« Things worth reading: 17th August 2011 | Main | Things worth reading: 17th August 2011 »

August 17, 2011

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053620481c970b014e8ab26e73970d

Listed below are links to weblogs that reference HSBC stumble with Secure Key:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Lee

Banks seem to have it both ways with online banking. I would like to know if they trust their own secure banking systems or not.

I recently moved house. I've got accounts with Barclays, Santander, Halifax and HSBC (business account). Surely, once I've logged in successfully to my online banking account the bank trusts that it IS me that's logged. So I attempted to change address online.

Santander - Success, although even I consider their online banking to be inherently the least secure. Takes just a 5 digit number to log in for me and when you click "Log Out" the next page that loads asks you to confirm, and you're still logged in.

Halifax - I could download a change of address form and post (yes, POST) it to them to change my address.

Barclays - Required both myself and my wife to attend the bank with two forms of ID, ridiculous.

HSBC - My wife's personal account address was to their credit changeable online, my business account required me to visit the branch, whereupon I was not asked for any ID or even my bank card. I just had to fill in a change of address form. Two days later I had confirmation through the post to my new address and presumably no double-confirmation going back to my old address. Shambles.

Tereza

And when you're power-hungry smartphone's battery is dead??

Sean

BankSimple has a clever/friendly (smart) phone 2-factor security layer, but that's the advantage of having the corporate DNA of a tech company and no legacy anything.

Iang (Concepts against Man-In-The-Browser Attacks)

What is curious is that we know how to do this in other countries. The pattern seems to be quite consistent; the Europeans figure out how to do it securely, the Americans figure out how to make money, and the Brits kind of flipflop between.

The work for mobile-phone-as-authenticator started in Europe around 2006, as the MITB thing scared everyone. In the event man-in-the-browser took a lot longer to emerge, but now it's here, those who acted with due diligence are in fine shape. Those who ignored the research and warnings are ... in a mess.

Why is that?

Chris Yaldezian

Banks have been experimenting with this type of thing for years. I remember ABN doing it with the e.dnetifier...back in 2002.

Cars

Australian banks have had 2FA deployed for about 4 years using mobile phones and based on online events (e.g. payments, transfers, personal detail changes). In the last 12-18 months this has moved into the online merchant space in coop with teh major schemes (e.g MasterCard).

Will H

What would be cool is integrating it into the payment card (using e-ink of something similar).

Durga

Mobile Phone as a second factor lost its grace with invasion Zues malware for mobile devices.

Lee Qin Wei

Interesting take on brand alignment HSBC... Just thought of sharing with you guys... http://bit.ly/wzpJ6C

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Twitter FSClub

    follow me on Twitter

    Your email address:


    Powered by FeedBlitz

    Search blog


    Amazon Digital Bank

    Financial Brand Editor's Choice

    Alex: The Finanser BlogAlex at the Financial Services Club
    Gaping Void: The Finanser BlogGaping Void's Hugh MacLeod worked with the Finanser
    Wordle: The Finanser Blog

    The Financial Brand

    NetBanker

    Payments News - from Glenbrook Partners

    Payments RSS

    Tomorrow's Transactions blog

    Analytics