In my professional life I’m acutely aware of the demands of computer and software security, see this post from yesterday on my tech blog cathcam.wordpress.com as an example of things I’m currently involved in. This post though is prep for my call tomorrow with my UK Bank, FirstDirect, a division of global banking conglomerate HSBC. It made me wonder, who are they protecting, me or them?
The answer is obviously them…
I don’t use my UK bank account much, I don’t have any investments, it’s a small rainy day fund that I use to sponsor friends and family in worthy endeavors, to pay UK Credit card an other bills to avoid international banking/finance rip-off charges, like when I send flowers to my Mum on Mothers day.
Today I finally had time to set-up a payment for my lifetime membership of the BCS, The British Computer Society(*). As usual I went to the FirstDirect banking URL, put in my online banking ID; answered correctly the password question which asks for three randomly chosen letters from your password; finally I correctly answered my secret question.
Instead of getting logged in, I was presented with the following. This forced me to chose one of three options.
- Get their Secure Key App
- FirstDirect send me via snailmail a random key generator
- Login to online banking with basically “read only” capabilities
The only real option was 1.I went to install the app,first I had a hard time finding it. FirstDirect don’t provide a direct link from their website, they suggest searching for banking on the go in the iTunes and Play stores, I did. It returned over 100 results, none of them obviously FirstDirect. So I asked Google…
No go, it’s aparently the FirstDirect app is incompatible with any of the four actual devices I own, let alone the don’t have a browser/PC version, which frankly is a nonsense.
I’m guessing and open to be proven wrong that the app isn’t incompatible but it actually requires a UK provider IMEI number or similar to register with. Given that doesn’t work and options 2. and 3. were not viable, I picked up the phone and called. They won’t accept Skype calls, so that was an international call at my cost.
The conversation went something like this… security questions… except I couldn’t remember my memorable date. All I could remember about my memorable date was that I’d forgotten it once before, why write it down? Did I have my debit card with me? No why would I, I’m at work in the USA where I live, I don’t need it here.
So, after a short but polite rant, I got put through to supervisor, who called me back, we went through all my security questions again, I took a guess at my date and surprisingly got it right. She asked how she could help, I told her, I said I can’t be the only non-UK customer, she agreed, someone from overseas banking is going to call me.
(*)Interestingly, this all came about because the BCS doesn’t have an online system capable of accepting payments for lifetime memberships. This caused me to scratch my head and wonder, given I was the lead architect for the UK National Westminster Banks Internet Banking System in 1998/9, and worked on the protocol behind Chemical Banks Pronto home banking system in 1983, as much as everyone marvels at technology today, we are really going backwards, not forwards.
What a nonsense.