[David Griffiths]  I have recently moved home, and I wanted to tell my bank the new address for my business account.  I logged into the internet business account management centre, with my username, password AND one-time passcode from my whizz-bang security gizmo, but I couldn’t find any option for updating my address.  "Perhaps I have missed it", I said to the lady in the call centre, after she had been through all of the additional security questions and had confirmed that it was indeed me, "No", she said, you have to go into the branch and tell them".  "But I work in London, and can’t get in".  "That’s ok", she said "I’ll contact your branch and they can send you the form".  "And where will they send it?" "Ah!", she said, "You don’t live there anymore, do you?  You’ll have to write to them".  "But if I write to them, how will they know it’s me?"  "You’ll have to write to them", she repeated.  Now I can tell a procedural road block whan I hear one, and I could tell I was hearing one – I considered my best option was to give in before they start quoting the Data Protection Act at me … I sent the letter…

 

So I have the security gizmo, I have all of the answers to their
security questions, I have full access to the account, and because of
all of this, they are convinced it’s me and they let me move my money
to anywhere that I want to.  But they won’t let me change my address.
If a crim wants to do it, and divert my bank statements, cheque books,
cards and so on to his address, he just sends them a letter, and signs
my name (probably not that difficult) – job done, and there’s nothing I
can do about it. 

Can I see the one-time signature catching on as an additional
security feature?  Perhaps I can, because it apears that the security
experts don’t think that the password, one-time passcode gizmo and
security questions are enough.   

1 comment

  1. ING in Belgium started putting all customer signatures on file last year – it certainly helps as I previously couldn’t perform a number of transactions at a branch other than my local one.
    I think that this will be short lived though, as once the banks really get to grips with authentication using CAP (your one-time passcode gizmo) then they will realise that they can use it to authenticate you over the phone, in the branch, on the web, in ecommerce etc etc…

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: