HSBC are sending out their new Secure Key devices to improve security for their Personal Internet Banking customers.
The device, which happens to look like a cheap calculator from the 1980’s, generates a random PIN that you have to enter when logging on to your HSBC account. If you connect to your office network when you’re away from the office the chances are you have to carry around a “dongle” which does a similar thing.
HSBC say the benefits of the device are:
- Enhanced security – Criminals can steal or guess a password. But with Secure Key, they need your PIN number AND your personal Secure Key device to log onto your Personal Internet Banking. It’s an extra layer of security.
- Easy to use – Just switch it on, enter your Secure Key PIN code and it’ll give you a unique, one-off six digit passcode each time you want to log on. It’s as simple as that.
- Small and portable – It’s about the same size as a credit card so it should easily fit in a wallet or purse. You can take it with you and log on to your bank account anywhere you like.
It’s good to see they’re taking security seriously, but I’ve always had a feeling that these devices tend to provide more of a barrier to logging in than it’s worth for the extra security they provide.
If the best banks can somehow find a way of using mobile phones, which we’re all likely to have with us wherever we are, and have more of an attachment to than a cheap looking piece of plastic, to replace these devices then both security and customer engagement should increase.
It will also be interesting to see how well account aggregators which require login details to access accounts will cope with this extra level of security.
HSBC will start sending Secure Keys out to new customers from March 23rd, with existing customers due to receive theirs in the coming months.
If you’re a HSBC customer, how do you feel about having this extra level of security? Pleased that it makes your accounts safer, or just a nuisance? Let us know in the comments below.
I wonder how this will impact on First Directs (HSBC subsiduary)Internet banking plus? Could be very inconvienient
Natwest have offered a similar service for quite a while now, but for payments not actually at the login page. As a HSBC customer it’ll probably be a annoyance, but the reasoning is obvious. A mobile app or key fob with an ever changing code like some VPN systems use would be better!
My Daughter has a very similar device with Barclays Bank, she seems to think it’s much safer than the previous system.
If banks are doing all they can to safeguard peoples money then surely we shouldn’t be condemning the banks from introducing an added safety sytem device to individuals bank account, if this seems like an inconvenience to the personal banker just think how much of a colossal inconvenience it must be to someone trying to steal your money!
I see nothing wrong with the *idea*, but one of these days it might just possibly dawn on the banks that we are not all nimble fingered midgets who demand to be able to do everything on the move, so want some fiddly minaturised gadget that is easy to carry around.
The HSBC Secure Key is just like the card-readers used by other banks – far too small to be practical for people whose fingers aren’t as steady as they were thirty years ago, and not one of them has had the decency to offer customers a “desktop” version with normal sized buttons that we can simply plonk by the side of the computer at home, the only place we do our online banking. The so-called “Accessibility” reader offered by NatWest and Nationwide (and maybe others?) is equally useless – the screen is larger, but the keypad is exactly the same size.
I was in the process of switching to HSBC precisely because of the hassle of trying to use the fiddly little Nationwide card reader. Needless to say, with “Secure Key” on the horizon I will now be taking cheque book and debit card back the local HSBC branch and telling them where to stick them, and instead am moving to the Coventry Building Society – they don’t do faster payments, and you don’t get a cheque book, but I can live without those, and their “Grid Card” system does not involve struggling to hit the right button on some ridiculously small gadget.
My bank generates a code which is sent to my mobile via SMS this is a much better idea then having to carry around yet another device to get to my money.
I’m really not happy with them making it compulsory, if people want the extra layer of security then fine, but I don’t. I’ve been with HSBC for over 10 years and between me and my husband we have 6 accounts with them – now I’d rather go through the hassle of changing bank accounts to one without one of these stupid readers than stay with HSBC.
This is outrageous. I use internet banking regularly and I don’t have a land line, chances are this pointless gimick will not work with a broadband internet dongle.
I’ve been a HSBC customer since I was 12(!), and I’m quite annoyed at this. For me, one of the great things about HSBC has always been the ability to manage my accounts, bills etc from any computer, just using the information I (and only I) have in my head. This “extra layer of security” will be a nuisance from day one…
I’m extremely unhappy with this and felt more than protected with the old system.
To make things worse, my device has broken within a week and now will take 5 working days to replace and before I can log on again. Additionally, I have to take the old one back to a branch. Great.
Seriously considering leaving Hsbc due to this and I hope other customers do too. This would be much better if it was optional for those who wanted the extra security
If I’m honest, I quite like the idea. Others obviously disagree, but I find it very difficult to remember the ridiculously long number I need to log in, and have been told I can’t write down (although I ignored this advice). I will be getting my secure key in a month or so (why so long?) and plan to carry it with me in my wallet. I struggle to see huge security benefits – after all, if I can’t remember my login number how would anyone manage to guess it and my date of birth, but I feel it will make login easier, contrary to what others have written.
Have any of you thought about what can happen while your are traveling abroad? I’m currently in the Caribbean on a contract job for 6 months. There is no one at home in London to retrieve this unnecessary secure key. I now have spend hours on the phone to get this secure key. The mail here can take 3 – 6 weeks to come, if it ever does. I have no idea if HSBC will send my key via Fed- Ex. What happens if I loose my wallet or my secure key stop working?
Without your secure key how do you access your cash, transfer cash for any number of transactions (i.e. wire transfers to contractors, pay bills etc.)? This a royal nuisance. Please send complaints to HSBC so some of us can opt out.
This will be an intrusive nuisance with something else to carry around. How do we register a complaint with HSBC about this? I don’t understand why they can’t use an electronic solution such as Verisign VIP or something similar to that mentioned by someone else here where the code is sent to a registered mobile number or email address? I left two other banks because their device plus card requirements were so inconvenient. The only somewhat redeeming factor is that HSBC seem to have made an effort to keep the device small. I may be closing the HSBC accounts as well though; it will probably come down to how it works with an aggregator that I use. At the least, they should allow us to login and do some things without the securekey (e.g., move cash around among HSBC accounts); requiring it to just check balances and make sure upcoming direct debits are funded is a big hit to the convenience of online banking.
What is the point of HSBC (finally) implementing a decent mobile phone friendly version of their Internet banking website, only to have all of that convenience removed by the need to carry this device.
I’ve already moved my Natwest and Barclays accounts to avoid this nonsense.
It’s not like there has ever been any insecurity for me with the existing system – I’ve learnt all of my log in details.. which surely is about as secure as it gets..?
HSBC touts it this as the ‘first UK bank to introduce this level of security’, which is a ridiculous lie. As previous posters have stated, Barclays have had this for years.
I asked HSBC if I could get a second one (one at home and one at work) but was told no.
As such, it will be a very annoying nuisance. Santander offers an SMS code, which is far better. Too bad Santander is simply a terrible bank in all other respects.
I closed my barclays account when they introduced the stupid pin sentry system and forced me to carry round a calculator all day, just so I could enjoy the ‘convenience’ of online banking.
I was more than happy with HSBC’s system, I know all my login details off by heart, I can access my accounts from my laptop, work PC, even my ipod, any time I want. Now they introduce this rubbish and completely unnecessary piece of junk. I’m so annoyed! The convenience I always rated has been lost. I phoned HSBC to try and opt out and was told I couldn’t. I asked for an extra key thing, was told no. Apparently though it is convenient because it fits in your wallet! Great, what happens when somebody steals my wallet? I lose my internet banking for 5 days, that’s what! I even asked what extra security this thing gives me when my details are currently stored in my head. The answer I got was, ‘somebody could guess your passcodes’. Well that’s a risk I’d be prepared to take to keep the current system. Some people probably disagree and like it, thats fine but at least give us the choice! Morons
Absolutely ridiculous to need such a device to just see your balance or transactions.
I don’t mind having to use a device to add a payee or transfer money overseas (something I do once a year), but just to quickly log in and check my balance??
As stated above this is the mobile age where 99.5% of people have a mobile phone or a smart phone. Couldn’t HSBC be slightly more cutting edge and come up with a modern solution??
Also, no one has mentioned, that if you are a HSBC business customer, you already have another device which is not compatible with the secure key system.
Sheer idiocy.
Does it at least receive codes while you are abroad once you have initially registered it?
The Saudi American bank, SAMBA, has had an SMS code system for a couple of years. It’s highly efficient and works while internationally roaming also.If Middle Eastern banks can get this right, you’d think HSBC would have thought this through.
I happen to think this is a very good idea, I’m currently studying a masters in security and forensics so I know how easy it is to simply guess/crack most usernames and passwords. Adding an extra physical layer means hackers have no access to the device so can’t just go guess that information. This is something HSBC should have made years ago.
I am HSBC customer for 3 years and as someone above has written the convenience of being able to do banking at any computer without need to carry this dongle.
I have an account with a Czech bank – which sends a text on my mobile when I am sending money out (unless to previously approved accounts) – that’s a system that works for me. I don’t care if anyone can get into my account I just don’t want them to send money out.
I will give it a go but if it will be as unconvenient as I guess it will be I will leave HSBC. Any tips for UK banks that apply similar approach as described above (mobile phone on payments only)?
Cheers
This is extremely inconvenient…. New payments is one thing but for login as well? HSBC has conveniently launched their mobile banking website – shame the annoying piece of plastic i.e. the “Secure Key” is not much smaller than my mobile! We now have a mobile banking website which is unusable – who is really going to put this on a keyring? Personally I have resorted to using the telephone banking more. Well if we can’t access our accounts using free internet banking, we will have to cost them time and money in speaking to someone!
I have been a HSBC (formerly Midland) customer since 1985. I may have been lucky but this is the first time they have seriously annoyed me.
I can however see why they have done introduced these irritating devices. With the prevalence of viruses, malware and phishing sites they will be concerned that negligent Windows users will have their computers and bank accounts compromised. However the current system of entering 21 characters (IB number, date of birth and random digits from the PIN) provides some protection against key recording, due to the randomness of the PIN.
Security is always a balance between ease of use and protection, I think they are off balance with the introduction of this key. I can this causing many problems for older customers who have enough issues with on-line banking, and it will prove an irritation to the rest. Making it compulsory is not exactly user friendly.
I stopped using my Nationwide current account when they introduced something similar.
Think again HSBC!
This is a rubbish idea. What happens when you are travelling? If you have left your card behind? So inconvient I will leave HSBC after 20 years of loyal custom if they choose to make it such a hassle to check balances etc
I am a long-standing HSBC customer, and have seen the bank transformed from it’s days as Midland Bank. Midland branded themselves ‘the listening bank’, and for the most part, they did listen – especially to their customers. How things change! HSBC is such an enormous conglomerate company that the voices of most customers are treated often as merely irritating squeeks that dog the machine that is HSBC. This lattest gimmick seems to do little to protect taht ‘machine’ or its customers.
Putting to one side the obvious problems with the use of this device i.e. its size, inconvenience etc…there are some broader problems that render this device useless.
This device (as will all others of this nature) supposedly protect you by generating random log on codes. We are told that the device is ‘unique’ to each account, implying the random code generated is also unique. However, this seems to be a flawed a claim. There is no physical (i.e wired) link to the device and the computer used to log on, and no electronic link (i.e. wi-fi, bluetooth connection etc). Therefore, although the customer must register the device (wiht its serial number) as being linking to their account, no actual physical or electronic link exists between the device and account being accessed. That being so, HSBC’s database could not have anyway of knowing whether the randomly generated input code requested at log on is in fact a code generated by the actual device registered to the user account.
This raises a second issue. The only way the database could associated the device with the account is if that database contains all possible combinations of codes programmed into the device that is registered by each individual. The database would then compare the code entered by the account holder with the database record of possible, so called ‘random’ numbers available. HSBC has no declard that these devices operate in that manner, but if they do (as they would have to for this device to be anything other than a useless gimmick), then in fact the customer put at greater, rather than lesser risk. The security of the customer would depend entirely upon the security of HSBC’s own database…and if someone hacked that database, they would have access to both the customers personal log on details, and all possible ‘random’ codes associated with the device issued to that customer.
This device is therefore nothing more than an illusion of security which creates an inconvenient annoyance for the customer while leaving them at far great risk than is the currently the case without this silly device.
You wish to test this theory by simply entering your own randomly generated number – not one produced by the device – to see whether HSBC’s database will deny you access if all other information is correct – I will certainly test this idea.
It really just needs to be integrated into the smartphone as an app. Very obvious surely. Probably hard to guarantee security.
stupid,stupid,stupid! I cant believe we have to cart around a flimsey plastic calculator on our keyrings!, its the most ridiculous thing i’ve ever heard of, how much profit did they make last year?…..and that is all they can come up with.
PITA!
this is not good as i am away from home for 6 months and need internet banking! i cannot recieve the calculator thing because i’m travelling and i don’t want to put all my money into my main account incase my card gets stolen and used
Here is my guess at how the new HSBC SecureKey device works…
Each device has its own method for generating a long sequence of 6-digit numbers (example: divide the previous number by 13, add 5, and swap the second and fourth digits around). That method is known only to the device itself, and HSBC’s central database. That database stores, for each device serial number, (1) how that device’s sequence is generated, and (2) where the device is currently at in the sequence. When you press the green button after entering your PIN, the next 6-digit number in the sequence is generated and shown. When you type that number into the HSBC login page, HSBC updates its database to advance to the next number in the sequence, and checks that it matches the number you entered.
This process will eventually, after several years, exhaust the sequence of 6-digit numbers. Thereupon, the sequence will begin all over again.
A slight refinement is necessary. I can make my device get ‘out of sync’ with the HSBC database by repeatedly pressing the green button, but not trying to log in using the numbers it generates. To address this situation, the HSBC login page must accept not merely the very next number in the sequence, but any of the next, say, hundred numbers, and update its database accordingly.
I am horribly disappointed that these security measures are being increasingly forced upon us. Whatever the justification for increasing the customers’ burden, the fact remains that the bank is effectively reducing the service (availability of online banking) while continuing to charge the same fees for usage.
Does anyone know of a bank which has committed to not imposing such things on its customers? I for one would be prepared to move all six of our family accounts based on such a promise.
It’s a complete pain in the ass. The first time I had one of these little things it seemed really cool, but now it seems we’re being offered them from banks, Paypal and others and are going to end up having to carry around a bunch of them.
If all the banks do this I guess we’re stuck, but if it’s only HSBC I’m going to move.
Actually I think the secure key it is a good idea, I know it is another think to carry with you etc. but you have to think it’s another layer of security and maybe I’m happy with it because before HSBC introduced their secure key I’ve been using a very similar secure key for my paypal and ebay. So I think it’s good :)
I received this secure key last week and think its too big.
I have an HSBC India account as well and have a much smaller key fob the size of a small usb memory stick. This is much better to carry around and generates random numbers although and you dont have a 4 digit pin.
