We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
HSBC 2FA failure


Unfortunately, HSBC still "cleared" the transaction and a payment to the merchant went thru.
Merchant refunded me, but HSBC initially refused to accept that they'd done anything wrong.
Multiple calls to them resulted in me making a complaint & again, I was told no issue.
I just received my final letter, and after some investigation, they now admit there is a flaw in the system, whereby cancelled by user transactions are being pushed thru regardless (my terminology).
Their compensation offer is 75quid.
Now, I'm slightly offended by that offer, as they clearly have a significant breach of security, trust, peace of mind if their 2FA isn't working robustly.
In terms of FCA, principle 3 comes to mind.
In terms of ombudsman, given no loss, are they interested in breaches of security on a horrific scale (my terminology).
I'm perplexed.
Comments
-
Offended by free money for something you had no financial loss for?
Had they offered say £500 would you have been so keen to run to FCA?
1 -
You had no loss, they noticed a possible issue which they will fix, £75 is pretty generous to be honest.
If they need to, they will self report to the FCA
You can always go to FOS who may agree with the bank after reviewing the case in 6-18 months that £75 was fine and the bank may withdraw the offer. Or have the £75 to earn some interest or somethingSam Vimes' Boots Theory of Socioeconomic Unfairness:
People are rich because they spend less money. A poor man buys $10 boots that last a season or two before he's walking in wet shoes and has to buy another pair. A rich man buys $50 boots that are made better and give him 10 years of dry feet. The poor man has spent $100 over those 10 years and still has wet feet.
0 -
They didn't notice tho. I pointed out, after hours of repeating myself & they ignoring. Seems odd to not investigate as a result of my complaint but rather, as an after thought when doing final response.
I'm not being greedy, it's a significant security fail that could cost folks significant money, if the merchant isn't keen on refunds.
I kinda thought the forum readers would have been sensitive to that, but here we are.
1 -
MrsMeg said:They didn't notice tho. I pointed out, after hours of repeating myself & they ignoring. Seems odd to not investigate as a result of my complaint but rather, as an after thought when doing final response.
I'm not being greedy, it's a significant security fail that could cost folks significant money, if the merchant isn't keen on refunds.
I kinda thought the forum readers would have been sensitive to that, but here we are.
They are required to report something major to the FCA themselves which they will do if it's deemed serious, else they won't and will just deal with it. It's a very unlikely scenario though, how many people get to the point of purchase, put in their details and then, at the second security stage, decide to cancel the order? Distance selling regulations cover refunds so no, it won't cost anyone "significant money", indeed, you might be the only person ever affected hence they didn't realise it was possible.
You said you are not being greedy but equally are "offended" by the amount in their gesture for something that has not caused you a loss. You need to be clearer what outcome you want here - either more money or something else. They wouldn't publicly admit a problem that could be exploited by criminals until it was fixed and any losses covered.Sam Vimes' Boots Theory of Socioeconomic Unfairness:
People are rich because they spend less money. A poor man buys $10 boots that last a season or two before he's walking in wet shoes and has to buy another pair. A rich man buys $50 boots that are made better and give him 10 years of dry feet. The poor man has spent $100 over those 10 years and still has wet feet.
0 -
I can assure you, that having chatted about this to friends, plenty have abandoned the transaction when they realised their mobile wasn't to hand & therefore the OTP not forthcoming.
Maybe it's just me, but I think this flaw in their security (HSBCs words) is quite significant.
I'll check with FCA & ombudsman tho.0 -
I'm not being greedy, it's a significant security fail that could cost folks significant money,
You want more money because other folks could lose money?
yOu have received a thank you in the form of £75 for advising them.
How much do you think you should get?0 -
MrsMeg said:Maybe it's just me, but I think this flaw in their security (HSBCs words) is quite significant.
While it's understandable to consider that abandoning a 2FA check ought to cancel the transaction, the customer has already authorised it (via a 'pay' or 'submit' button) by the time it reaches the 2FA check (the decision to invoke this remaining with the bank), so if the bank chooses to proceed with it without the 2FA step completing then it's effectively at their risk.1 -
Hmmm, having spoken to both FCA & ombudsman. They say, as 2FA was not completed, HSBC should not have committed to the purchase. FCA have requested formal notification of the incident from HSBC. Ombudsman have requested similar as well as asking for volume of incidents that have been affected.
I've also been offered a substantial sum from HBSC too, so obviously something has happened to prompt that.
Thread complete.0 -
So what is the amount of this " substantial sum" you have now been offered?
You mentioned the £75, so why do you not state the amount of this new offer?0 -
Eyeful said:So what is the amount of this " substantial sum" you have now been offered?
You mentioned the £75, so why do you not state the amount of this new offer?I came into this world with nothing and I've got most of it left.0
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.6K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.4K Spending & Discounts
- 243.6K Work, Benefits & Business
- 598.4K Mortgages, Homes & Bills
- 176.8K Life & Family
- 256.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards