Blog

Secure Banking?

I, like many, use Internet Banking. It's fast, convenient, and generally safer because I don't have to worry about paper statements being intercepted in the mail.

My choice of bank is HSBC, and I've always been quite happy with their online banking website. It was one of the early leaders of banking sites that worked on a browser that wasn't made by Microsoft, and has generally worked without many problems.

A recent addition is an inline popup once you've logged in that offers some security software. Now, normally I'd say that this was a good idea. The issue I have really, is that I always see this popup every single time I log in. The software in question is Windows only, which I guess is expected, so why do I have to face the darn thing all the time? I don't use Windows, and I certainly wouldn't use it to check my bank balance!

So, I sent a nice email, explaining that there are lots of ways that they can determine the operating system of the visitors computer, and only offer the popup to those users who can actually benefit from it. I also added to the same email that their site could really benefit from some tips on safer web browsing, as I couldn't find any on their website at all. A small guide, even if only read by a small percentage of their customers, could potentially save them a lot of money, as they wouldn't have to spend time investigating various accounts, and paying for customers lax security habits.

I received an email from them this morning though, which really astounded me. I was told that they could not address my issues with their website unless they had more details from me to identify myself, such as my bank account and sort code. Now, call me crazy, but I'd really prefer not to send these very important details in on an unencrypted medium!

Quite why they need my details to read an email is beyond me. The email had nothing to do with my account, so I don't understand why HSBC would need them. And to ask me to send the details by email, well that just takes the biscuit! Anyone who has ever worked on any sort of e-commerce solution will realise that you can't just send over bank details like this by email. It's not only illegal (because you have to ensure customer data is safeguarded and secure) but downright irresponsible too, as emails are generally unencrypted, and take the matter of a moment for a well-placed computer to sniff the traffic and gain access to a whole host of details. The fact that a multi-national bank is asking me to do this is quite frankly scary. It shows a complete disregard for my money and me as a customer of theirs.

I've written back to them explaining this, and am as yet still waiting on their response. I just hope that this time round, at the very least, they'll have put a bit more thought into their answer.