Why couldnt HSBC use something they use successfully in other countries?
http://www.google.co.uk/imgres?imgurl=http://www.kiruthik.com/content/binary/HSBC_IN_SEC_DEVICE.jpg&imgrefurl=http://www.kiruthik.com/default,month,2006-07.aspx&usg=__xDH8L629KSckKNO3c04ROOBTXoA=&h=175&w=298&sz=13&hl=en&start=12&zoom=1&tbnid=FWOyLZD_FIgiOM:&tbnh=115&tbnw=196&ei=LMHjTca1DYe0hAfQzZ3sBw&prev=/search%3Fq%3Dhsbc%2Bindia%2Bsecure%2Bdevice%26um%3D1%26hl%3Den%26sa%3DN%26biw%3D1024%26bih%3D653%26tbm%3Disch&um=1&itbs=1&iact=hc&vpx=349&vpy=274&dur=6189&hovh=140&hovw=238&tx=140&ty=86&page=2&ndsp=12&ved=1t:429,r:1,s:12&biw=1024&bih=653
I received my secure key just this morning – already I think it is the most annoying device that could have been invented for this purpose.
I received my secure key just this morning – already I think it is the most annoying device that could possibly have been invented for this purpose.
Just received in the post! Already looking for alternatives, if none I will definitely change of bank!
I’v been in the UK for a year, and am flabagast at the nature of a number of IT-related systems in use here. This is the worst yet. My bank (home country) generates a code which is sent to my mobile via SMS for tranactions over a specified amount – this works well. How in the world did HSBC come up with this idiotic idea/tech. How do you bank from overseas? Recommendation: change banks.
This is a dire product. What are we trying to do, fire off nuclear missiles? For goodness sake, stop this madness! In the US all my accounts are username/password. What is it with Britain? As soon as they find something convenient everyone rushes to find some way to make it inconvenient. We will be switching banks ASAP. This system is a joke.
Although, knowing Britain, every other bank will be rushing in to do something stupid like this. Anything to inconvenience the customer.
When I was sent this little piece of plastic crap I thought “hmm okay I guess HSBC know I’ve had the same security codes and what have you for 4 years and want me to simply update with new passwords, ID etc”. So i keyed everything in, and made new passwords and a security code and chucked the thing in the bin. I never heard that this is the new way to log in to my online bank EVERYTIME, I was totally oblivious of other banks doing this and had read nothing in the letters or packaging that you need to hang onto this unbelievably annoying gadget if you ever want to log in.
This is highly annoying as I’m self employed and I have to watch my banking pretty much everyday and anywhere. Where the hell am I going to stick this calculator? The phone makes so much more sense. Now I have to wait for 5 days for this piece of crap to (hopefully) arrive at my door, and I’ll be losing business in the process. Thanks HSBC.
I have just spent about 15 minutes on the telephone to HSBC internet banking because my ‘secure key’ had froze.This is one of the most stupid time wasting ideas that HSBC have had. The whole thing is extremely cheap and nasty, the keys are hard to press and the whole process takes far too long.Hopefully they will get lots of complaints about this piece of plastic and HSBC will have to think again.I have banked with Midland and HSBC since 1978 when I started working for Midland and am considering changing banks purely because of this ‘innovation’
I am perfectly happy with the way I login whether I am at home or away from it. My employer – FTSE 100 – are right now moving away from key fob style logins for remote access. So will I have to carry this device whereever I go? If this is the only way and others banks do not follow them after nearly 30 years with the bank I may have to move to one that offers security and freedom.
I am perfectly happy with the way I login whether I am at home or away from it. I had a HSBC account 2 years ago where i had to use this very annoying way to log in . This is ridicules’ as now the thief has the key to my account. The thief does not know my mind so the best security is what they don’t know. I left HSBC Singapore because of this extra aggravation to carry around and i will be leaving HSBC UK if i have to use one again.
Why are all customers being Forced to do this because a handful of non-it literate customers are having their accounts hacked into because they do not know how to secure their PCs against Virus/torjan programs. I have been with HSBC since I was a student in 1989 and will now look to move my account. A complete waste of time. There are many ways to secure accounts against fraudsters. At login in time (after user has got past initial security) they could generate a one-time use pin that could be emailed to the customers email address or SMS-ed to their mobile. This pin would then also have to be entered. I can see this fob being a serious issue for older customers. My dad has a large button BT phone that also has a large screen. Will they produce a ipad size version of this device for him ?
I, too, am livid with this new development.
I don’t carry a wallet and will need to cart this around with me if I want access to my money online. I often use internet banking at home, at work, parents or friends’ houses, internet cafes etc – this will now make it so inconvenient that I fully intend to leave to somewhere that won’t bring this system in – any thoughts out there? I cant believe you lose your internet banking service if you opt out of the fob! It’s a disgrace – Ill happily accept the risk of any monies leaving my account.
This reminds me of the time two years ago when HSBC called me 12 hours before I left for my holiday and said they’d noticed fraudulent activity on my account (ie. Myself doing lots of last minute shopping) and they’d cancelled my card. I explained it was me shopping, providing shops and amounts spent, and that I was going away that day and they begrudgingly said they’d reinstate it but I had to call them every time I wanted to use it and from that point I had ten minutes to get to a cash point to withdraw money before they froze it again. FFS!
The SMS idea sounds so much more convenient.
And while I’m at it, although this is just a feeling without any evidence whatsoever, what’s the bet that these security fobs track where you are?
I’m not convinced by the ideas put forward as to how this thing works. My guess, based upon the way similar systems work, is that it is a number generator, based on some seed. The seed would include the serial number, the date/time and maybe some other info.
Therefore the server and the dongle can produce the same number with zero contact between them, provided they’re both given the same hashing algorithm. I’ve noticed that my secure key will produce the same number a few times before changing it, which may be due to a minute having passed (although I’ve not check this). I seem to remember those RSA keys work similarly.
Of course, this is all guess work.
By the way, I agree that the thing is a complete pain. Plus, now if I get my laptop bag knicked with the key in it, there’s no more security than before.
Does anyone know of a list of banks and what login and payment security they use? I bank with both lloyds and HSBC, and lloyds has an automated phone check when new payees are added. This is great as that’s where it matters. A lot of the other so called “security measures” used by banks are done because the bosses at these banks want to be seen to be “following best practice”, like lemmings. IT security people design these without understanding human nature, so what looks good in academia and on a powerpoint does not work so well in practice because the human factor is always ignored during design.
By the way I thought Angry Little Lady’s post was hilarious, and a good example of the human factor!
This is rubbish and I will now be changing banks. Anyone know which banks offer a better method? IE SMS
HSBC had a smaller device that generated a code. I always thought this was adequate. This new calculator is FUCKING HUGE and not appropriate for a keychain. Honest to God – I’m all for dynamically generated tokens but it didn’t need to be this big. Credit card sized? Bullshit. It’s about 4 credit cards in thickness – so it’s not going in a wallet.
I am so pleased to find so many other people hating this useless piece of plastic!
As many of you have said, card readers or text messaging are a tolerable extra level of security for adding new payees but it is pretty ridiculous to ask for such measures for every time you log in.
I have about 10 accounts between business, current and savings with several different banks and being able to move money around at any time is very important to me.
Someone from HSBC rang me to try and poach my business banking and she got the full brunt of my dissatisfaction about this system and i have also complained through the my messages system (though i’ll have to log on to get the response).
For those looking for new banking Intelligent finance don’t use this system and text for new payees and i’ve found them great over the last ten years.
Can’t we just have a text service instead? These little gadgets are bound to get lost – one of my sons lost his even before he could get round to activating it, and the younger son has just spent a very frustrating half hour trying to log in, being made to change his security questions and then getting logged out again. It makes logging in at Barclays look downright relaxing in comparison. I’m going to have to keep all of the devices together on a keyring somewhere… and then someone will take them to log on and won’t bring them back and we’ll all be screwed. Dreadful idea.
@Frazer – the HSBC key tag for business banking is *much* smaller – and you just press a button for the rotating code – no need to enter a PIN.
I dont see why everyone is complaining about this device.
It may be a slight inconvenience to carry it around but seriously its really small and can fit in a wallet, also the security benfits make it worthwhile. If a malicious user has access to your computer and you login a few times over a period of time, they could easily get all your login details, including your full PIN. With this device it removes that possiblity. These devices cannot be keylogged, so the malicious user must know or guess the PIN, also the device must be in the hands of the malicious user itself to enter the PIN and generate a random key. The PIN is entered and wirelressly, but securely, verified with HSBC’s servers. The device then generates a totally random key, following no pattern or sequence, and sends this to the HSBC database to go in your password field. Upon login the HSBC servers notifies your device and it powers off, also deleting your password from their database, so effectively you have no password unless you have just generated one. This also ensures that the device must be used. It would be very difficult to have some users using the device and some not due to its complexity. Therefore everyone benefits from the added security. Also, an aggregator is an entity that logs into your account that is not you, correct? This is exactly what HSBC are trying to protect, you are making your account more vulnerable by providing copies of you banking details.
This will be a huge and pointless inconvenience and I will vote with my feet. Bye bye HSBC.
I also am seriously considering leaving HSBC for this reason. There is no way in this world I want to carry around another piece of kit. I find having my wallet, keys and phone on me hassle enough!
If I damage or lose it how am I supposed to log on to my account? Will I be charged for replacement of something I don’t even want??
I am a regular user of the internet banking service and have been with HSBC for 10 years.
Unless something is done to revert back to the old, easy to access method then I will switch banks.
HSBC you are going to lose a lot of money by doing this. I say cut your losses on the money you’ve spent on these things and go back to the old way.
You people are funny.
Hackers love your lack of care for online security as well as your identity, personal data and most of all your money.
Carrying around a calculator is nothing in exchange of peace of mind is nothing.
However, the HSBC “Secure” Key has two major security flaws:
– The prompt is the same for everybody. At UBS, you are required to enter on the calculator (after you enter your PIN), a number that is generated by the website and that is unique. not only to each user, but to each session of the browser.
– Nothing tells that the number generated is uniquely generated for YOUR bank account. There is no PIN card inserted into the calculator to identify you as is the case at UBS.
To sum up, if I were a hacker with a HSBC bank account, I too would have a Secure Key. Now, I could spy what you type on your computer, and enter the same answer to your security question as well as the code (by the way, I wouldn’t even need to have a secure key for that, just spying what you type is enough).
At UBS, this is impossible. Each prompt is different for each user/session. The code that is generated depends on your identity/account number/prompt number entered and is UNIQUE.
HSBC; go back to work !
As a traveler and only able to use internet cafes for bank transactions, the added security measure gives peace of mind because even if the hackers or onlookers get you login and password, they won’t be able to access your account.
Bank Inter is Spain gave you a small card where, after loging in, the bank gave 2 digits that produced 2 more digits from the card that you replied with. Again without this card no one could access your account. Great schemes, think the latter is more economical.
I just received mine and I want to throw it in the bin and close my account! I travel a lot and the fact I need to carry this stupid thing around me is making me so angry! The fact it has the potential to be attached to our keyrings is ridiculous!! Who would attach something to big to their car/house keys!! Grrrr HSBC should have at least made it optional. For those few who would like “added security” they could have offered this and for those of us who are happy as it stand they should have just left it as it was! I emailed them to complain and hope they get lots and lots of complaints! I also emailed first direct and asked them not to follow in HSBC’s footsteps otherwise I’d have to close that account as well!!
Outrageous. This provides a massive increase in user inconvenience. I want online access to my accounts with only the secret information in my head. If I’d wanted to use physical objects to achieve my backing aims I wouldn’t have got rid of my chequebook. I closed my Barclays account when they brought these in a few years back; now I will be closing my HSBC account. My understanding is that NatWest doesn’t use these devices – is this correct?
Been with HSBC for 15 years. The dog has eaten the first key! In the process of switching to Santander as I can’t use an account which requires me to carry this stupid device around. £55 topcashback and £100 from Santander for switching – no brainer and Santander text you a code to your mobile for setting up new payments.
to log in to hsbc online banking, i need my:
ib number,
dob,
and 3 numbers out of my 6 digit pin number.
HSBC and other banks also force you download Rapport, which is a piece of shit software i don’t need and takes up more memory than my anti-virus software.
Now they are forcing me to use this.
WTF HSBC. Give then customers what they want, but don’t FORCE THEM TO GET IT! FUCK YOU!
I for one, will be leaving HSBC if they continue with this. I am just about to to call and complain. This is a joke, I am not carrying this lump of plastic around with me.
What’s wrong with a text message or a mobile app? And why not just for new payee’s only.
Stupid.
I just called and complained.
They (very friendly) lady on the end of the call said it’s new, understands my complaints (below) and said that they are keen on taking on feedback – so please, everyone complain. I said the letter says 30days to active the key, I said 30 days to remove it or I’ll be changing banks.
My complains were:
– I can’t carry it around, it won’t fit in my wallet (or it’ll get crushed on it), it has a ridiculous key ring loop – it’ll get smashed to bits on my keys. So if I can’t carry it around, how can I use the convenient internet banking at work and at home, and on the move.
– I can understand using it to setup a new payee, but for login, it’s stupid.
– What I if lose it when abroad, and I need to make an urgent payment
– Why did you to a text code / mobile app instead
– Why can’t I opt out and take that risk on my own head
Hopefully, they will listen.
HSBC are getting worse and worse – I am angry that they are inflicting this on us without the opportunity to opt out. I have all the same concerns as everyone else.
Been a loyal HSBC customer for over 20 years – but enough is enough. Time to change bank.
Oh dear god no. I spent weeks with Barclays arguing to let them let me opt out of stupid pin-sentry. I hate HSBC’s service in all other regards apart from the excellent internet banking service. It was the only reason I stayed with them, and now this. To not make this an option is absurd. I truly hope someone from HSBC will read this and take note. I will not be researching which banks offer good IB without such devices.
Well I have this secure ID thing and after getting to step 3 (choose a memorable question), the website crashes. Now because I have only got through part of the process, everytime I go back to the website and log on, it wants me to complete the process, which I can’t. My account is now unavailable to me via the internet.
I’ve tried phoning their customer support line but the person I spoke to was so condescending (and with an almost unintelligible accent) that I didn’t get anywhere.
Just another reason for me to want to move away from the shambles that is HSBC.
I totally agree with the comments above.. I work for Hsbc and I hate the secure key.. Absolute waste if time.. I’ve already had customers in to the branch asking for replacement keys as they have already smashed or cracked theirs in their wallets.. Wrking for Hsbc does not mean I have to agree with our products.. And I too have switched my bank account ..
I was quite annoyed when I heard this would be compulsory. Like many others I like the flexibility of being able to log in from any computer at any time. Now I’m essentially anchored to my home computer as I don’t have a wallet (I keep my cards in my Oyster pass – this will hardly fit in there).
