HSBC security nonsense

As has been widely reported, HSBC have rolled out a new security system for personal Internet banking. The requires you to have an Internet Banking ID, a memorable passphrase and a PIN for a small one-time code pad.  I already carry one HSBC token around with me, I have no wish to carry another. The new system is cumbersome beyond belief.  Here’s why:

Worst case logging on to my HSBC business account:

  1. Enter username that I chose.
  2. Enter password that I chose.
  3. Press button on RSA key, enter number into web browser.
  4. I am now logged in.

Worst case logging on to my HSBC personal account:

  1. Enter account number.
  2. Entry sort code.
  3. Enter date of bith.
  4. Enter 3 arbitrary characters from my security number.
  5. Obtain Internet Banking (IB) number.
  6. Enter IB number.
  7. Enter passphrase.
  8. Type a different PIN into OTP pad.
  9. Take number from OTP pad and enter into browser.
  10. I am now logged in.

At best, this process can be shortened to start at step 6. HSBC recommend not writing anything down, your IB number is “IB” then 8ish digits not in any way related to your account number. When setting this up I was asked to set two security questions and answers.

Select from drop-down “father’s middle name”

> John

< Error.

Select from drop-down “pet’s name”

> Lili

< Error.

> Lililili

< Okay!

Aaarrrrrrgghh. So I now have to remember incorrect answers to security questions.  Sure, that’ll work.  I contact HSBC:

Me> Can I use my HSBC business banking token for my personal account?

HSBC> No.

Me> Can I revert to not using this token at all?

HSBC> No.

Me> I will close my account if you cannot turn this nonsense off.

HSBC> Sorry, nothing we can do.

 

After 16 years with HSBC, I am no longer one of their customers.