HSBC to issue security tokens to its customers

Bongo_Jazz

So HSBC give out free replacements, eh? I wonder what the replacement costs them? At an estimate of £20 (more accurate estimates welcome) If I were to accidentally sit on the flimsy plastic thing every week (5 working days tilI I get the next one), then in a year I would be costing them over £1000. Potentially much more than that, if I go into a branch and pick up a new one. Even at a £10 cost, that's still £500.

A cynic (not me, honest) might suggest to people thinking of leaving HSBC over this matter that there might be another way of showing them your feelings on the matter - take all your money to another bank but leave your HSBC account open, then ring them up every so often or pop into a branch and ask for a replacement securekey. As many times as possible.

If you're not leaving, but are frustrated with the new system, presumably you could still use the crippled service but go into a branch for another replacement every so often and have it re-enabled there and then.

If enough people were to do this (the cynic might say!), HSBC would soon notice the rising replacement costs were higher than forecast and would have 2 options:

1) Start charging for replacements - which would alienate a LOT more existing customers, and would quite possibly end in a mass frustrated exodus (people hate charges - especially for something that's forced on them!), OR

2) Acknowledge that maybe these things aren't all that robust or convenient to carry around after all, and seek an alternative solution - such as restricting their need to the 'new payees' option or introducing the sms/smartphone alternatives described above.

And there do seem to be a LOT of people who are unhappy over this all over the net, many of whom say they're planning on leaving HSBC over this thing...

Just a thought (a purely hypothetical one, of course ).

soozgand

Call me the cynic then because i am leaving HSBC over this.

I have been with HSBC for 9 years was the first bank account i ever had ( I'm 24) , i recently moved in with my partner , made it joint, more money going into it, more savings etc

Anyways 3 of this flimsy little plastic pieces of rubbish have broken since this was introduced. !!!! I one of these plp that like to religiously check there bank account online and i haven't been able to do it for over a month now, I'm relying on the bloody phone.

Anyway my 4th call to HSBC was asking if i could go back to what i had before, i didn't care after 9 yrs i had no security issues. I was told no it standard now and was met with "You should really take more care of these so the don't keep breaking !!!!! I said but i do its in a tiny pocket in my handbag. The lady said leave it at home !!! I waqs like how am i supposed to do banking on my mobile or at work if its at home. She ignored me and said put in in bubble wrap !!!!!!! I just laughed i couldn't help it. She said we can't keep sending them to you it must be your account !!!! I was like what !!! No it not the bloody machine keeps breaking and i can't see half the number on screen, my partner also having the same issues. She said again it must be your account so you can no longer was internet banking !!!!! Well this made me angry as you can imagine as internet banking is my main use.

So after 9 yrs and hsbc new amazing piece of crap i have been told we can't keep sending you replacements so you can't use your online banking

I was straight down the high street signing up with Natwest to use there online facility and new iPhone app so i have access 24/7 plus take advantage of the new 2% offer

Bloomberg

soozgand wrote: »

Call me the cynic then because i am leaving HSBC over this.

I have been with HSBC for 9 years was the first bank account i ever had ( I'm 24) , i recently moved in with my partner , made it joint, more money going into it, more savings etc

Anyways 3 of this flimsy little plastic pieces of rubbish have broken since this was introduced. !!!! I one of these plp that like to religiously check there bank account online and i haven't been able to do it for over a month now, I'm relying on the bloody phone.

Anyway my 4th call to HSBC was asking if i could go back to what i had before, i didn't care after 9 yrs i had no security issues. I was told no it standard now and was met with "You should really take more care of these so the don't keep breaking !!!!! I said but i do its in a tiny pocket in my handbag. The lady said leave it at home !!! I waqs like how am i supposed to do banking on my mobile or at work if its at home. She ignored me and said put in in bubble wrap !!!!!!! I just laughed i couldn't help it. She said we can't keep sending them to you it must be your account !!!! I was like what !!! No it not the bloody machine keeps breaking and i can't see half the number on screen, my partner also having the same issues. She said again it must be your account so you can no longer was internet banking !!!!! Well this made me angry as you can imagine as internet banking is my main use.

So after 9 yrs and hsbc new amazing piece of crap i have been told we can't keep sending you replacements so you can't use your online banking

I was straight down the high street signing up with Natwest to use there online facility and new iPhone app so i have access 24/7 plus take advantage of the new 2% offer

It seems like you have had a torrid time with the new secure key. I can relate to people when they say that the key is inconvenient and that they do not want to carry it around all the time.