In the past I’ve needed to make urgent payments which will now need to wait until I get home, or I have to permanently carry around this stupid device. The only thing it’s a “handy size” for is me inevitably losing it. Having read some of the other comments here I’m also worried about this breaking and freezing me out of my account for up to a week as a result.
I just logged in for the first time using it. I couldn’t use my father’s middle name as a preferred security question as it was too short (perhaps he should add a few zeros to his birth certificate to make this more easier in future) and as I don’t drive or have children, was limited to the security questions I could use (how about allowing us to set our own questions?). When I went through the whole process and tried to log in (which now takes twice as long as a result), guess what?
It didn’t work.
This essentially is the end of flexible internet banking. I for one resent this; I’ve always been careful with my data and there is no way on Earth anyone would know my absurdly convoluted passwords and security questions. I don’t see how this makes my account anymore secure and it is certainly a lot less convenient.
Either replace it with an SMS service or make it voluntary, or you’ll find a lot of customers voting with their feet.
I too echo all the above complaints. Am currently in the process of switching to Santander and getting paid £100 for it!
Goodbye HSBC, it was nice knowing you!
Internet Banking is all about convenience and accessibility. This COMPULSORY feature reduces both of those.
I am afraid that they have severely disappointed me.
2nd to last thing that I need is increased inconvenience when logging onto my banking.
The last thing I need is something else on keys (especially that unwieldy)
Thanks for consulting the customer HSBC.
Livid.
We had to put up with this nonsense on our NatWest business account for a couple of year – and now HSBC want to make my personal banking a nightmare too.
Can anyone recommend banks we can switch to that won’t be implementing this technology?
(27 years customer of HSBC… first time I’ve wanted to switch)
For complaints (apparently):
servicequality@hsbc.com
My (now daily) complaint has been sent via the “my messages” system.
I actually genuinely forgot my key today, so couldn’t check my balance, nor make a payment, at work today. Terrible idea!
It’s somewhat ironic that the only bank that seems not to provide the facility of changing internet passwords / user ids now demands that we change it on every use. (Can anyone tell me how to do it on the present system?)
Clearly the issue is to do with theft – the only “risky” transactions are those of adding new payees to the profile or making “one time” payments. Lloyds TSB provide the required additional layer of security for these transactions by allowing the pre-registration of both a mobile and land line telephone number.
So when a risky transaction is being performed, an automated call is made from Lloyds to the client selected telephone number. The client must then relay the the 4 digit one time password that has been displayed on the screen by either saying it or indexing it on telephone keypad.
This additional security layer adds about 20 seconds to a process that is performed about 3 times a year by the typical retail client.
It’s a no-brainer frankly. As a client of HSBC (and H&SBC before that) for close to 50 years it’s got me into the divorce mood too.
Now
Just received this device today, not impressed. Thirty days of straightforward banking left.
I have just had a look at First Direct ( part of HSBC), they don’t seem to use these things. Hmm maybe a change is due, after 35 years!
This is a PAIN. and will reduce use of internet banking.
Has anyone got a protest group going? I have written to HSBC to complain..but would like to join forces with others .
It’s a step backward
I had already been looking for somewhere less ridiculously security-minded to bank after my Visa card was stopped because some cards with ‘similar last numbers’ to mine had been cloned-which meant being unable to access my account for five days until I received a new card.
Now this blessed security key is being forced on us. So – not only do I have my usual PIN to remember (easy enough), but in order to log in to my account I have to remember yet another PIN, find this silly little ‘key’ and fiddle about with it (with arthritic fingers) then tell them my grandfather’s middle name! These people should work for the Secret Service!
I thought online banking was supposed to be more convenient. As others have said above – time to look for an alternative to HSBC.
Can’t believe this nonsense is being foisted on us – very, very unimpressed.
I strongly object to the introduction of the ‘securekey’ without my consent. This is an example of ‘pretend security’ which will limit my access to my account without resulting in any increase in security at all. The advantage of a PIN over a key is that you can’t lose it, drop it in the water or have it stolen.
This is a system which could only have been invented by someone who always sits at the same desk; I work on building sites, sail, canoe, travel in the mountains and use the internet from my phone. My wallet is already stuffed with bits of plastic; I have a bulging keyring and have difficulty keeping my car keys dry, let alone looking after this flimsy and pointless gadget as well.
As far as I understand it this device will simply introduce a new security risk, a new thing which can be stolen because it is a physical object, not a memory in my head like the existing security.
I don’t want one and I will be moving to another, more secure bank.
This cheap thing they say is as big as a credit card. Well its actually smaller but 10X thicker. Its not really easy to put in your wallet. I also bank with Halifax and Virgin money and their system is a lott better and offers the same security with double passwor for halifax and a second login sort of password using a picture key with vorgin.
The people at hsbc wwho thought of this current system should be sacked.
This secure key is a nuisance and a burden to carry with you everywhere you go. They should revert back to the old system and implement other alternatives like that of halifax and virgin. Or there should be a choice of opting out. I will leave hsbc in a few montbs time if they dont do something about it.
Forgot to mention, just like other previous posts, I have already written to hsbc about this issue but got no reply. If anyone knows of a group or website making a protest against the securekey, please let us know. My friends and I want to jpin forces. Ta
What a horrible piece of nonsense the worlds local bank has dished up!
It is way too big, way too cheap and will end up being left exactly where you are going to need it – next to the PC – which will rather defeat the objective of the whole exercise!!!
I am strongly considering changing banks after this waste of money …. fond one that has embraced RSA type tags or something more sensible.
What a bunch of w4n&3r$!!!!
Mine came through the post today, called HSBC to see if I could opt out, I could but I would loose access to online banking. Having to carry this around is too much of a hassle for me so I took a hammer to it (after 5 bashes it still worked) and finally mangled it with a pair of heavy duty wire cutters. I’ll wait until HSBC force people to use it and then move accounts else where. BTW HSBC expect it back in the post in the next few days, oh and it would have been ok to use it just to set new payees up and perhaps transfer money over say 100 put for everyday overkill!!
I have received my through today. The benefit of HSBC Internet Banking for me is that I have all my current and savings accounts, my wife’s accounts, our joint accounts, our mortgage, and also my business accounts all available in the same place. I like to be able to log-on to my account when I am away or abroad. I also like to carry a light wallet with just a few cards and this awful device simply does not fit in.
I have sent HSBC a message through their online portal, and have signed the online petition, but frankly will be surprised if anything much happens – they don’t seem all that interested in providing what customers want after all.
After 18 years with the same bank, I will be looking elsewhere now.
Well, it’s all been said.
The way this junk works:
1. HSBC have the Serial Number of your “Secure Key” on their database, matched against your IB login ID.
2. The Serial Number of the “Secure Key” is a variable/parameter in an algorithm which generates six digit codes that follow a strict sequence, which the website knows, because it knows the Serial Number and the algorithm.
3. The website reads the code you type in, and crosses it off the list, expecting the next one in the list to be typed in, by you, the next time you log in.
SO – someone will soon crack the algorithm (if they haven’t already). Then all a thief needs is your password and the serial number on the back of your “Secure Key”. Or if they have managed to break into HSBC’s databases, they won’t even need to see your “Secure Key”!
Without your password, a thief can do nothing – with or without this 1960s style gimmick – so WHAT IS THE POINT?
COMPLAIN TO SERVICEQUALITY@HSBC.COM
PISSED OFF, ‘CAUSE ONE OF THE REASONS I LEFT NATWEST WAS BECAUSE OF SIMILAR NONSENSE.
Got the secure key, followed the instructions to set up and got it working.
Next thing I put it in my wallet, as “It’s about the same size as a credit card so it should easily fit in a wallet or purse. You can take it with you and log on to your bank account anywhere you like”.
Next time I wanted to use it, the cheap bloody thing was completely useless, because the LCD screen had spilt all over (same thing that used to happen with the old Game & Watch machines when the screen was pressed too hard).
I called HSBC to report it, and now I have to wait 5 working days before I receive a new casio thingy & can access my account online again.
Of course opting out was not an option.
Frankly speaking, this is a stupid idea. Whoever came up with it should be fired.
(End of rant. Feeling better now)
great idea in 1990.
sms via mobile is cheaper and simpler and would deal with the level of security.
5 hsbc accounts all n line… 4 kids… all on line,
where can i move to without a secure card
started a we hate hsbc secure key facebook page. need a new bank
Received this today and immediately obvious it’s going to be a complete hassle. I intend to switch all the accounts I need to access regularly immediately to a rival bank with a better system. Very poorly thought through and badly implemented process/technology.
Well theyve just lost my whole family as customers. Great job HSBC.
Now I have to get down to the business of moving all the family accounts. Should take all of 5 minutes to arrange!
I have decided to send HSBC a friendly email every time I am inconvenienced by the Secure Key. Perhaps all HSBC customers should do the same…
Google “hsbc internet banking feedback” and use the following:
Hi HSBC. Today I was inconvenienced by the Secure Key because . Please find an alternative solution. Thank you for your cooperation.
Copy this status to your facebook page and spread the word
Every hsbc customer should complain about this forced introduction to waste our time. Im not going to carry this calculator crap in my wallet, it will make it twice as big and when i sit down I will crack it then be out for weeks trying to get a new one. I can’t believe you can’t opt out. I hate banks, they rip you off then force you to do things you did not sign up for. Just look after my money without making me do these stupid tasks every time I log on.
Not happy about it at all. I’ve called to say so too. After dealing with the HSBC for 13 years and no complaints, I will be looking to switch accounts as soon as my concerns of the hassle factor this will be are demonstrated.
Ive just registered my secure key and yes I know its going to take a min or so extra to log into my account but I think its a good thing. Look at how playstation was hacked and no one saw that one coming. Criminals are getting more and more smart as is the technology for them to commit the crimes. i say bring it on if it stops someone getting my bank info then I say its only a good thing and thank HSBC for thinking about and trying to protect its customers.
And for all those who say they forget to take secure key to work why would you its WORK and checking your bank balance online is not really work and would think that most employers would deem this as gross miscounduct!!!
mel2011 – I get this magical thing called a lunch break. I also do this thing called getting into work early. You should try both sometime. I also use various computers on the go, and at different locations. By the way, this device is quite easily – for the smart criminal – crackable. Something like a text/email/phone app could be much more secure.
At the end of the day, if you are stupid enough to use an unsafe connection, or click an email scam, then you deserve to have your online bank hacked – if you leave your car keys out next to your car, expect your car to be taken.
James in the environment I work in even on breaks or working in own time the use of company equipment for personal use is a big nono!!! So i must work in a very strict place compared to you all. My computer always has up to date virus software but for me I like the extra security it will give me however as I said before I have only just registered it so perhaps the novelty will wear off and it may become another thing that pisses me off daily.
mel2011 – You cant assume everyone works in the same working environment as you do. This way of thinking is similar to what HSBC have done when they decided that this solution fits most people’s lifestyles. I access my IB equally from both work and home. I also access it on the go, be it from the ipad, from the laptop and from secure terminals. The chances that I will need my IB at one of these locations and not have my SK are pretty high.
I had an email conversation with HSBC when I first received the letter about the Secure Key. As an IT manager and software engineer, I felt that the solution was a backwards step for technology and that a mobile app could be developed as an alternate solution. A large percentage of people have access to a smartphone or can receive an SMS code (I dare say most people that access internet banking, also own a mobile phone). I suggested that a mobile app be developed for those that want to use it, and was told that this was more difficult to implement then the SK (I would paste the conversation but my SK is at work so I can’t log on to my IB – the irony). The excuse that an alternate solution is more difficult is not an excuse in the IT world. This sort of challenge is what people such as myself go to work for. This sort of alternative might take a while to design, develop, test and release but HSBC should really give people the ability to opt out of this one-size-fits-few solution until something better is released.
mel2011 –
First off – hope you’re not browsing this from work, you might get your P45 tomorrow.
1. It’s not about the extra time taken to log in – the problem is that you are dependant on a PHYSICAL OBJECT to access your internet banking. As long as my head is attached to my body, my password goes with me wherever I am.
2. Playstation was hacked remotely – see my previous post (Yorkshire Joe) – a system similar to this “Secure Key” would not have prevented it.
3. You are worried about people getting your “bank info” – shouldn’t you be worried about people getting your MONEY?
4. Stop deviating from the point talking about “company equipment”, “personal use” and “big nonos”.
5. “Virus software” is just another age-old scam.
6. In your last post you refer to the Secure Key as a “novelty”. I couldn’t have put it better myself.
Bye for now.
Hamiora – Speaking as a software developer, I couldn’t agree more. What can we do to convince HSBC it’s rubbish? HACK IT? LOL
@hamiora yes I’d be well up for a mobile version I too use access the bank on my iPhone but it will all come down to the cost expenses of the bank to set this up. I see all of your points and yes the comments on here see some people are for and against it I read on hsbc website that if you want to opt out then you’ll no longer be able to access IB any longer!!! Seems a bit excessive to me!!! Surely all banks will soon follow (those that already dont have something similar) maybe as you’ve all said your complaining hsbc may reconsider the option to opt out hopefully they will be able to come up with a solution so everyone with different lifestyles is happy. it’s incredibly easy for me to use as I only log on at home as I said before so other than a few mins extra it’s not really a big deal to me but I can understand how this to you all is a big thing @Yorkshire Joe lol good job I’m not at work
I like no nonsense banking and this bloody thing I’ve been send looking like a cheap piece of plastic that’s sure to break within a week is far from my ideal banking solution and where’s my freedom of choice it’s not the point that HSBC has brought this out it’s being told you have to use it and that’s it I dont take to kindly being told what to do.
I received this and have today tried to activate it only for it to crash every time I try so now i can’t access my bank account at all which means I can’t process my payments and transfer my money just great as it’s payday tomorrow and my payments need sorting out!! What a stupid idea, the woman when I rang tried to talk me through deleting my internet history and resetting my router to get it to work!
How STUPID!!
I’m seriously contemplating moving bank after 15 years service. Absolutely ridiculous!!!
The screen on my secure key has already broken after 5 days. Kept it in my wallet but the key is stiff unlike a credit card which flexes a bit. Suspect most men will break it very quickly when they put their wallet in a pocket. No access now for 5 days. Hhopeless
My other bank has sent its clients a card reader. You can just slide your credit or debit card into the reader which in turn plugs into a PC via a USB connection. You then fire up the bank provided application that requests you to enter your debit or credit card PIN. I guess that the application communicates with the chip on the debit card and perhaps has an encrypted chat via the internet with the bank’s authorisation system… but in the end you get logged onto you bank’s internet system. It’s a little bulky but you can get a second one or use somebody elses… It is your card that is unique not the reader. I’m still looking for that bank though.
