of get the feeling that comment may have been directed at the petition host...i.e. me.. If so, a little rude in light of the fact that it's an open petition and I have opened this as a little bit of help for others and gain nothing from it...0 -
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599.1K Mortgages, Homes & Bills
- 177K Life & Family
- 257.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards