HSBC has infuriated some its internet banking customers with its new secure log-in keys, which were introduced this year in an effort to improve security.
The bank started rolling out the credit-card-sized security keys, which generate a unique PIN each time a customer logs on to their online account, back in March. Since then, Computing has received numerous complaints from readers who say the system is flawed.
"Archaic, annoying, too thick, no more security – better to switch to another bank if you are obliged to use it," posted one reader with the username JB.
"I realise the need for security with online banking but this is just a very annoying concept. I can see it won't be long until I lose this little gadget!" posted pompeybella.
"The 'credit card' size device is yet another thing to carry in one's wallet – do HSBC not realise how many cards etc we carry nowadays?" posted Alan B.
"You can't do anything without it. I travel constantly for work and need to access my accounts. I don't want to have to remember to carry this. I will call them and ask them revert to my old account or consider changing bank after 30 years," he added.
HSBC told Computing that customers will get used to the system and that the bank is also already exploring options for version two, which might be a virtual access key.
"Any change to the way a customer accesses their account is going to take a while to get used to. But this small extra step delivers such an increase in security to our internet banking users, that we are confident we have got the balance right.
"It's not just about the peace of mind knowing only you are accessing your accounts, it's about protecting the static pieces of personal information, like date of birth or mother's maiden name, that once lost, can never be replaced," said an HSBC spokesperson.
"The HSBC Secure Key is simply the introduction of a two-factor authentication process into our internet banking. It works by having one piece of information that remains the same [such as a username], and one that constantly changes but is based on a unique set of information for each user [such as the secure-token generated PIN]. The code is not sequential, so it can't be guessed, and expires after 30 seconds so can't be generated and used at a later date.
The spokesperson added that HSBC is already looking into replacing the system.
"This first version of Secure Key is not the final one – although we have designed it to be light and portable in comparison with our competitors' bulky card reader devices. We are already exploring options for version two that might be virtual. But we have a duty to strike the right balance between ease of use and the highest level of security our customers demand of us."
The VASCO device HSBC use is far better than the other banks offering, smaller and simple to use, I would like to see them offer the Mobile phone version as they do in Brazil.
If you find this device hard to use to pointless then you really need to reconsider if you are a good fit for internet banking, Phone or Branch banking may work better for you.
Posted by: Mike 06 May 2012
Inadvertently used the wrong secure key this morning. Figured I'd just forgot my code, since I'd not used my internet banking in a while. So now I've locked my mam's secure key and she'll have to wait an unspecified time for the lock to expire. Why couldn't hsbc do a variety of different colours so people wouldn't have this problem?
Posted by: Tasha 02 May 2012
It takes 3 weeks to for a key to travel from Jersey to the Middle East. If the device arrives…..I am waiting for the 4th time, 3 weeks at a time, 12 weeks and counting……no way to log on to my accounts. In order to talk to somebody life, long distance charges apply. Excellent service HSBC, NOT!!!!!!
Posted by: CatOne 24 Apr 2012
Just recieved one in the post today and the sreen had cracked before i'd even opened it! Cannot read the screen an I'm goin to have to wait another week to get a replacement! I'd prefer a card reader as they are more solid. Only j0ust joined hsbc and I might leave them as they are taking the p***! They are cheaply made pieces of poo!
Posted by: Callum 19 Apr 2012
Have just wasted half a morning trying to get it all sorted. It seems that it's not compatible with Google Chrome so the irritating man in India eventually decided and told me that I should use a different system. I don't want to use a different system, I just want to view my bill. The online banking with HSBC is pretty poor at the best of times and nowhere hear as user friendly as my main site. Am pretty sure that when I've calmed down I'll be ringing to close my account and I've had some form of account with them since 1988 so I don't move things without reason. Really very bad customer service.
Posted by: Alison 09 Mar 2012
Many confusions and endlessly irritating sums up my experience - not after several months. Fortunately, the personal service by phone still works quickly with charming personal individuals who explain that mky complaints are echoed by many others. I just wish the over-paid top executives would listen and not just pay excessive bonuses to themselves.
Posted by: Sir Richard Jolly 23 Jan 2012
Having just been away on a 2 month sojourn from the UK, I found that I could not conduct my crucial online banking due to this key. Further to that, on my return I found that despite their denial of access....the key still had not arrived at my address!!!