Ken Self – are you suggesting that carrying around a bulky card reader which needs to be plugged in to the computer is an viable/acceptable alternative?! Come on, man!
Best thing anyone can do is change their password regularly and make sure they remember it. Not difficult.
I wish HSBC would make this “inSecure Key” optional. I Really Do…
No Joe, I’m not suggesting that. I’m suggesting that there should be such a thing as a generic smart card reader that allows us to use our many chip embedded cards to securely identify ourselves on a variety of web based applications. It certainly need not be carried around as there would be nothing unique about it.
It’s not easy for the average user to change many passwords regularly and commit them to memory bearing in mind the dangers of using the same password across the spectrum of applications. Not that that’s possible anyway as some applications have password rules that exclude others.
The truth is that there is a serious threat out there but I agree that HSBC hasn’t come out with a great solution. And, had they limited is use to the two functions (adding payees to our beneficiary profile and making one time payments) then it would probably have been acceptable to most of its clients
Appalling thing. Internet banking is now over thanks to hsbc scum. Fucking idiots. I will close my account tomorrow and move to an altogether less wanky bank.
Ken Self –
I’ll tell you my approach to passwords:
I remember an unchanging ‘masterkey’ and make it a constant in a formula (the formula I can write down, and place ‘X’ where the key goes).
eg let’s say
my IB password is 12345678
my key/X is 98765432 (this key exists ONLY in my head)
SO, the formula I write down is
HSBC IB password = X – 86419754 = 12345678
Most important passwords I change every so often, and I use these regularly enough to get used to them after 2 days of reminding myself with a scrap of paper which is useless to anyone except myself.
A simple, easy and cheap solution to security issues which I would recommend to everyone, including the security “professionals” at HSBC.
By the way, that’s a simple example! I use a modified version for passwords which require UPPER and lower cases.
The number of people on here complaining about extra security being added to their accounts is astounding, you pack of blithering idiots. Are you all really so molly coddled and lazy that carrying a tiny device and spending an extra few seconds logging in is such a terrible inconvenience it’s worth switching banks over. This has been done for your benefit and to save everyone involved money and hassle.
As someone who deals with web security professionally I firmly believe people like the ones complaining here should be banned from the internet, they make it less secure for everyone else and I hope scammers and phishers empty every last penny from their accounts.
Cynic – as a systems engineer/web developer, I know that there is NOTHING more secure than changing your password regularly. Systems should help people to do this, and it’s up to people in the know to educate people why it’s important.
Do you REALLY believe that the “Secure Key” makes things more secure? Please see all my previous comments!
Once again – the extra TIME taken to log in is NOT the problem for me – it’s the fact that we need to rely on a PHYSICAL OBJECT to access our IB.
WHY CAN’T THEY MAKE IT OPTIONAL? I’d be perfectly happy to sign a disclaimer.
Cynic – if you really believed that expressing valid points means you qualify for being banned from the internet, then I suggest you go and live in North Korea.
I just got a very nice response back from HSBC customer service. Sadly, they won’t be changing, but I think if enough people carry on mentioning how bad this key is to servicequality@hsbc.com then they might take some improvements on board.
this is such a stupid idea. i think that there was enough security before they invented this horrible peice of plastic. Mine has stopped working so now i have to wait 5 days before i can get another one. That means no internet banking for 5 days and it’s how i make payments all the time. It’s caused way more hassle than what it is worth and i think you should have the choice whether you have the extra security or not. Proberly going to change banks just so i don’t have to deal with the hassle of a cheap and tacky peice of plastic that doesn’t work.
At least it proves that what they say about bankers is true and they have fat wallets…well they certainly do if they carry around this secure key device!. A real step backwards for consumer convenience and a lot of other banks have better ideas for security improvement. I believe HSBC have got this wrong and it’s REALLY annoying!.
Cynic, it’s not carrying around one tiny device I object to, it’s that I have to carry around several single use devices (HSBC, my work’s VPN, client VPNs, …) when all of them could be either apps on my phone or sms based services. I haven’t carried a separate calculator since the 1990s. Nor a separate organiser/diary. I don’t even wear a watch anymore.
I’ll gladly use any device(s) that they issue, if they weren’t making them so monumentally inconvenient. If, like the other banks, they were using a card reader for this purpose, that you put your debit card in, I could have one at home, one at work, one at my parents etc. But HSBC are determined to issue only one device per account, so into my pockets it goes, or I lose internet banking.
I am actually a Barclays customer and dont have any particular issue with their similar Pin Sentry system but was appalled when my mother tried to log on with the HSBC device when it arrived in the last few days. She is 86 and severely arthritic but always been computer savvy and a big user of internet banking. This tiny, fiddly device is however virtually unusable for her but it seems she has no alternative other than to either switch banks or revert to using cheques and requesting statements etc. I suspect many other elderly users will have the same issue. Very poor.
@Cynic – it seems you continue to be rather outnumbered in this forum! A lot of people here are voicing VALID (and NON-cynical!) concerns about the Secure Key.
Bye for now.
I am a Canadian who has an HSBC account in the UK, have done for many years now. The only problem I have with the bank in this instance is that I am now locked out from checking the transactions made to that account. I like the idea of better security, who doesn’t these days?, but surely it would have made more sense to allow me to have access until I at least received and activated the gadget before locking me out this way.
One more thing, is the bank supplying this Secure Key free of charge, or will they charge for its use down the road? Banks are not know for giving us anything for free, let’s face it.
Apart from all the faffing about, has it not occurred to HSBC that if i’ve got my phone in one hand and my Secure Key in the other, that I am far less secure and entirely vulnerable as it’s very obvious that I am accessing my account details?!
That’s a good point Jodie. And maybe it’s all about the free advertising they’ll get while you wave the HSBC logo around
I am now on my 3rd key and I’ve only been using it just over a week. 1 cracked in my wallet (the screen), the replacement I got from branch (incidentally, just walked into the branch, no ID nor even that I was and HSBC customer was taken from me) locked out because they didn’t reset my account properly, so hopefully, today (after queuing at a branch again), will work.
I’ll echo what people said – I’m all for additional security, but I don’t believe that this device actually gives us much more – there are far more secure and far more convenient online banking systems out there, and if HSBC don’t sort this out, I will be leaving them (I’ve given the deadline of the end of the month).
Why they didn’t do an SMS/Email code is beyond me. Someone in their IT strategy department needs firing.
Unlikely that anyone’s voice here will be heard, unless you make yourself heard at the AGM. remember that even if their IT strategy is wrong, they have spent the shareholders money and now have to defend their decision at all levels. If the majority of HSBC customers in the millions don’t complain then it will be considered accepted.
Lloyds has an excellent method matching security and convenience. I do not work for lloyds but also bank there
I’ve been looking at the Lloyds system and it does seem very good.
HSBC have been very good at replying via servicequality@hsbc – I’ve had one letter back so far, and a promise of a reply to my 2nd (although have just added a 3rd).
I think the issue is, they’ve invest in a device and a massive ad campaign of “isn’t our security great” and to back track on that would be really hard for them. Saying that, the internet is a very powerful tool and forum’s like this I’m sure will be read.
However, as I said, I don’t mind keeping it if they change their system to a 2 tier system….
1 which just shows my account and transactions, and possibly allows me to transfere money between accounts and existing payments (again, showing minimal details)
2 the full system that requires the key
(again I have suggested this to them)
incredibly annoyed with this new secure card rubbish, had it a little over a week and the stupid thing wont switch on, now ive got to wait 5 days for a replacement to come through the post!!!
and as for convenience…….well its completely gone! i used to log on to my account dayly – with just the memorized security info in my head – by far and away the safest place for it to be- just to check payments going in and out, make sure i wasnt overdrawn (coz we all know they charge us for the priveledge)and watch my savings grow bit by bit!
tonight for instance, was going to move a bit of money to my current account and have a dably on the euro millions……but what do ya know CANT LOG IN!!!!! ooooh the irony of winning £135 million and then opening a new account with another bank to deposit my winnings!!!
It’s ridiculous that they should force this on customers with no opt out. I’ve complained to the HSBC about this already.
I’d misplaced the stupid secure key and, after a couple of hours of ripping the house up, found it again. Not before I’d called to tell them I’d lost it however.
HSBC said they’d send a new one but it’d take over a week to get to me. And when I called back to advise I’d found it, they said I’d have to wait for the new one to arrive as they’d cancelled the one I had in my hand.
The idiot at HSBC was very interested in force feeding me the benefits of the card and just how ‘hard-on’tastic he finds using it.
I’ve been with the HSBC for over 20 years and am now looking to move elsewhere.
It’s absurd…. can’t we get a petition going??
I’ve set up a Facebook group which, if it attracts a decent number of people, should point out the obvious to the people at the HSBC. Therefore, if you want to help, please join;
https://www.facebook.com/home.php?sk=group_202276189819529
Thanks.
I have for many years (about 40)authorised another person to access every aspect of my HSBC accounts. However HSBC will not allow that person to have their own secure key to enable them to do so. They say that there can only be one key for each account. However if it were a joint account I believe each person would be allowed to have a secure key so they do in fact allow more than one key for an account. They blame the security system for not allowing more than one key on my accounts but who controls the security system? Surely the system should not dictate the rules but HSBC should do so and change the rules to meet with customers wishes. Other banks have various security arrangements but they all seem to be able to cater for an authorised signatory being able to use the account on the internet. I hate to have to change banks after about 65 years with one bank but may be driven to it by this refusal to amend their system to cater for something they seem to have forgotten about.
Sign the petition:
http://www.petitionbuzz.com/petitions/hsbc
SIMPLY RIDICULOUS!!!! we have been blessed by the appearance of internet to have access to our banking accounts whenever we need it. Now this forces you to be at back home to access your accounts, as I don’t carry a purse where to place this idiotic gadget with me all the time.. Even worst if you lose it!.. More and more banks are giving you access through mobile phones to have banking capabilities on the move… HSBC is screaming out loud just the opposite: PLEASE DON’T DO BANKING WITH US! They should fire the people behind this move on the spot.
I’m forced to use it ever since HSBC sent this key. It’s silly there is no provision of a BASIC access to login to do simple tasks like checking balances. Barclays has this provision and the simplicity yet security inclines me to use them more often as my primary bank.
BTW, google uses a mobile phone key generator. I can only hope banks will follow the leader!
Yet another dissatisfied customer. Looking to move account after 35 years with HSBC.
Whole point of Internet Access is it’s availability. At the moment I can access our accounts within seconds at home/work/friends etc without having to carry the secure key around just in case I need it.
We have also been able to transfer funds when an emergency occurred whilst we were abroad which we will obviously not be able to do without having this key with us.
Our daughters have been backpacking at various times and this would be yet another thing they would have to worry about.
I use a similar device at work for Barclays and it is a hassle there so it is not something I want for my personal account.
There must be a better way to improve security.
This device is dreadful. It almost impossible to use without a torch and a pencil to hit the keys. I am fuming that I am FORCED to use this device. I asked for a larger one and was told that it could be replaced by a device 15cm square and that they would de activate the smaller one (after I called an 0845 number !!).. What on earth were HSBC peope thinking when they devised this little number. I can only hope that enough people complain and that it disappears. I bank online with six other institutions and NONE of them have brought in such nonsense. When I asked how the disabled and elderly were supposed to use it, I got the answer that they could get the ‘huge’ version and deactivate the other one. Do not the disabled and elderly go on holidays HSBC and may not they want to access internet banking while away??? We still have lots of marbles left you know. It’s just that sometimes the fingers are not so agile. I am FUMING.
This thing is awful. I’ve finally been forced to opt into it. Have sent complaint e-mails and signed the petition. I don’t mind the extra security questions and I wouldn’t mind the key if it was only used for actual payments or changes to my account. I will also leave for another bank if they don’t change this.
I’m sorry, this is…incredibly retarded. Someone should send them this link with all the complaints, I’m a computer science graduate and I know for a fact that there are better solutions to this problem. This is a definite step backward, they are introducing it as some sort of hi-tech futuristic solution and it’s complete bullshit, and the fact that you can’t opt out is just unjustified. Why can’t you simply let us sign a paper saying that we’re responsible for the security of our own computers? Why do you have to start ******* around with a perfectly stable system that is already working fine for 99% of your customers? The last thing I need is my bank making my financial life harder, I just want you to keep my money physically safe and let me worry about my online banking security. I don’t want your freaking calculator in my pocket.
Agreed…HSBC have missed a trick here.
Why use an additional device, and not package it as a mobile app??
Perhaps they’re making the case for a VeriChip to be implanted in your arm.
See http://www.youtube.com/watch?v=44f5A8PCWiU
IBM RFID Conditioning – Shopping in the Future as a Chipped Human
I’ve had my key for just a few weeks. I went to log in with it for the 2nd time since it arrived and the screen is smashed – little suprise with it being thin plastic and stored in my wallet that lives in my back pocket. I now need to go to my branch tomorrow to get another one…that I will put in my wallet…that will no doubt break in a few weeks!
I’m sure it was designed to go in a wallet so why is it breaking? Do I now need to change where I have ALWAYS kept my wallet and risk losing it, together with all my credit cards and cash? I could leave it at home and then not be able to access my Internet Banking whilst on the move…not ideal!
I’ll give the next one ago and if it breaks, wait for them to change the system. Like everyone above, I can take my money elsewhere if this proves to be an issue!
If there were no criminals online , internet banking would not even need user ID and password. why were they introduced? There is a reason for all this. this is good development to me. I wish it were mandatory on all internet banking in Uk.
secure key idea isn’t bad but needs further development. Banks’ should join in producing one the key for all of them. Something of “joint key”. So before entering SK pin code, you enter Bank’s number. And certainly, mobile telephone app would be ultimate convenience as you do Internet Banking on phone.
This is interesting reading! I stil haven’t received my card reader and now I can’t get on to IB at all! Tried ringing HSBC and was put through to a very unhelpful woman who told me I had to reset all my phone passwords! I dont want to use the phone, I want to access my money online!!! Not impressed! At least most of you can still get online, albeit at a convenience!
Arrrrgh i hate it,i havent a clue how to use it and now its locked
how many numbers are we supposed to keep and remember. Get rid or i will be switching to a different bank
Can someone tell me which bank has the system where the pin is SMSed please? I’m switching as soon as I find out. I may keep a HSBC account open, but most of the money and all the banking is moving!
Hi Sowmi, Lloyds allow you to pre-register both a mobile and a landline and ask you on which one you would like to receive the PIN (session password). You can then select the one most convenient to you at the time. This is only done on transactions deemed as needing the additional layer of security – such as payments.
Yep, I’m opening with Lloyds – so far a very easy application process.
As the taxpayer owns most of it anyway, I’m happy to send my money there instead. And if it means I don’t have to use a goddamn silly “Secure Key”, then I’m happy.
