OverKill Bill: HSBC’s Security Device
Published on 11 Jul 2006 at 6:00 am.
15 Comments.
Filed under Nets, Webs, Infostructure.
Around a month ago, I received a “security device” from my credit card company, HSBC. It’s a small keychain with a single button. When the button is pressed, the keychain will display a 6-digit number. The “security device” generates a unique 6-digit code to be used each time I log-on to my HSBC on-line account. The number is different each time the button is pressed. And my on-line account can tell whether I’m just faking or guessing a 6-digit number. Or whether somebody else is trying to access my account.
Frankly, I think HSBC’s heightened security is overkill for my needs: to view my monthly bill (get it? overKill Bill?).
Afterall, I don’t have a million dollars to lose.
I compare this with my BPI Expressonline account. It has been secure after more than 6 years I’ve been using it. No “security device” needed, just a password that I change regularly when prompted to by BPI Express Online.
I also maintain some rules of thumb when doing online banking:
a.) Never use online banking when in a public computer (e.g. an internet shop)
b.) Never use online banking when surfing via an un-secure WiFi connection
Security device? Ah, I don’t have the patience. But I don’t have much choice, I can’t get in HSBC’s online banking without it.
ka edong
OverKill Bill
-
Related Articles on Technobiography:
|
|
Richard on 11 Jul 2006 at 8:17 am: 1
two-factor authentication using a token device is the preferred mode of providing identity protection and non-repudiation facilities. it’s good to see HSBC providing this by default (did they charge you for the device?). our client in EU, a multination bank conglomeration, provides 2F security using such device.
ka edong on 11 Jul 2006 at 12:36 pm: 2
hi Richard,
yes, they charged P500. and I still haven’t used it
. In fact, I haven’t successfully logged into my account.
esti on 11 Jul 2006 at 1:07 pm: 3
yo ka edong, they charged you P500 for it? how come, I wasn’t charged for it. (or maybe i just didn’t see it..)
Btw, the number changes over time, I tried pressing on the device for one lazy afternoon and saw that it never changes for some time (around 30s or less) and then changes
Richard on 11 Jul 2006 at 2:33 pm: 4
ka edong. that’s what you call cross-selling… hehehe
ka edong on 11 Jul 2006 at 2:56 pm: 5
ehehe! honga, cross selling!
esti, i think they deployed it in phases. Maybe you were part of the “free of charge” batch … ewan lang .
or baka may libreng kotse yung keychain ko …
Federico Sevilla III on 12 Jul 2006 at 9:05 am: 6
I think the HSBC “One Time Password” security device is quite innovative. It provides you with all the benefits of two-factor authentication without tying you down to any particular platform, computer, or browser.
The benefits of two-factor authentication cannot be overstated. While you and many other regular eBanking customers have been able to bank safely using the standard login/password, phishing has become widespread and it is very easy for non-techie users to get caught off-guard.
While definitely not a cure-all, two-factor authentication like what is provided by HSBC’s OTP device significantly reduces the negative impact that phishing can cause.
For whatever it’s worth, I wasn’t charged for my HSBC OTP device. There are corresponding charges if I need to have it replaced, though.
ka edong on 12 Jul 2006 at 8:08 pm: 7
I remember seeing the P500 charge on the web when I applied for the device. But I haven’t seen it charged on my credit card.
Phishing? I don’t consider it a threat to me. I’m smart enough not to get duped into that.
What’s been extremely challenging (and exasperating) is *still* not being able to login to my HSBC account.
Two-factor authentication? It may work for others. It’s not working out for me. I consider it a barrier to online banking convenience.
esti on 13 Jul 2006 at 2:32 pm: 8
i agree with ka edong. the two factor authentication is a bit of a hassle to me cause i keep on forgetting the device in my office, when i have to log in during weekends at home i can’t. just one of the trade offs for having extra security. you need the device always
ka edong on 14 Jul 2006 at 11:58 am: 9
dami pala natin on HSBC. I consider myself a techie. At least techie-er than the average credit-totting Pinoy.
At kung ako na-bu-buang sa HSBC, how much more the average card-holder? Or maybe the average guy doesn’t go gaga over these things.
justpassingby on 26 Aug 2006 at 12:27 am: 10
i also have hsbc. check again because i havnt been charged P500 for the device. you will only be charged if you lost it and ask for a replacement.
i like the device because it is the best way to secure your account. you will be surprised how loose personal information circulates in this country. just this couple of weeks i have received more than 10 “invitations” for credit card and personal loan applications. they are armed with personal information including my “mother’s maiden name” which used to be the standard question to verify your identity (because presumably only you and some people close to you will know your mother’s maiden name and does not appear on most public records). i always ask them where they got or who provided them my personal and confidential info and they always have a standard answer: “we cant tell you that sir, its confidential”
ka edong on 26 Aug 2006 at 12:31 am: 11
hi justpassingby,
I didn’t get charged. No charge if you opt-in for the online billing statements (they won’t send monthly statements by mail). If you choose to continue monthly statements via mail, you’ll be charged P500.
I got locked out once again from my online account. I had to request for password reset. bummmer
justpassingby on 26 Aug 2006 at 12:35 am: 12
hi edong, hsbc has shortchanged you. i get my paper monthly statements via mail and i wasnt charged P500 for the device. same with my wife. i remember reading that the P500 charge applies only when you lose it and ask for a replacement.
ka edong on 26 Aug 2006 at 12:38 am: 13
we’ve got a conversation going here, justpassingby!
they implemented the device in phases. I guess we belong to different phases with different rules
.
Yeah, I still prefer to have a piece of paper for my monthly statements. I miss those paper bills ….
justpassingby on 26 Aug 2006 at 12:48 am: 14
you can still opt for the paper statements instead getting your bill online. if they charge you P500 you should complain. its not right for anyone to be charged for something you did not ask for. i’m sure there is a law (in the consumer welfare act prolly?) in effect that states just that. pero i still think they will not charge you. try mo mag inquire sa customer service. matagal na din ako sa hsbc and i’m really satisfied with their service
srimanta roy on 2 Feb 2008 at 2:22 am: 15
This is absolutly useless for security for online system. its only makes sense for network admins etc. not client users.
I haven’t seen any bank doing this.
It makes life just so cumbersome. I live outside india and I feel there should be an option given to users whether they want this security device, default should be not a requirement.
regards,
- roy.