Personally I think that they are great, I have had mine for about one month now and think that from a security standpoint this system is as close to fool proof as you can get.

Toreador

Bloomberg wrote: »

from a security standpoint this system is as close to fool proof as you can get.

I'm not going to carry the key around with me, so since I do most of my online banking at work, if I'm to continue using it I have to leave it on my desk (no lockable drawers). Not sure how this is more secure than having a completely unguessable password.

Bloomberg

Toreador wrote: »

I'm not going to carry the key around with me, so since I do most of my online banking at work, if I'm to continue using it I have to leave it on my desk (no lockable drawers). Not sure how this is more secure than having a completely unguessable password.

The secure key is more secure than any password. The code needed to access your account is constantly changing every minute or two. If your computer had key logging software and over a period of time the hackers got your password then they have access to your account. Bearing in mind that they secure key generates a a six figure code there are one million different combinations.


Your account is now more secure than it has ever been. It would be interesting to hear from anyone who has in the past had their account hacked into. The stress and inconvenience that this causes must be immeasurable. I would be gob smacked if there was ever a case of a cyber criminal circumventing the secure key.

Toreador

Bloomberg wrote: »

If your computer had key logging software and over a period of time the hackers got your password then they have access to your account.

My computer doesn't have key logging software. My anti-virus software (2 different programs) and firewall are fully up-to-date and I'd never open anything that could contain a virus anyway.
But even if it does, by the time I'd logged on enough times for the hackers to work out my password, I'd have changed it.

Bloomberg wrote: »

Your account is now more secure than it has ever been.

True in that I haven't used my online banking since the key arrived.
But there's still a greater chance of the theft of the key than of the password (which is in my head).

jjlandlord

soozgand wrote: »

Anyways 3 of this flimsy little plastic pieces of rubbish have broken since this was introduced. !!!! I one of these plp that like to religiously check there bank account online and i haven't been able to do it for over a month now, I'm relying on the bloody phone.

I am an HSBC customer and thus have one of these "flimsy little plastic piece of rubbish".
The way they look it is obvious that they are not designed to be stomped on... But how on earth did you manage to break 3 of them?

alanq

Toreador wrote: »

My computer doesn't have key logging software. My anti-virus software (2 different programs) and firewall are fully up-to-date and I'd never open anything that could contain a virus anyway.
But even if it does, by the time I'd logged on enough times for the hackers to work out my password, I'd have changed it.

Even the best anti-malware programs don't catch everything.

IF THERE WAS key-logging software on your machine then wouldn't it catch you amending your password?

There are ways of capturing keystrokes other than computer software. The SecureKey would guard against those too.

The SecureKey seems to me to be a good idea but I am concerned that they are so fragile.

Bloomberg

Toreador wrote: »

My computer doesn't have key logging software. My anti-virus software (2 different programs) and firewall are fully up-to-date and I'd never open anything that could contain a virus anyway.
But even if it does, by the time I'd logged on enough times for the hackers to work out my password, I'd have changed it.



True in that I haven't used my online banking since the key arrived.
But there's still a greater chance of the theft of the key than of the password (which is in my head).

Not everyone is as careful about on line security as you are. Someone's computer could be fully guarded with all the latest security software but what happens if they go on holiday and need to do some banking from a cyber cafe. Even if that has key logging software the secure key would offer almost total piece of mind.


You mention about the key being stolen. If you opt for an eight digit PIN then the odds of someone guessing it would be about one in one hundred million (Worse odds than the Euro millions). With these odds they would stand more chance of guessing the generated six digit code itself. Surely this must be reassuring in some way.


Personally I only as a general rule access my account from my net book and always keep the secure key in the bag that came with it. It is not inconvenient at all.

masonic

Bloomberg wrote: »

Not everyone is as careful about on line security as you are. Someone's computer could be fully guarded with all the latest security software but what happens if they go on holiday and need to do some banking from a cyber cafe. Even if that has key logging software the secure key would offer almost total piece of mind.

Even with a secure key, there are risks associated with doing online banking on a computer that might be compromised. If a bad guy is able to install a root SSL certificate on the machine and perform DNS spoofing, they could perform a real time man in the middle attack via a phishing site that would look totally convincing to the end user. The user would need to do something requiring secure key authentication after login, but once entered, that six digit code could be immediately hijacked and used for a different purpose by the malicious webpage. The user could be engineered into giving up additional codes in succession by returning an error at login and asking them to try again.