Thanks for listing Lloyds as a more user friendly alternative folks.
I will be writing to HSBC informing them of how this is the final straw for me.
I’m off.
Not happy at all. These devices are just an utter pain in the arse. No opt out? Thanks for the last 15 years HSBC, but I’ll be leaving you.
What an absolute joke! I can’t believe that I am going to have to carry about this ridiculous toy to access my money. There is only one branch of HSBC in the West of Scotland. If I leave it at work or forget to take it with me I am stuck. What happens when it stops working or you lose it, how long will you go without. Morons!
I have banked with The Midland /HSBC for 40 years. I have been saddened by the reduction of branches and dehumanisation of those which remain, this has been compounded with the relocation of the “call centres” to low labour cost countries, regardless of an inability to comprehend English, resolve branch related issues or provide pretty much any useful purpose other than to advise me to go into my local branch, and yet, still l remain a loyal customer. Well – no more! Having received my cheap and particularly poor quality device this week, l was amazed to find l am required to carry this piece of “tat” around permanently assuming l actually want to access mobile banking……HSBC wake up, your customers are not impressed, l for one will be leaving!
@Glenn June 14th, 2011
So how exactly does the keypad communicate with your PC then?
And it turns off by itself – after 30secs not by some mysterious communication from the mothership.
Nice fantasy you had going though.
The fact that you have to carry it around with you is a royal PITA though …
I hated the NatWest one where you had to insert your card into it etc. but at least they do give you more than one device if you need it and you only need it for authorizing new payees and standing orders etc. NOT for just checking your balance or paying existing payees or inter-account bank transfers.
Not sure why HSBC decided against the SMS verification method (I am pretty sure they told me on the phone once that they were considering it) … not secure enough or cost?
Who knows but this thing is a definite user experience FAIL!
@mel2011
Never heard of smartphones? Imbecile.
@Kee: :) Ignorance is bliss!
@Bendigo The Burglar: Thankfully a key logger cannot be used to crack the Secure Key. The generated key can only be used once (I tested this by remotely logging on to a second pc and trying to log on to internet banking at the same time using the same key).
The only way to do this would be to watch someone generate a key and log in (with their memorable answer) before they had did – not impossible, but unlikely.
Oh and if a real keygen hack existed, I’d be happy to turn it into an free iphone app for all, but I can’t find a legit one and who’d trust a 3rd party solution anyway?
HSBC really need to turn it into an App! HSBC ARE YOU LISTENING?
Ha. Keep your panties on.
So you use the key logger to get the time that I logged onto my internet banking and the code that I entered. Then you reverse engineer the code to generate the serial number of the Secure Key. Then you can generate new codes for my account any time you want it. Understood.
Coming across like a pretentious sociopath? Not understood.
You’ve got the intelligence to work things out (or at least read about it), but lack the social ability to communicate it. I’d say we’re on the same side but I really am not sure…
I agree its possible in theory. Say if SecureKey does uses RSA SecurID, and say the reports are true that RSA SecurID was a victim of cyberterrorism a few months back, and someone got their hands on the code used to generate these codes. Surely this all suggests that having an app based version that could communicate directly and securely with HSBC, would ultimately be more secure as HSBC could generate numbers at will (pseudo random, algorthimic, it doesn’t really matter because no one outside of HSBC’s SecureKey development environment would ever know).
If HSBC do the right thing and created a smartphone app, it’ll be for all major platforms: iOS, Blackberry, Android (I’m sure you’ll let me know if I’ve missed one). I’m sorry I only mentioned iphones in my last post. I’m glad your so passionate about Apple but who really cares?
I asked HSBC about a smartphone app – and they replied that because you can install other software on the phone, a smart phone app was not the solution. However, they had no answer when quizzed about sending an SMS message – which is THE most secure way they could do it, because no one can guess what the sequence would be (unless they got into the HSBC servers).
The current secure key is less secure – rather than parts of a password you now enter an entire word (loggable), and if you knew the serial number of the secure key and the sequence it uses, then you are in.
Beside the point – the secure key breaks quite easily.
HSBC have also said there are no plans what so ever to change the current implementation, so I’m off – will be changing banks.
This is shocking. HSBC has really gone down hill. The worst of it is the decline is customer services and lack of prefessionalism in brnches as opposed to the nineties. Not impressed HSBC – and this gimmick security pad is ridiculous!
Wow. It’s great to watch the discussion heating up.
Changing your password regularly and making it strong is the single most effective way of protecting yourself. Why don’t HSBC assist us in doing that?
If they really want to going down the remote confirmation route, then they really need to get into the 21st century and send “randomised” keys by SMS. Forget “apps”.
Hi, love the new system and card for logging on …not..I am unable to use the small buttons or see the small screen number due to a disability but cannot opt out.Neither does the number, if i can see it with a magnifyer, stay long enough for me to tap it on screen.I can request a larger screen and voice activated card which speaks back the number generated …how safe will that be….and also do i want to be seen as disabled person ..no …I function normally ,fulltime job and a brain…don’t want it , have no choice so will move to santander and they will give me £100. Have written to disabled forums to see ..no pun intended..what other peeps are doing x
Ugh! Just got mine through the post and it’s horribly inconvenient. Unfortunately I’m overdrawn so I can’t leave the bank and find a more user friendly one!
Absolutely horrible. Hard to use and very inconvenient. Security should be to transfer money OUT of your account – not simply to log in or transfer between your own accounts. I belong to banks that use the SMS system – much more convenient. Zero points out of 10 for this idea HSBC
Angela – agree the small buttons are dreadful. I’ve tried using various implements (pencils etc) to operate the keys – nothing seems to work. Does anyone have any ideas? I can press them using the edge of my fingernail but then have to check carefully under a light that the ‘press’ has registered. I asked for a larger one, thinking I could use it at home and then take the other with me (holidays etc) if needed. No, as soon as I requested the larger one, the small one was deactivated. So I was faced with not getting into internet banking for 5 days, but I ‘hit the roof’ – well almost – got a new activation code sent by email and was told to go the local HSBC branch to pick up another small one. The branch thought it was ‘very odd’ that I was picking one up but I really couldn’t be bothered to explain. This particular piece of gimmickry is rubbish, absolute rubbish. Other banks can do it well, not HSBC it would seem.
My application for a bank account with Lloyds is going very well. HSBC? You messed it up. Bye bye.
What a nuisence! i dont want to activate it, and even though it says that it gives you the choice to skip. there is no way of accesing my accounts without activating it. i threw mine in the bin the second it came through the past. my brother activated it straighht away and now he cant access his acounts because its rubbish and wont work..
Will be switching to another surrent acount with an alternative bank, thanks but no thanks. any suggestions??
It’s such a barrier to convenient banking. I only set mine up yesterday and have now lost it so can’t log on!! Argh. Definitely not worth the extra security as is too much hassle to log on!
So this is it. I’m moving!
I’ve tried for a week to work with this thing. Three occasions already where I’ve needed to do some quick online banking on the move and haven’t been able to as I haven’t had my key with me.
Just now I tried telephone banking, as I wanted to find out whether some payments had been made into my account or not – I pressed 2 to listen to credits to my account and get the message “There have been no credits to your account since your last statement”. I don’t have statements! I went paperless a couple of years ago. Useless. So with gritted teeth I pressed 4 to talk to an adviser, knowing what was coming next… “Hello, hello, can you hear me sir? Hello?”. They always say it’s a bad line.. no, it’s a cheap call centre.
As I write this I’m still waiting for them to call me back (they said they would). There’s been one call from an unknown number which rang for one ring, stopping before I could pick up.
This is a complete customer service failure.
I’m self employed so online banking on the move a bit of a life line – I’ve no choice but to go to a bank who will listen. I did write to HSBC to complain, and quickly got a three page response telling me why they weren’t going to change. So that’s it, I’m off after 15 years.
I hope someone from HSBC has read at least some of the 150 odd comments above.
J
Mine just broke….went to the branch, they told me to call. Called and they told me they have spares at the branch.
So so so much fun.
It feels ironic that nearly a century after Arthur Scherbius invented a mechanical cypher gadget that was to become famed in WW2 as the German Enigma Machine cracked at Bletchley Park by the British, I’m carrying out the mundane tasks of personal internet banking on a gadget designed on similar principles.
This is a complete waste of time and technology. This is just more information that someone can use to hack accounts, and it will happen before the year is out. This is a gimmick sold to people with no concept of network security. If no one spoke out against this in HSBC it speaks to the low level of understanding within the bank itself. If someone did speak out against it and they went ahead anyway, it says something far worse.
I have just got mine and have spent the last hour trying to log on to my account online…so annoying, everytime I go to log in I add the security key and it directs me to a page that says.. Firefox has detected that the server is redirecting the request for this address in a way that will never complete. In otherwords the page wont direct me to online banking???!!!!!
I have just completed the registration. Oh my word…. they have made my life more difficult than before as a result. That calculator isn’t in any way they size of a crdit card, it’s far too thick! HSBC have just lost themselves a customer methinks…
What a waste of time. The code card keeps on going out of sync. You then phone them and try it with them a few time and it locks you out and you get told you have to wait an hour to get unlocked.
Just moved all six accounts to someone else that knows what customer service is all about
Stupid doesn’t quite cover it. I have been forced to use this only to find out that after struggling to get into my account details I then had to generate another code to just to make a £60 payment to someone already on my friends and family payment list!!!! I spent 5 minutes waiting to speak with someone on the complaint line only to get someone in India who “understands” my frustration and states that many customers are calling with similar issues.
There is security and then there is pointlessness…like patting down 5-year olds in airport security checks.
Now I am going to read though the comments and anything else I can find about a bank that has half a brain.
D
Got the gadget today. It’s a nuisance to operate. What happens when I’m overseas?
http://www.facebook.com/pages/HSBC-Secure-Key-Opt-Out
Hi Peter – whatever you do, don’t tell the gadget he’s on holiday – he might decide not to work. Truth is, he’s not so bright that he knows where he is.
Well… according to this:
http://www.ipo.gov.uk/t-tmj/journals/6871/domestic/2566455.html
First Direct already have a patent for their own Secure Key so I’m sure it’s in the post on its way to me. Great.
I have been with HSBC for over 20 years and not once considered using another bank …
… until now.
I will be closing my account at the earliest opportunity because of this annoying device. I’m just waiting for my wages to be paid into my new bank next week and as soon as that happens and my direct debits have been moved I will be closing my current and both of my savings accounts.
HSBC, For not even giving me the choice you can use somebody elses savings to make money … but you won’t be looking after mine!
How is it possible that we are “advancing” when instead of having to deal with less plastics we are made to carry at least 2 around?
I personally found the old system much much better than this silly looking device, not having to depend on anything to be able to access to my account (not that 3 sets of number to remember were exactly easy to get by another person).
So, if I go on a trip, and I wan to take at least 2 cards with me, I´ve got to carry two cards AND 2 minicalculators!!!!
Fantastic!! Next time I fly my 10 kg handbaggage will consist entirely of “security measures”.
I HATE THESE THINGS!!!
I now have two of them. One for my Lloyds account and one for my HSBC. I am apparently shortly to get another one for my other Lloyd account. This is totally ridiculous. Managing these accounts is a complete farce and I am avoiding doing so a sit is such a hassle.
Terrible Idea. I’d much rather take the security risk.
I’ve been feeling quite smug that at least one of my banks (Lloyds TSB) weren’t planning on introducing these password generators, but I see that they too are thinking about it… here is a link outlining their plan / view on the subject…
http://www.channelregister.co.uk/2005/10/18/lloyds_tsb_password_generators/
at least they acknowledge the difference between transactions that require the extra layer of security and those that don’t.
It’s a joke. You don’t need a new pin every time you log on. That’s incorrect.
I am currently serving in afghan, turned on my key and it is coming up with what I can only assume is an error code. I don’t go home for 3 months, how the he’ll am I supposed to access my bank to pay my bills etc?! Especially as mail can take upwards of 3 weeks to arrive. Thank you Hsbc, you made my tour so much more relaxing.
Looks like I was wrong and you do need a new number every time you log on.
Either I’m a complete moron or the instructions are not explained properly!
I’ve no real objection to it if it’s proven to make our cash more secure, it’s quite ingenius really, how does it work??
Grrr – well I’m leaving this discussion, as HSBC’s response is
“Hard luck we’re doing it anyway”
So much for customer care etc
HSBC appear to haved changed their to H58C.
I managed to lock my new key after a couple of uses with the message FAIL 3 in the display. After 30 minutes the key had not reset so I phoned the dedicated help line. They are sending a replacement key which will arrive in about 5 days. Not a word about waiting a couple of hours for the key to reset (which it now has). In the meantime no one gets paid for 5 days.
What happens when the battery goes or the keypad gets damaged? Also I object to the 0845 number used for the helpline. Just another way of generating revenue from its customers?
well got mine today, followed the instructions and it crashed.
did it over. crashed.did it over, worked, well no it didn’t it locked me out of my account. Now i can’t do anything. the easy way to do things online has now been removed from me. This for me is the last straw. This rubbish little bank has lost my custom cause i will now have to travel 2 miles to my worlds local bank to get it all sorted out.
Russell, ring your bank and tell them that you can’t ring 0845 numbers, they are blocked! Their tech support will ring you back and sort it out.
I locked myself out, you have to wait two hours before trying again.
It really is crap, but all the banks are doing it!
The help file is absolute rubbish, very hard to follow!
@Stuart, July 28th, 2011: “How does it work?”
Let me explain…
The website and your Secure Key are following the same sequence of six digit numbers. Every time you log in, the website is expecting the next number in that sequence.
The sequence is unique to you: it is generated by an algorithm/formula, which takes your IB Login and the serial number of your “Secure Key” as parameters/variables.
When you register your “Secure Key”, you tell the website the “seed” (the position in that sequence at which your “Secure Key” is currently waiting).
It’s an old method of securing communication…
The algorithm is probably NOT unique – once a hacker knows it, and has broken HSBC’s databases, he can find the serial number of your “Secure Key”, your “IB Login”, your everything, and use that information to get into your account in the normal way.
Luckily, data in the database is stored with high level encryption. e.g. MD5, SHA-0 hashes will encrypt passwords, IB Logins etc…
Basically – if nobody but you knows your password, then they cannot use the website to get your data. The previous mechanisms (like asking for only 3 random digits from your password etc) were quite adequate. Lloyds TSB (my new bank, since this fiasco) do not use anything like a “Secure Key”. Instead, they employ dropdown boxes for you to select the 3 random digits from your password (this protects against “keystroke capturing” trojan attacks etc.
I am finding Lloyds a lot easier to deal with, so far!
I too will be leaving HSBC if they do not take notice and allow customers to make the choice of whether this devices is used or not. At least Nationwide still gives you the choice although for how long I don’t know.