Having called today for assistance, they still could not unlock my account, yet "assured" me I would have my key in 5 days......
They need not bother, I'm done with them.
Posted by: Tom 23 Oct 2011
My internet banking is now tied to the (secure) location of the security key, whereas before I could login from a location of my choosing using the device of my choosing. VERY inconvenient. As people with technology become more and more mobile, HSBC comes across as being more and more static.
HSBC's new system is truly motivating... it has motivated me to look elsewhere!
Posted by: Peter G. 07 Oct 2011
This device is horrible and shows a complete lack of understanding on the part of HSBC UK for its customers. I moved banks. I have a HSBC USA account and they would never consider making such an unreasonable demand on its US customers - they would get their asses kicked. The UK consumer is far to easy - just go stand in line and wait your turn for the nice banker to tell you how it's going to be...wake up already.
Posted by: Joe Moser 28 Sep 2011
The point of internet banking was that you could gain access to your account quickly and easily. This fiddly thing, although on the face of it, simple to use makes me put off looking at my bank account as often as I used to and I often use telephone banking instead. I would like to change my bank but are these things becoming universal?
Posted by: Pamela 25 Sep 2011
It would help if the device was heavier; it's just too fiddly to use quickly. I, too, had problems using the key the first time as the on-line instructions were inadequate; a phone call to HSBC eventually did help but the advisor worried me by saying it was necessary to 'be quick'! Yee, no interest on my money and now this. I can, of course, use the key alright now but... I hate it!
Posted by: kay Roberts 23 Sep 2011
Good job HSBC! Of course I would have preferred HSBC accepting my X509 certificate. It could have been located on my Smart Identity Card. Hence I would have only one card to carry instead of the multiple cards (Credit, bank, trading, health, professional cards). But in the UK, we have voted against the Id Card. Therefore the Digipass/securekey is a good compromise for the moment. The website tutorial is well done and very effective. I got used to it in a few hours. This is even though I have to juggle with the systems of my 2 other banks (1 securepad and 1 USB token key). I hope one day they will also have a single common system.
Posted by: Bernard Londeix 22 Sep 2011
HSBC take no notice of the customer base and do as they think fit. This stupid device will ensure an exodus of customers. After 25 years with HSBC we are moving all our private accounts, deposit and savings accounts, financial products and business accounts to Barclays. We know dozens who are doing the same. This could cost HSBC millions in lost business. When will they learn to spot the obvious ?
Wake up HSBC before you collapse without a customer in sight.
Posted by: MD 21 Sep 2011
I agree that this system is annoying, My hubby has just had this new card assigned to him. However Barclays, which I use, also use a similar system, where the card has to be slotted in and pin entered before a code is generated that has to be typed on screen. I used to regularly check my bank account at home or work, but now the card thing lives at work and i only rarely - maybe once a month - check my account details. I would like to change banks but fear that the others are only a step or two behind. Safety and security are paramount and i understand the need for this but these devices are clunky, non user friendly and easily lost as i am on my 3rd one already!
Posted by: DS 19 Sep 2011
I hate this useless device I hate using Internet banking because of this. It is not more secure it is typical of HSBC philosophy to bully customers into submission and ignore the wishes of the customer.
Time to move to a more helpful customer-orientated bank.
Posted by: C mackenzie 18 Sep 2011
I have passed up sign on with this thing today however I needed to make a payment and had to. Its utter rubbish so much so I am think of moving banks the smart key is a real blast from the past and feels like something out of the 80's. I dont carry anything in my wallet unless I need it including loyalty cards they all take up too much room why havent they made an app instead?
Cheers
Andrew B
Posted by: Andrew Brindley 17 Sep 2011
You can not predict when and where a natural disaster, a criminal attack or a terrorist incident is going to take place. All you can do is prepare your self and your family the best you can and stay vigilant with in your community. We are here to teach you how to live with confidence, poise, and awareness to build up you and your community.
