In my professional life I’m acutely aware of the demands of computer and software security, see this post from yesterday on my tech blog cathcam.wordpress.com as an example of things I’m currently involved in. This post though is prep for my call tomorrow with my UK Bank, FirstDirect, a division of global banking conglomerate HSBC. It made me wonder, who are they protecting, me or them?
The answer is obviously them…
I don’t use my UK bank account much, I don’t have any investments, it’s a small rainy day fund that I use to sponsor friends and family in worthy endeavors, to pay UK Credit card an other bills to avoid international banking/finance rip-off charges, like when I send flowers to my Mum on Mothers day.
Today I finally had time to set-up a payment for my lifetime membership of the BCS, The British Computer Society(*). As usual I went to the FirstDirect banking URL, put in my online banking ID; answered correctly the password question which asks for three randomly chosen letters from your password; finally I correctly answered my secret question.
Instead of getting logged in, I was presented with the following. This forced me to chose one of three options.
- Get their Secure Key App
- FirstDirect send me via snailmail a random key generator
- Login to online banking with basically “read only” capabilities
The only real option was 1.I went to install the app,first I had a hard time finding it. FirstDirect don’t provide a direct link from their website, they suggest searching for banking on the go in the iTunes and Play stores, I did. It returned over 100 results, none of them obviously FirstDirect. So I asked Google…
No go, it’s aparently the FirstDirect app is incompatible with any of the four actual devices I own, let alone the don’t have a browser/PC version, which frankly is a nonsense.
I’m guessing and open to be proven wrong that the app isn’t incompatible but it actually requires a UK provider IMEI number or similar to register with. Given that doesn’t work and options 2. and 3. were not viable, I picked up the phone and called. They won’t accept Skype calls, so that was an international call at my cost.
The conversation went something like this… security questions… except I couldn’t remember my memorable date. All I could remember about my memorable date was that I’d forgotten it once before, why write it down? Did I have my debit card with me? No why would I, I’m at work in the USA where I live, I don’t need it here.
So, after a short but polite rant, I got put through to supervisor, who called me back, we went through all my security questions again, I took a guess at my date and surprisingly got it right. She asked how she could help, I told her, I said I can’t be the only non-UK customer, she agreed, someone from overseas banking is going to call me.
(*)Interestingly, this all came about because the BCS doesn’t have an online system capable of accepting payments for lifetime memberships. This caused me to scratch my head and wonder, given I was the lead architect for the UK National Westminster Banks Internet Banking System in 1998/9, and worked on the protocol behind Chemical Banks Pronto home banking system in 1983, as much as everyone marvels at technology today, we are really going backwards, not forwards.
What a nonsense.
Update: FirstDirect called, they agreed the app is only available in the UK. We attempted to put my UK EE pre-pay SIM card in a US Samsung S3 and connect to the UK Play store, but sadly this didn’t work. The FirstDirect rep offered to send the key generator, I declined.
Looks like I’ll ave to wait until I’m back in the UK before I can install the app. Yes, of course I can hack it to work from here, but what is the point? We discussed this, I pointed out that I was watching the Tour de France on ITV4 at the time of the call. I also made the point that anyone that feels the mobile smart phones are more secure than a properly secured PC is smoking somthing. It’s fair to say that if you don’t have some form of tracking or recording software on your phone, you are in the minority.