I have left HSBC after emailing and speaking to the bank about the secure key. They said use was compulsory. The cashier I spoke to in HSBC even agreed the key card was a pain to use. It is a lot of hassle to use especailly if you access your bank on the move all the time like me.
I have now moved banks which was really easy and quick. I did nothing and they sorted all the direct debits etc and the move has been incident free. Would recommend to any other HSBC customers.
HSBC was the first ever bank I did IB with, when I opened my account in 2001. They sent me a little laminated card with my IB number on. This card, eventually became like the Holy Grail. I never had the inclination to memorise a huge IB number and inevitably, when I needed the card the most to log in to make a payment, I could never find the damned thing. Eventually, after several years, through repeatition, I successfully memorised my IB number….and now I’ve been sent this piece of junk!
I don’t personally see how the securekey makes me any more secure? All it’s done is add another layer of complication and time to logging in.
Let’s look at it in black & white –
Firstly, If someone’s hacked into my operating system( ‘secured’ by a sluggish anti-virus/trojan/phishing/adware/malware/you get the hint, piece of junk),or my WiFi internet(secured with the longest complex encrypted key that takes me 3 days to type into the settings of a newly added wireless device), and these hackers are watching my every key-stroke, then inputting a code from this device into the browser offers me no real protection (as they’ve just watched me type in the code). One hopes HSBC at least strike off the last used authorisation code from their list so it can’t be used again when the hacker makes an attempt to log in using it.
Secondly, most fraudulent activity I have heard about has come about as a result of someone hacking remotely into into HSBC, or through installing some cloning device into a cash point and stealing someone’s PIN. Having a securekey in my (now bulging) wallet at home is not going to prevent remote fraud. And how will I know I have been fraudlised anyway? The securekey won’t light up like the Bat-phone to let me know something’s wrong. No, I’ll find out the old fashioned way. I’ll (eventually) log in and find my account cleared of all funds.
Thirdly, why would I place this contraption on my car keys when it has a unique serial number linked to my account on the back of it! Surely, it would have been more secure to print the serial number on a separate letter at the time of issue, and in an ideal world, set the letter to self destruct after reading.
Fourthly, my handy, convenient, ‘hang on your car keys’ Tesco clubcard fob has barely lasted 6 months of weathering and punishment from the elements!! Do HSBC think this key is going to perform well in this respect?
Fifthly, and lastly, if security is paramount (and rightly so) why does the HSBC site allow browsers to ‘remember’ the IB number for easier log in next time…
Here’s my ideal secure log in –
HSBC ramp up security their end to prevent remote hacking, thereby offering their customers better protection.
I would prefer to have to type your IB number from fresh, plus TWO passwords. Job done. No DOBs/home phone numbers etc allowed. Unique passwords. From now on, in theory, only psychics can guess your passwords.
I don’t like having to keep a mobile handy to receive SMS codes regarding payments etc either, this also carries an element of being a pain in the butt. If I am at any PC, and I have my unique passwords and IB stored in my brain, then I should be able to just internet bank wherever. You can’t always have your phone on you 100% of the time. However, I do feel SMS should have been the way forward and would have been a more accepted move by HSBC customers.
Personally, I’d rather just just have the option on my account to enable/disable receiving an SMS or email (to my blackberry) alerting me when a log in attempt is made, or payment is sent from the account etc. Paypal do this…which I am thankful for because the fraud rate on Paypal is disgustingly high!
I am now looking into changing banks for an easier life….
So if I was a theif and steal your wallet I probably get your key too.
Or the mobile phone which is the route HSBC france has gone.
Its a nightmare. To get online you now need to carry the key.
If you are travelling and Orange France dont send the messages because international roaming is switched off yer F**ked.
These idiots in security just dont want users logging in. Which of course then solves the security problem.
HSBC is the most useless bank. Service is terrible. They claim to be global and joined up. The reality is appalling. I so need to move to another bank. Any suggestions?
Lloyds? Probably all as bad as each other…
Lets be quite clear about it, this device is to protect HSBC not us. It is so that you cannot repudiate a transaction – ie claim someone else made it – unless you disclosed your pin.
Well, I tried to log into HSBC this morning to find out that I can’t without one of these secure keys which I haven’t received. And when you click the “have not received key” link – nothing happens.
Called their internet banking helpdesk who says mine has been dispatched (28 July) and they expect it to be with my by Friday (hopefully!) so I have a whole week without being able to access my accounts (unless I use telephone banking which is definitely not convenient); I’ll wait until I receive my key before writing a very strongly worded letter of complaint!
So HSBC give out free replacements, eh? I wonder what the replacement costs them? At an estimate of £20 (more accurate estimates welcome) If I were to accidentally sit on the flimsy plastic thing every week (5 working days tilI I get the next one), then in a year I would be costing them over £1000. Potentially much more than that, if I go into a branch and pick up a new one. Even at a £10 cost, that’s still £500.
A cynic (not me, honest) might suggest to people thinking of leaving HSBC over this matter that there might be another way of showing them your feelings on the matter – take all your money to another bank but leave your HSBC account open, then ring them up every so often or pop into a branch and ask for a replacement securekey. As many times as possible.
If you’re not leaving, but are frustrated with the new system, presumably you could still use the crippled service but go into a branch for another replacement every so often and have it re-enabled there and then.
If enough people were to do this (the cynic might say!), HSBC would soon notice the rising replacement costs were higher than forecast and would have 2 options:
1) Start charging for replacements – which would alienate a LOT more existing customers, and would quite possibly end in a mass frustrated exodus (people hate charges – especially for something that’s forced on them!), OR
2) Acknowledge that maybe these things aren’t all that robust or convenient to carry around after all, and seek an alternative solution – such as restricting their need to the ‘new payees’ option or introducing the sms/smartphone alternatives described above.
And there do seem to be a LOT of people who are unhappy over this all over the net, many of whom say they’re planning on leaving HSBC over this thing…
Just a thought (a purely hypothetical one, of course).
It’s easy to argue this is more secure. But it’s not worth the extra hassle in my view so I’ll be closing all my HSBC accounts and moving banks. Simple. I want a bank that allows me to access my bank details online and anywhere without needing a dongle – isn’t that want Internet banking is all about?
Yes!
wow.. thats alot of unhappy customers on here.. (me included)
it seems people have been unhappy since march however I just received this stupid plastic thing in the post and its august.. so their complaints are being ignored by HSBC
I have a HSBC credit card, ISA, savings, and current account which I check on a daily basis either at home or at work.. both computers are fully up to date with costly internet security, plus that stupid Rapport thing which has slowed my laptop to a crawl, however apparantly that isnt secure enough. I now need to carry around a plastic number generator to access my account!
I do not understand why we need it to just log in and check our balances! Id sort of understand the need for a password if I made a large payment to someone, but just to log in seems very OTT.
I have a santander account which I have started using more now and will now be using their credit card instead for my monthly bills/food/fuel purchases so I can continue to check the transactions daily without having to remember this calculator thing.
clearly the only way to complain is to complain with your feet.. change to a bank which has more convenient ways of keeping your money safe
There is a facebook group for this…’Scrap the HSBC Secure Key’
http://www.facebook.com/pages/Scrap-the-HSBC-Secure-Key/220553231298352?sk=wall
HSBC I am taking my business elsewhere…
I really hate this secure card. I’ve banked with HSBC for 30 years and the introduction of this thing is seriously making me consider changing banks. It is awkward to use, impossible to remember to carry around with you constantly and complete overkill as a solution.
It is awkward to use . The thing switches off randomly .You only have a limited amount of time to get the number or the online system times out . The nunbers are tricky to enter with my bigger fingers . the display is too small to see easily . i believe it uses a battery ,i wonder how long that lasts . the hsbc phone line is 0845- ,i had to deal with an assortment of different helpers at hsbc .
i asked: please can i just have the old system ? answer No .
‘little piece of plastic crap’
sums it up really…
I also phoned them to try to opt out as I thought it was absolute rubbish but was told no, I also emailed them and told them I was going to shut my accounts down because of it and basically they told me so what!! I also have an account with barclays they also have a card pin machine but you have basic access options which is not too bad but now I’m right stuffed as I have children who find all of these machine things great fun. Its too big to fit in my purse and too small to keep safe. By the looks of web page I am not alone so I hope HSBC will take notice of everyone and do something about it. I bet if I had a few million in my account they would listen!!!!
Unfortunately this site is unlikely to have any effect on HSBC as, although they call themselves the listening bank, their approach is:- “Do not confuse me with facts as my mind is already made up”.
Dissapointed and annoyed with it.
I immediately looked for an emulator that would do the same job in case the damn thing gets lost/broken.
I had imagined something a bit more sophistcated than this randon number generator.
And on top of it all I now have to answer that secret question every time.
Agree with Alan and many others. HSBC has disabled internet banking.
Just about possible to check balance but transactions are impossible, after endless poking buttons with a pencil, it returns an error message every time.
What an absolute nonsensical piece of trash this is. I forgot to write down the first code it generated and am now logged out of my own account. On calling HSBC I am told that my key has frozen and could take 5 HOURS to come to life again, so I cannot get into my account for 5 hours. Totally unacceptable. I agree with the other users – if I travel abroad I have to take this wretched thing with me. A message to HSBC – generate codes via mobiles, your system is useless.
Yes it is definitely more secure but there are many many more ways of making internet banking more secure. Until HSBC moves to one of these other methods, I am moving my money out and doing what Bongo Jazz suggests!
This method fails on so many levels:
– Many older people cannot use these tiny devices. The size of the buttons and the poor contrast on the screen makes it next to impossible for them.
– Being unable to access internet banking for 5-10 days because you’ve lost your device or it’s run out of battery is beyond frustrating. Especially when you travel abroad a lot.
– The choices HSBC suggested as the additional logon password were ridiculous. The first street I lived on? There are plenty of people who know that and are also well placed to steal my code calculator. Shameful they should suggest I use that as a password!
– Carrying one crap plastic calculator may be acceptable but what happens when you bank with more than one bank or when all sites (Paypal, Freshbooks..) decide they need this level of security? Carrying two, three or more – No thanks!
– The environmental impact of the millions of these non-rechargable devices that will be thrown out or lost in a few months is worth considering.
– Man, are they UGLY :-)
I received my HSBC secure key several weeks ago and hate the whole concept of having to carry around yet another device and take longer to log on. So far I have avoided using it by clicking on continue instead of activating it. I have happily used online banking at home, work and travelling for over ten years and the beauty of it is that all I need is numbers in my head. If I was robbed and had nothing I could still access my accounts. I have a Nat West account too and never use online banking with them because they introduced a security key many years ago – which is still in the box! It’s become an occasional account. I take a laptop when travelling and use wi-fi, so can log on in privacy except in emergencies. The thought of forgetting, losing, breaking or having my security key stolen at vital times adds yet more stress to a stressful life – not needed, no thanks! Is it actually compulsory anyway?
HSBC customers dont have a choice in opting out of this and it is really annoying that organisations can force you to use something. If I didn’t have a loan with them I would close my account completely and switch banks.Few years ago Barclays allowed me to opt out of their secure key device. Why can’t HSBC do the same?
Perhaps more customers voicing against this policy will make them change their minds.
May be more people could sign this petition:
http://www.petitionbuzz.com/petitions/hsbc
I couldn’t even extend my normal login for 30 days as i didn’t bother using the device soon after they sent me.
I left Barclays because of this completely inconvenient device. Looks like I need a new bank again! Im certainly not carrying this thing around with me.
I find this device a complete pain. I have to carry it with me now, wherever I travel and wish to access my account to pay a bill. I aleady have all kinds of passwords to get passed. They say to keep it in my purse but if it gets lost then I will have lost my card and this device which will leave me even more stuck. I found it impossible to access my own account all last week. Their security is certainly tight when I cannot get at my own money. If others banks not to follow then I will consider moving to one of those.
What a complete waste of resources…been using mine successfully for the last 2 months, surprised that initial doubts had been proven wrong.
Then to no surprise that little box of wonders won’t even turn on. I need to do some banking now.. Its 06:30, the help line is not open until 8am, my local branch opens at 09:30. The world’s local bank my fat hairy a hole. They have just lost another customer. I pity the poor customer service person when I get through on the phone line, words cannot begin to describe my rage
Introduction of this security layer effectively blocks me of using my bank account from anywhere besides home.
I am now at office, and would like to make a transaction. I apparently can’t.
I am planning to switch bank as well.
I’ve just received mine and it wont allow me to log on at all. After generating the pin the HSBC site tries to redirect me to my account page but so far mt browser cannot open it- i just get a message saying ‘ too many redirects for safari’. So great start – i can now not access my bank account at all. Anyone else have this problem?
Just received my key card, and already what a pain! I’m a Natwest customer too and their keycard i can just about withstand because you don’t have to generate a password to log on only too set up a DD or SO, Why make it so difficult HSBC?? My wallet is too full to carry this card around all day, and what if I want to check my account in bed, or in the bath or whilst sitting out in my garden? There are hundreds of situations where I will only be armed with my phone not my wallet and now I can’t check my balance without getting up and finding the reader!
Give the account holder a choice and better still come up with a decent app that generates codes via SMS.
“It’s about the same size as a credit card”
It’s about as thick as three credit cards though, there’s no way it will fit in your wallet without badly distorting it.
It’s a major barrier to logging on. Seems HSBC thinks that the most secure online banking is no online banking at all!
same as many other very unhappy, the hole point of the internet, and internet banking is its available from anywhere, and i will be dammed if i have to carry any more crap round with me.
this basically means im only able to use banking at home not at work, i already have one for my business account, which is bad enough, however the business ones are tiny compared.
i may consider leaving hsbc.
HSBC seem to forget that they need to keep their customers happy. I agree with many of the comments that online banking should be accessible anywhere, now I have to think in advance whether or not I may need to access my bank account and take this stupid plastic card with me. It’s annoying.
What I hate most of all, and has really got my back up, is HSBC said if I don’t have this card they will cut off my online access!
So far the card has not caused me too many problems (apart from being upstairs on the PC and having to go downstair to get it!). As soon as it breaks, runs out of batteries, or causes me any problems I’ll be finding the first bank that doesn’t use this system.
HSBC have over the years been trying their hardest to alienate their customers (e.g. closing all the local branches amongst other things) and they may finally have achieved their goal with this. hopefully people will complain and get this system removed. Afterall it only benefits HSBC, not us.
please join the facebook group……….
http://www.facebook.com/pages/Scrap-the-HSBC-Secure-Key/220553231298352?sk=wall
This system is archaic and an annoyance.
It is not more secure (anyone who knows your code can use it).
You have to carry a thick and additionnal device.
A more secure and pratical system would be with a cell phone.
Why are so many people complaining about the size of the secure key and then suggesting that a mobile phone be used instead. A mobile phone is far larger and is susceptible to a flat battery at the wrong moment. Not everyone carries their mobile phone with them at all times or even has one.
Having to have the secure key available at all times is a nuisance but at least is better than having to carry a mobile phone at all times.
Brian Stewart: I take my mobile phone EVERYWHERE. I would imagine that majority of people do. These suggestions are not meant to be black & white. HSBC should be more than capable of supporting multiple security measures which would be:
– Secure Key
– SMS
– Smart phone
Its not really a question of who’s idea is the best. Having as many practical solutions as possible would surely make most people happy? (If I have a flat battery, that would be my problem, not the banks?)
This keypad is NOT a security device.
As mentioned it is not connected to the remote database. knowing the algorithm (any hacker worth his salt will have it by now) and the users PIN and the serial number is all that is needed.
However – they also make you log on with an additional secret word; this tells you how secure HSBC think it is!
For home/work access, all that would be required is to ‘register’ your computer, seems to work pretty well for iTunes – all have unique codes – e.g. the Hard Disc ID. Using ‘random’ PCs for one off access could use the ‘dongle’. Of course, all the dongle does is to prove that you have access to the dongle or the algorithm and it’s serial number (that should be removable from the dongle – ooops another balls up!).
This appears to be a lesson in hacking people off (no pun intended), spending ridiculously large amounts of our money and not improving security for more than a few months until the hackers catch up.
I have been a Midland/HSBC customer for 40 years – a damned good reason to leave!
Will the SECUREKEY work 3000 miles away, from Canada?.
Will HSBC/UK provide replacement batteries for the device?
The 5 hour time difference, between Canada and the UK, already creates a comunication problem and loss of a small device
could make online banking impossible
Really REALLY annoying. If you forget to bring this device with you when you travel, then you can’t access your bank account. What a total pain!!
What an utter complete waste of time and effort.
First attempt to register ——-TOTAL FAILURE
Tried to phone —wait 15 mins and still the annoying music NO VOICE prompts.
Perhaps after 40 years a change of bank is needed.
AN ALL ROUND PAIN IN THE AR&*
May I also point out that it is not compatible with the Ipad!
When I rang to complain, i was told that the Ipad was so new they had not tested it yet, and had no time frame to make it compatible!
Really useful to those who, like me travel for a job!
Secure key is a rubbish item.One of the most useless things imaginable.If you have severe arthritis it is impossible to use.Whoever thought this thing up should be sacked.It has cost me time and money (in phone calls) just to get the thing set up.USELESS!!!!!!!
I’m livid. My Secure Key doesn’t work, I’ve been locked out of Internet banking and my money is thus rotting in HSBC’s useless deposit account. I’ve spent hours on the phone (at great expense to myself) to Indian call centres who don’t help/hang up. I’m refused access to my money and bank manager and will thus empty my account at the next available opportunity (after the bank holiday). It isn’t because I can’t use the Secure key technology – I’ve been using it with Nationwide and others for a long time. Nationwide and Santander pay more interest and have friendly branches rather than bad tempered customer service people. the banks need a wake up call.
Ridiculous!!! I have two current accounts, one with HSBC the other Nationwide. I will now have to carry two of these cardreaders around with me if i want to use my mobile to access my accounts. Ridiculous!!!
I have just registered a complaint with HSBC about this ‘Secure Key’ nonsense.
I urge everyone to do the same…
https://hsss.hsbc.co.uk/ukpersonal/contactforms/complain.jsp
or
servicequality@hsbc.com
It’s a joke! What a shame after 20 years of perfect service from HSBC.
Complete and utter waste of time – very unsatisfied – and thats only when it works . Apple mac users who surf with Safari are screwed again !!
I agree that this is ridiculous, and I hate it too.
Has anyone considered that HSBC is actually attempting to get customers to “vote with their feet”? Retail banking is expensive and banks, and for most average people, is generally a loss-making proposition — consider the costs of labor ie branches and call centres as well as initiatives like this relative to what average Joes actually earn for the bank. So, if they pi** enough people off, they could be left with mostly an investment bank, which is likely what they want anyway.
This is the most ridiculous idea! I have found it a time waster in just checking my finances! I just dont get it. If i gets lostor batteries run out how long will you wait for a replacement and in the meantime not be able to access YOUR personal accounts. Surely theres other secure ways! Stupid idea!!!
The problem with the secure key is that it is NOT portable (at least not for men who don’t carry purses). That means that you can only check your online account from home, you can no longer check it at work or on the move.
The HSBC customer service representative that I mentioned this to suggested I carry the secure key on my key ring. I do not wish to bulk up my keyring and make my keys too bulky to carry in my pocket.
What other banks (e.g Lloyds, Natwest, etc) do is they use a “card reader”. You can have one at home, one at work, and one in your suitcase. So all you need to carry around is your debit card.
So now that I can no longer use internet banking at work or when I travel, I must resort to telephone banking. This ultimately means speanding about 56 minutes (no joke) speaking to a call centre rep in India on a poor telephone line and with a strong accent (everything had to be repeated twice).
Anyway, after being a loyal customer of HSBC for 11 years now, it’s time to move on I think. I would be grateful for suggestions of banks with local, cordial call centres and internet banking that makes life easier, not more difficult.
I have a personal account and a business account with HSBC.
For a year now I log into my business account by using a key fob which generates a random number at a press of a button, it fits nicely on my keyring and I dont have to remember yet ANOTHER number.
I don’t understand why they have a different system for personal banking.The cumbersome calculator ‘key fob’ is fiddly and hard to use. I’ve already locked myself out of my account as I forgot my pin (even though i followed their instructions to retrieve it)
HSBC – please use the same security system for personal accounts as business accounts and stop making my life hell, looking for another bank now with an easier login system.
Things like this make my life hell the last thing I need is another one.
I notice First Direct (which is owned by HSBC) now has ‘Labs’ where customers can offer their feedback on new service & product innovations before they are rolled out. If only HSBC had done the same for it’s customers before sending these out.
It’s making me log in less already, had to revert back to the telephone service the other day I’ll probably be using it a lot more now…
This is just annoying. You lose the thing, forget it when travelling and it’s not easy to use. I’ve not been able to log in since I’ve had it. This is the end of internet banking, at HSBC anyway!
First Direct ARE bringing them in – in 6 months. I just asked. And I predict a nightmare. They don’t really seem to care – and the person I spoke to agreed that the number of people reverting to phone banking will rocket.
For a start, I will have to move my shares account as not having the secure key will prevent me trading. (A phone trade costs 2.5 times as much) Have they not thought of this?
Just how many internet breaches have they had? I reckon it is (or at least should be) virtually impossible to login fraudulently.
I love some of the ideas and comments on here and am glad to see I’m not on my own with this; I totally agree that this is a stupid and frustrating system. I complained in August via the feedback option on the website, received a stock reply and replied back again. I have also just sent an email to tell them of my (now increasing level of) frustration in not being able to access my account (due to having left the damn thing at work). I think I will email every time the system gets in my way..and have told them so. They have apparently forwarded my email to the complaints department as I got a letter in the post to say they will be dealing with my complaint but I have little hope they will reverse their decision on this. I’ll post again if I get anywhere!
Oh, and that advert…are they trying to say this new secure key is like having to drag your grandad around with you to be able to access your money?! Damned irritating.
To all those who want to leave HSBC and are looking for a decent bank which does NOT require any stupid card reader/secure key then do what i did: close your HSBC account and move to Norwich & Peterborough Building Society. Sure, they don’t offer faster payments, don’t have nationwide branches but if you can live with these cons, then their gold bank account is ideal. Superb customer service (ala First Direct), no secure key/card readers required to access internet banking, the most user friendly internet banking i have ever seen….oh and free overseas cash withdrawals as well :)
This is ridiculous!
Firstly I travel a lot but also when I am at home I like to be able to check my account at work or even at a friends house! The likelihood I will remember to always carry this bloody thing is next to zero!
I currently also have a natwest account, although at first I was annoyed by their card reader, once I had set up all the payee’s I needed I rarely have to use it.
The absolute worst thing is I still use safari browser since I am computer illiterate and it seems to work fine for me…except logging in with the stupid key card. I get this message:
Too many redirects occurred trying to open “https://www.hsbc.co.uk/1/2/1/2/1/2/1/2/1/2/1/2/1/2/1/2/1/2/1/2/1/2/1/2/1/2/1/2/1/2/!ut/p/kcxml/04_Sj9SPykssy0xPLMnMz0vM0Y_QjzKLN44PdgHJmMWbxxub6keaxRvFG3m7QoQM4h3RREzizdwQQkH6BbmhoRHljooAjJSphQ!!â€. This might occur if you open a page that is redirected to open another page which then is redirected to open the original page
Has anyone else had this? I do not want to have to install a new browser just for using my HSBC internet banking! It’s totally unacceptable and although only 22 years old I have had this account for over 10 years already. I had no plans to change until now!
This is a load of rubbish and I cannot get on line to see my account. For weeks I have been trying to remedy this and my HSBC is gridlocked on my screen, in spite of the fact that I sought help. I am closing my HSBC account and transferring to lloyds, which are still easy and sensible.
I’m registered to receive large print correspondence (and hsbc’s large print statements are so badly done that they may as well not bother, but it’s all or nothing it seems and I need the letters in large print…) anyway, they sent me a lovely large print letter, enclosing the standard crappy little secure key! No mention whatsoever that there is an even less portable alternative, so it appears they do not even have the ability to think through that visually impaired customers might struggle with this – leaving the onus entirely on us to spend money and time calling them to say we can’t see it.
The whole thing is utterly frustrating and will certainly lead to lower security for me as I can no longer access online banking independently, plus it will become a much rarer event due to the hassle, so if there is any fraud on my account, it could be quite some time before I know about it.
So thanks hsbc for your half arsed attempt at accessibility with finally agreeing to large print documents and well done for royally shitting on that by sending this crappy little thing along with it!
Argh! Any other visually impaired customers found a solution? Or got the ‘big’ version and can tell me if the screen is actually visible? Or have thought about a challenge under the Equalities Act…?
I cannot stand this secure key from HSBC. I used to log in to online banking daily and now it has become a monthly affair just because of the added inconvenience of finding this darn key !!
Does HSBC not realise that this prevents people from using their service i.e. I have stopped directing customers to pay into my HSBC account because of this since i cannot check it straight away. This translates into HSBC receiving less payments !! I hope they can put 2 and 2 together.
My advice would be to introduce a smart phone app that uses the same method of loggin in and the secure key should then sent to the mobile number via sms message ? surely this is just as secure since i have a password to log into my phone on top !
Tried to set up my Secure key this morning. Input my PIN, verified my PIN and then could not go any further as it did not recognise the PIN I was inputting. Three ‘fails’ and I was locked out. Followed the on screen directions to reset my PIN but nowhere could I find what I was told would be on the page after I’d input my User id…
I ‘phoned HSBC and gave up after waiting 17 minutes for someone to answer. I ‘phoned again, was eventually transferred to someone who could ‘help’…by telling me I was now totally locked out of my internet banking and would have to wait at least 5 working days for a new secure key to be sent to me before I could again access my accounts!
So, I have my accounts with HSBC and cannot access them. :(
Think I will be changing banks shortly.
yeah well, this is so secure now that ive lost my “device” and cant log into a service which wasn’t broke.
someone must be able to make a emulator based on the serial number ;)
Another thing to do (when i had it) was to enter my pin then push the green button every 10 secs or so (maybe push it twice) and write down the numbers. Then when you come to login just use the next number !!
Basically its an utter pain in my arse and if they dont sort something out, i’ll be switching banks.
Shame, i’ve been with them for 15yrs+ and they have been really good to me believe it or not.
Ghastly – key froze- locked out of joint account when I wanted to send money to an account with another organization- husband did not want to use his key in case he got locked out – hours of hassle in getting key reset – husband spoke to clerk at HSBC who suggested he (the clerk) should send payment by BACS – when eventually able to access account again, found that though clerk had got account number and sort code of payee right, he had got my name (which was the reference and which he had in front of him) wrong – now have had hassle of contacting payee to sort this out….GRRR!
We had had years of an excellent internet banking service from HSBC and now this fiasco – I hate, hate, hate the wretched device.
I dissagree with this, Mobile phones get stolen, your not going to take this out with you are you, it will always be next to your computer so cant get stolen.
leaving it next to your computor is like leaving your front door key next to your front door? most cars are stolen by breaking in to the house first to get keys.
i moans in branch other day and they seemed un aware of all the bad press.
@Matthew Hart
Erm… a lot of people use internet banking from more locations than just home – which is kind of the reason why so many people are annoyed with it…
It’s the equivalent of saying that you can only ever access IB from your home computer for ‘security reasons’ – it might be fine for your purposes, but it’s a massive pain for the thousands of us who are used to the idea of ‘access-anywhere’ banking.
I’m pasting a comment made by somebody else – it sums up my feelings exactly:
“I like no nonsense banking and this bloody thing I’ve been sent looking like a cheap piece of plastic that’s sure to break within a week is far from my ideal banking solution and where’s my freedom of choice? It’s not the point that HSBC has brought this out, it’s being told you have to use it and that’s it. I dont take to kindly being told what to do.”
I had my credit card statement in the post today. I owe 44p. Yes, 44p. Tried to log on to HSBC to pay it. No joy. I’ve just written out a cheque for the amount, shoved it an envelope and put a 1st class stamp on it.
Goodbye HSBC after 26 years of loyal service (on my part).
Whoever came up with the idea of an additional piece of plastic to keep in your wallet, that you have to fish out to use your internet banking wants shooting!!!!! Easy access it is not – I have voted with my feet – after 20 odd years as a happy HSBC customer, I have moved my bank accounts elsewhere.
Freedom of choice – Really?? It doesn’t exist with HSBC…complained to HSBC who said its compulsory and if i am unhappy i can complain but they cannot do anything about it and i can choose to leave if i dislike this.
Can’t wait to switch loans with another bank and close this account.
If too many customers complaint im sure they should do something about it??!!
I am out of the UK six months at a time and don’t have an address they can send a replacement. I work in dodgu 3rd world countries & know it will get lost, stolen or broken, then what? I opend a Midland Bank savings account back in the 60’s when I was 8 years old. Don’t wish to close my account. The once called MB the listning bank.
This new plastic fob is a piece of crap. Online banking my arse. Why didn’t they just send me an abacus?!
What a stupid system I have now started looking for a new bank some idiots h=get paid a fortune to think up this rubbish.
This can only make our accounts less sucure
This is BS, Im an HSBC advance customer but Im mostly abroad and don’t go back to the UK often, this is a major hinderance. I cant access my online account now. and I dont wanna have to take that thing everywhere i go anyway, time to change banks!
I hate the secure key. I log on a lot less because it’s so inconvenient to find/carry/use the device, especially away from home. I’m considering switching to another bank.
All these unhappy customers makes me think that HSBC are trying to lose business! There are many simpler methods available to them to make their site more secure. I would recommend to them the way Lloyds TSB do their internet banking.
I love banking with HSBC. They’ve always given me great service and I’ve been with them since back in the Midland bank days… I’m therefore really sad to have had to move to Lloyds TSB in order to avoid this device. I know Lloyds may introduce one at some stage, but their internet banking technology feels like it’s light-years ahead, and I trust them to do a better job of making security both secure and convenient.
I have no doubt that I will receive worse “physical” service from Lloyds than from HSBC, but internet banking is my bread-and-butter, and I just can’t afford to stay with a bank that screws it up.
I AM 82 YOA.i DONT KNOW WHO THORT UP THIS SCURE KEY BUT ITS RUBISH.WHAT DO THEY EXPECT ELDERLY PEOPLE TO DO,I SPENT HOURS GETTING IT RIGHT WITH THE HELP OF A HELPFUL MAN FROM INDIA,
NOW AFTER SEVERAL DAYS IT WANTS ME TO ENTER THREE WRONG NUMERS,TO RESET THE KEY NUMBER.hOW BO THEY EXPECT ELDERLY PEOPLE TO REMEMBER
KEY NUM SEC NUM PIN NUM AND ALL THE OTHER INS & OUTS,
IM GOING TO TRY AND BRING MY FUNERAL FORWARD
NORMAN.
I have still not receivedf this ‘key’thingy so I am cut off from my internet banking which I used daily.
Have no idea if I am in debit or credit and am awaiting the second or is it third activation key to arrive as I am abroad at present – now with no access to my money or account and about ready to open an account in the next bank I pass – wherever on the planet I maybe.
I agree with the complaints above but wanted to add my name to the list – I hope the list gets massive! I am abroad with work – cant access internet banking and forced to call HSBC at massive phone bill cost. Goodby HSBC as soon as I get home (Ironic as I am in Hong Kong)
The concept of an extra layer of security I have no objection to. However, the methodology they are using is completely flawed. Like some others who comment I too live overseas, HSBC say they have sent a key 3 times but I have never received it. I am locked out of my account and have to spend $ to do phone banking through an international call. I have sent a complaint to HSBC insisting I get access to my account until they can get a key to me. In the meantime I have also asked them to send me paper statements until the matter is resolved, it will cost HSBC international postage to send them to me, what a waste of money. I feel that I have been forced into draconian method of banking due to their poor processes in implementing this key. I have completely lost confidence in this bank and maybe the only way to access my money is to completely withdraw it and use a bank who values my business.
My retired mother often asks me to help her with her finances when she is at my house. Now she needs to make sure she has this key with her or I can’t help. This is utterly pathetic. She has always been with HSBC/Midland (nearly 50 years) but I have advised her to switch to make her life easier.
I’m with LloydsTSB. Login is with a user ID and password followed by drop downs for 3 random characters of memorable info. Unless you divulge your info or a hacker is a psychic, this should be more than enough security, especially as to add a payee or make a one-off payment, an automated service calls your (pre-advised) number and you enter or say the pin given on screen. In about 30-60 seconds the task is complete. Easy peasy. Added to that I have a (free) Vantage account – if I pay in £1000 a month I get interest!!! (up to 3%, calculated daily), something HSBC customers could only dream of these days!
Another option is Santander who will pay you £100 to switch and pay high introductory interest (12 mths). I’ve heard their customer service is not great, but if you’re with HSBC you’ll be used to that.
My advice to every person who is not happy is to act with your feet and switch to someone else. It’s the only way they’ll get the message.
Oh and as for the link to Lloyds trialling the same sort of thing, that was from 2005, so I suspect they have (wisely) decided against this!!
I finally decided today to switch to another bank (probably LLoyds, thanks to the suggestions above) after 30+ years with HSBC. Since it first arrived a few months ago I have felt completely insecure with this plasticky gadget, its tiny keys and tiny screen, which I can barely read. When I complained back then they didn’t tell me they have a larger, audible version. Reason – they had run out of them. I’m sure it’s an infringement of DDA laws, imposing this device on all regardless of disabilities and not offering alternatives. Bye bye HSBC.
anyone recommend a better bank given all of this hassle
Lloyds for its Internet Banking.
This device will be the reason that I leave HSBC after being a loyal customer for 40 years! I also bank with Barclays and their card reader is much more logical, its bigger of course but i can leave one at home and one in the office. I business bank with HSBC and their small security device is much more convenient albeit i dont carry it around. I suspect that more and more people will end up using the telephone banking as a result of this stupid device and that will end up costing HSBC more money and then guess who will end up paying for it? I’m not against security measures of course but the old login system worked brillianty for me and was much much more convenient than the NEW CONVENIENT (in their words) device. its hard to see it gaining any real approval but I guess that HSBC will learn that and then go the way of barclays where you can bypass the need for the device in case you havent got it with you. which kind of makes a mockery of having it in the first place
Here’s the reply I got from HSBC after sending negative feedback about the decvice to them directly.
Thank you for your recent e-message.
I am sorry to hear that you are unhappy with this upgrade to our service. If you are an HSBC UK customer and registered for Personal Internet Banking, please note that this will alter the way you access Internet Banking in the future, however, I wanted to explain some of the rationale behind this very necessary change.
HSBC takes the security of its Internet customers very seriously. In the face of increased online threats, we feel it appropriate to upgrade our service and improve the protection we offer against cyber attacks. Our customers have also demanded better protection.
Secure Key brings an additional level of protection to our online customers. Once registered, it is uniquely linked to you and must be used each time to allow access. This means that even if a third party manages to obtain your log on details, perhaps through malicious key logging software, they will not be able to access your accounts or information without the Secure Key.
We have introduced Secure Key at log on, as well as when setting up certain transactions, because it is not just fraudulent payments that cause problems. Your account information and statement data can be used by criminals to steal your identity and in the longer term this can be far more disruptive and difficult to resolve.
Secure Key has been uniquely designed for HSBC to be easy to use and portable. Unlike some other devices, it is compact enough to easily fit in to a purse or wallet, so you can bank online whenever and wherever suits you.
Please be advised, we see Secure Key as fundamental to keeping our customers safe when logging on to Personal Internet Banking. As such we will be asking all our customers to upgrade in 2011/2012. I regret to advise you that there is no opt out and to maintain your access you must upgrade. I regret to advise you that I am unable to revert you back to the previous log on method. I hope that as you become more accustomed to using Secure Key you will appreciate the reassurance and protection it provides.
I am sorry to hear that as a result of this important improvement to your online security, that you may consider moving your account. As a valued HSBC customer we would be very sorry to lose your custom and hope that upon reflection you will reconsider.
I hope you will agree that the protection and peace of mind this device brings far outweighs any inconvenience it may cause. Should you ever need access to your accounts and do not have your Secure Key with you, our telephone banking teams will be more than happy to assist you.
I trust that I have clarified matters to your satisfaction. If this is not the case, you can escalate your concerns by writing to the Senior Manager of our Service Quality Team at the following address:
The Senior Manager
Service Quality Team
HSBC Bank plc
Arlington Business Centre
Millshaw Park Lane
Leeds
LS11 0PP
Alternatively, call us on 0800 88 11 55 or e-mail us at servicequality@hsbc.com.
I am obliged to inform you that complaints we cannot resolve can ultimately be referred to the Financial Ombudsman Service. However, if we do not hear from you within the next eight weeks, we will consider matters resolved.
Thank you for taking the time to bring your concerns to our attention. I am only sorry it was necessary for you to do so.
Yours sincerely
Swapna
Internet Banking Customer Support
Seems like they missed my point entirely!!! hello Lloyds , goodbye Hsbc!
HSBC is now making it impossible for me to use Quicken to download my banking information. There is no way I can remain with that bank without spending much of my limited time logging every one of my transactions manually. HSBC is making banking a task rather than a pleasure. I guess I’ll spend most of my holiday having direct deposit/withdrawals set up at another bank.
Cheers.
pointless little devices (although i understand the need for greater security) they are a hindrance and are great until they go wrong like mine has and leave you completely unable to log into online banking and is now going to cost me money to go to the bank and transfer some money as i cant acess my online banking because the stupid little key genorator has gone to pot
Gone overdrawn and charged as I could not sort money from abroad due to being unable to access my account as the number generator was at home….. after 16 years this was the final straw in a long line of poor customer accessibility in last 6 months with local branck closing except when I am at work and constant struggle to access my account on the move.
For the life of me I don’t understand this. I am an American. All my accounts over there are easily accessible and I don’t have to carry around some stupid device. Nor would any American accept something so ridiculous; the banks would be laughed into insolvency; the press and internet would humiliate them. But over here?…
This British fetishism of inconvenience is one of your most annoying traits.
I wrote and told them I didn’t want to use the device because I feel it hampers accessibility to the account when on the move. They said “you have no choice” and I said “yes I do”…………….. and I closed the account after being a customer for 35 years
How will this affect me being able to monitor my finances on mobile apps?
@Joe after living in the US and the UK I can say things are much more inconvenient here (US). For instance, checks, tips, taxes not incorporated in to prices, etc to name but a few.
So this little device along with the website are useless and are not secure! let me explain why.
While doing my online banking today, with HSBC, the rapport software came up and was doing it’s check, looks so cheap, and it said it failed at last step and I needed to log back in. So I did as it told me, enter code and then press yellow button and enter the new code.
I’ve just found out,it’s a few hours later now, that this wasn’t a security check but new virus that hijacks the website and transfers money from your account, 1014 gbp was transferred from my account. I use computers everyday and i’m very careful- I had no idea.
HSBC has a huge issue that they need to resolve it was just so normal, I have my doubts that anyone else would have picked this up, very alarming.
On a good note the fraud detection department at HSBC contacted me to check the transfers legitimacy and they cancelled it immediately and refunded the money.
Most annoying thing ever! As I predicted I have lost it and as a result lost access to my account for 5 working days!! It shouldn’t be compulsory! Thinking of changing banks to one without the stupid thing. A password sent to a mobile would be much better!
These days, however ‘safely’ we think we use the Internet, running any Internet Banking service without Rapport is pretty bonkers.
If Mr Griffin (Dec 30th) had actually had Rapport installed he would NOT have been attacked by the sophisticated “virus” pretending to be Rapport.
Rapport would have done its job, and protected him…
I have had this secure key for some time now and only had it work once correctly. I have had my Internet banking locked when I needed it most. Now the key card is stuck on enter pin. Nothing else works and nor can I switch it off or reset it.
What HSBC have done is loss it’s online banking facility to people that used it. I’m taking my banking to someone else who dosent use this shit key thing. Cheers for ruining my online banking experience I had with you I’m off!!! Another customer lost!!!
have handed in my secure key card after having it for only about three month on three or four occasions, and putting in the correct information , it did not respond then it ultimately failed altogether l then went to the bank and was told that l would have to go home and phone some office or other l then handed the said card back to the young lady l now ask for a readout every time l go to my bank
Where is the round the world security,when they do not use this system in China,or the USA,I have been unable to access my account since October,you claimed I bypast the system before the end of the year,yet you said this system would not be in force until January 2012. I am still waiting for my Key to arrive.This smells a little like lets go green people,then charging up to 25 pounds to send requested statements,which were once part of the service.Why can`t the HSBC supply me with an email address for a bank in the UK.
I intentially thought this would be a good idea for security… but after living with it for 3 months I am fedup to the back teeth of it.
If I’m at work I cant login and check my balance / pay bills without carrying the damn thing around with me.. which brings me to the point of what if you lose it or it breaks.. yes you wait 5 days or more to get another one from your branch which you have to visit to get it.
I work at many customer sites but always have my laptop which I know is clean and virus free (I work in IT).. I have sent several emails to HSBC but basically secure key is the way it is like it or lump it… I suggested they made phone app that did the same calculations / creates same codes… basically getting rid of secure key… or maybe lock my login down to a SMS message to my registered phone number but no joy…
I am in the process of moving my 25year+ HSBC bank account to LloydsTSB which you can access via a mobile if I wanted… but mainly I will access via my laptop. They also offer weekly bank balance SMS messages and other SMS alerts too… such as my balance low etc,etc HSBC do not offer these…
HSBC need to wake up!! Even I can create secure websites with hard / awkward login systems…. why cant they?? ING direct have a fairly good login system too and they dont feel the need for Securekey…
I hope lloyds TSB dont introduce a securekey or I will be on the move again!
good luck folks and lets hope someone at HSBC actually wants to listen to their customers??
I forgot to say I know 4 other HSBC customers who are fedup of having to carry securekey around with them too.
Good security, but don’t carry generator when out so can’t check on fly.
Smartphone generator app would be a good idea.
A mobile phone based ‘secure key’ would in principal be less secure (ie ‘tamper-proof’) than the token based SecureKey, which is more like a mediaeval castle, with high walls and deep moat to keep out fraudsters, but I have little doubt that mobile based security IS the way forwards…
I think that banks ARE listening, and waking up (slowly) to the mobile revolution, it’s just that these developments take time, and few banks are naturally comfortable meeting demands which arguably seem to lower security standards…
But it WILL happen…
I have a secure key from HSBC and although it’s ‘extra’ security which I love because last year my account was accessed online by a criminal, I hate how easy it is to loose. It comes with a metal ring so you can use it as a key fob, however it is flimsy and the ring bent after one trip out on my keys. It is also too thick to slide into my purse and is not the size of a credit card. i hate that without it yo cannot log onto your online account so if it is lost you have to send for a whole new one which can take days to arrive.
overall not a fan.
@erin IF you have an iPhone there is now a simple HSBC app for getting a balance and seeing recent transactions on your current account. No need for the secure key for just that. And Android and Blackberry versions are apparently following in a month or so…
Mine has just died and my local bank has no paper for mini statements! Welcome to the 21st century!
I live in a little country called New Zealand in the middle of the Pacific Ocean and I have to say our Internet banking is a million times better than the b*llsh*t I have to deal with when I log onto my HSBC account.
When logging into my NZ account the bank automatically sends me a security code to my mobile phone which I insert as part of the login process. It takes two seconds and I imagine it is just as secure if not more so than the HSBC stupid calculator thingee that I have to carry around. Everyone has a mobile – why don’t HSBC start being more innovative with their security while making it convenient for their customers. Let’s just say I really really hate doing anything that involves my HSBC account these days. First it’s the long login IB number, then the silly security questions, most of which I have forgotten the answers to, then the stupid password on the calculator, then the auto generated security key. It is so convaluted!! I appreciate security is important but this is rediculous.