Posted by: Robert James 15 Sep 2011
Not only is this technology cumbersome - it is also broken. It is not secure. People still get hacked. There are SAAS authentication solutions that address all of the usability and technology issues. I think that banks customers should demand that they seek something better and easier to use. Check out http://www.liveensure.com
Posted by: Ross Macdonald 14 Sep 2011
Yes I got my secure key, yes easily registered, yes went to log in after...got the same message"do I want to register"... But I already have done so???? Click on how to use the secure key... Flash media...I have apple...so can't use it- not compatible. Post a message on your messages page (but be quick as it logs you off whilst writing it!). Great concept-Not very well thought out. Shan't use web banking after 20th Sept as logged out-shame really..time to change bank??
Posted by: Roy Johnson 14 Sep 2011
I have used this system and I really like it. It feels much more secure that entering a set of numbers. I must admit to being familiar with the concept from accessing my work systems in a similar way.and the HSBC gadget is comparatively quite small.
To those people who are moaning. Just get used to it, online security is not going to get simpler, in fact I believe it will probably get more intrusive and proscriptive.
(Only when we get brain implants will the online security be foolproof and entirely secure. But I'm not sure I'd let a financial institution put something in my head)
Posted by: Steve 12 Sep 2011
I've wanted this extra layer of security for ages but Halifax have not provided it. Any extra step like this will be very unpopular with some people however I'd much rather have it than not. We need to move away from plain passwords as far too many people use the same password on several sites or insecure passwords.
Posted by: Neal 08 Sep 2011
The HSBC spokesperson says" "It's not just about the peace of mind knowing only you are accessing your accounts, it's about protecting the static pieces of personal information, like date of birth or mother's maiden name, that once lost, can never be replaced,". What on earth do they mean by this? Are they saying that we the HSBC customers are so thick we can't remember our own DoB and/or mother's maiden name - or are they are admitting that they often lose this data. If the former I'm flabbergasted; this person needs interpersonal skills training and pronto!. If the latter, let's all move our accounts to a bank that is not so dumb.(note to HSBC: we can provide these items of data to you again!)
Posted by: JS 08 Sep 2011
This device in now a compromise. I now do all my internet banking on my home PC, whereas before it was about 90% from my home PC. I refuse to carry it with me as it is bound to get lost. We have three of these devices in our household as my two teenage children also supposedly use HSBC internet banking, it took them less than 24 hours to mess up these devices and now can't get online. I wonder how long before I try and use the wrong device?
Posted by: AF 05 Sep 2011
The whole point of online banking is to take location out of the equation. What do HSBC expect us to do - take the 'key' (more like a pocket calculator) with us to work, back home again and then pack it in our suitcase?!
I have requested forms to close my account. I suggest others do the same and perhaps that will prompt them to undertake their 'rethink' a little quicker.
Posted by: Tim 27 Aug 2011
I used to access my account daily. Now I do so only rarely. This ridiculous system is making me seriously consider moving my accounts elsewhere. What on earth is wrong with an Android or Apple app, and leaving this for those who don't have a mobile phone?
Posted by: Mark Pole 26 Aug 2011
Since the smart key was introduced I have used it once. I barely access my online banking anymore due to the sheer annoyance of having all these extra stages. I would much rather ring up and listen to all the irritating options over the phone. I used to be really impressed by HSBCs simple and secure internet banking system but not anymore. Seriously considering taking my banking business elsewhere. But these days, which bank doesn't inconvenience their customers?
Posted by: KH 25 Aug 2011
In the worst case, this is now an 8 step login process. In the best case this is 4 steps and requires me to remember two additional pieces of information as well as having a physical doohickey to carry around.
I gave HSBC the option of turning this off for my account or closing my account.
After 16 years with them, I am no longer an HSBC customer.
Posted by: Martin A. Brooks 24 Aug 2011
Without the physical keypad it matters not a jot if you stick your code on a post it note, online scammers can't access your account. As I understand it this system has reduced online fraud to a fraction of what it was before. Whilst Internet banking has made transactions easier for many of us, it also makes it easier for criminals the other side of the world to empty our bank accounts, so whilst I'd prefer a neater solution like a mobile phone app, I'm more than happy to have the minor inconvenience for the extra security.
Posted by: GW 24 Aug 2011
The more layers of security banks put into online banking, the more chance their is people will write everything down on a postit note and stick it to their monitor.
Additionally, which do you reckon is the source of more fraud, card cloning at petrol stations, or peoples internet logins being compromised?
Posted by: Alex Walsh 24 Aug 2011
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
