HSBC Secure Key

malc_b

There are some good point that banks should pay attention to, but when do banks ever listen to their customers?

Co-op (business) bank has a key thing too. It has a 10 digit code I have to put in and the display is tiny, plus it isn't split into 4 digit groups its 0123456789, not 0123 4567 89. It's very hard to enter numbers as you lose your place. I fixed that with a sharper but I should not have had to do this. Such user interface issues are well know, that's why credit card numbers are one long number (Nectar cards take NOTE!).

It's all down to user interface. When credit cards needed more security the chip was buried in the card so nothing more for the user to carry. IMO banks should standardise on the card reader type that NW use. At least then you just need one reader and a card for each bank. I have a drawer full, different ones for BoS, NW, Co-op. Ideally the reader should be shrunk or different options of reader made available to the customer. How about one on an SD card that could be plugged into a laptop. That's much smaller than a hand held reader and would suit people who always carry laptops or even phones with SD card slots.

jjlandlord

mekhas wrote: »

I prefer a different balance but HSBC did not ask me or does not care what I LIKE

Why on earth do you think that a financial institution should compromise its security in order to satisfy your sense of entitlement?
Especially that I am pretty sure that you would be the first to complain the minute your account is hacked.

Let's see what you do when NatWest starts to roll out similar devices.

malc_b

jjlandlord wrote: »

Why on earth do you think that a financial institution should compromise its security in order to satisfy your sense of entitlement?

There is a comprise here. The bank should ask its customers opinion and come up with a solution that has the least impact. If instead of chip and pin the banks had given everyone security keys how many people would have gone back to using cash? The banks are just rushing out one fix after another without considering what the customer would like.

For example, what has been mentioned is paying bills. Why do I need a security key to check my account balance or pay money to an already set up bill payment? If a hacker finds out I have £3.50 or £350, or £3500 balance does it matter? And if they then pay £350 to my credit card it is a nuisance but I haven't lost the money. So there is an argument to have an easier security level for those items that do not need it. And a super security level for say new bill payments or new external money transfers. At least that way you could go on holiday and not need to take a secure key with you.

Banks don't listen to the their customers!

And don't get me started on the pick 3 letters from you password idea. A 3 letter password is not secure and it make no difference if it comes from a 12 letter password or not. The chances of guessing say a 3 number password is 1:100, that's obvious. Yes it does help with keyloggers but at the expense of making you write down the password and lowering its security.

BritRael

Doshwaster wrote: »

...I also have a card reader for my Nationwide account but that is (currently) optional - so I have just thrown into a drawer and forgot about it.

Yes, optional to log on. However, if you want to make a payment then you'll need the card reader.

jjlandlord

malc_b wrote: »

There is a comprise here. The bank should ask its customers opinion

Sure.
Bank: "Do you want your money to be safe"
You: "Of course!"

Done.
The random person has no idea about the level of security provided by a given solution. There is no need to ask opinions on such things.

malc_b wrote: »

If instead of chip and pin the banks had given everyone security keys how many people would have gone back to using cash?

Chip and pin are similar to security keys.

jjlandlord

mekhas wrote: »

In fact, I'm an expert in IT security rather than "the random person".

Right, so HSBC should ask a detailed CV of all of their customers and only ask the worthy ones.

mekhas wrote: »

The level of security may even go down with HSBC Secure Key because:
- I don't check my balances as frequently as I used to;

No impact on security.

mekhas wrote: »

- I carry a device on me which suggests that I'm an HSBC customer and it should not be difficult to log your password and steal the key;

You were probably already carrying your HSBC card around.

mekhas wrote: »

- the security key does not address any security issues other than simple key logging or password stealing, such as cookies, stealing card details, fake sites, etc.;

Exactly, it does address simple key logging and password stealing. So a significant improvement there.


I'm a Nobel prize in Physics, by the way.

callum9999

malc_b wrote: »

There is a comprise here. The bank should ask its customers opinion and come up with a solution that has the least impact. If instead of chip and pin the banks had given everyone security keys how many people would have gone back to using cash? The banks are just rushing out one fix after another without considering what the customer would like.

For example, what has been mentioned is paying bills. Why do I need a security key to check my account balance or pay money to an already set up bill payment? If a hacker finds out I have £3.50 or £350, or £3500 balance does it matter? And if they then pay £350 to my credit card it is a nuisance but I haven't lost the money. So there is an argument to have an easier security level for those items that do not need it. And a super security level for say new bill payments or new external money transfers. At least that way you could go on holiday and not need to take a secure key with you.

Banks don't listen to the their customers!

And don't get me started on the pick 3 letters from you password idea. A 3 letter password is not secure and it make no difference if it comes from a 12 letter password or not. The chances of guessing say a 3 number password is 1:100, that's obvious. Yes it does help with keyloggers but at the expense of making you write down the password and lowering its security.

It's obvious is it? So obvious you are out by a factor of 10? The highest possible 3 digit number is 999. Guess how many numbers there are between 0 and 999 - hint, far more than 100!

Why do you need to write it down anyway? I have a terrible memory but I can easily remember a 6 digit number I have to use frequently.

I do agree with your annoyance though. I accept the need for security keys etc. - but needing it just to log in is highly annoying.

adindas

Hi
Are you for real ......
I would like to collaborate with you i
Send me PM and your email then f you do not mind ... .....

jjlandlord wrote: »

I'm a Nobel prize in Physics, by the way.

smartiedriver_2

mekhas wrote: »

This is exactly where the problem is. DO NOT tell me what is better for me (e.g. paranoid security). I DO NOT want to carry any device with me on holiday or in the train just to check my balances or to make a regular payment. This is about a balance between convenient access (e.g. no security at all) and security (e.g. no access at all). I prefer a different balance but HSBC did not ask me or does not care what I LIKE, so I've left to NatWest along with all my saving and business accounts and accounts of all members of my family. :beer:

In that case, HSBC are probably pleased to see you go. I would've helped you fill in the forms!

The big banks cannot possibly ask every customer's opinion, and they most definitely cannot please everybody all of the time. This is a step towards reducing fraud and online crime, and protecting clients' data and money.

I'm sure you would be the first to squeal if your account was hacked and you lost money.

But at the end of the day, that's why there is competition within banking- if you don't like it, go elsewhere. Simple.

Nicholas

I don't like the new SecureKey either. A customer is only entitled to one SecureKey at a time which has to be linked to your account. If the SecureKey malfunctions or battery goes flat, you then have to wait a few days for a new one to arrive to continue online banking.

I accept that you could go into a branch and pick one up, but I doubt if you would get the new activation code on the spot (this is in addition to the one on the back of the device).

At least with my Nationwide account (secondary account) I have more than one card reader, and if one breaks I can always use the other one. If the battery goes flat I can replace it myself if I so choose. HSBC, on the other hand have decided to issue a device that is non-serviceable ie cannot change the battery.

I also have voted with my feet and have today opened a First Direct account. I do realise I am taking a chance on them not introducing the very same SecureKey devices in the near future. However, if they do that within the first 12 months, I can also use that as the excuse to leave and get another £100.

So after 25 years of being a loyal HSBC customer, it is bye bye.:wave: