Links

Ben Laurie blathering


“We Used To Be More Secure”

A couple of days ago I went to my bank to do a CHAPS transfer for a great deal of money. Buy-a-house kind of money. I didn’t want to have any problems when I got there, so I called them to find out what I should take. Of course, I can’t talk to my bank (Barclays) anymore, so I got a call centre in India. They told me I’d need ID and a utility bill – this one amuses me since these days no-one gets utility bills: it’s all electronic. And anyway, all my utilities are in my wife’s name. I called them again a while later to try to make an appointment (I can’t, apparently) and this time they told me two forms of ID and no mention of the utility bill. So, I headed off to the bank with passport, driving licence and a TV licence (hey, TV is a utility, isn’t it?) in hand.

When I got there we sat down with a bank employee who asked me for my cash card. He stuck it into a PINsentry and asked me to type my PIN. On that evidence alone, we proceeded to transfer enough money to fund a small country. I find this a little scary. Anyway, when I reviewed the documentation, which I had to sign, it had a little box about ID verification, into which he’d typed “PIN xxxx + SRS” – “xxxx” was (part of?) the code from the PINsentry. I asked him what “SRS” meant and he explained it meant he’d checked my signature. In fact, he hadn’t, but he proceeded to do so at that point, commenting that he already knew what my signature looked like, presumably to explain away why he hadn’t done the check before…

Anyway, at this point my wife mentioned that we were rather expecting them to check ID and stuff, to which he responded in a way I feel sure was not authorised by the bank: “well, we used to be more secure but now the bank believes that PINs are the highest level of verification”. I explained to him why I disagreed with the bank. He didn’t argue with me.

Oh yes, the signature check? He wasn’t even in the room when I signed. For all he knew I carefully copied it from a crib sheet. So, all that’s standing between me and complete emptying of my bank account is my PIN. But hey, the only way anyone other than me could know that is if I told them, isn’t it? So it would serve me right, obviously.

4 Comments

  1. Why would FDIC allow any bank with this horrifically lax security membership? And why would they have gone so slack? the added cost of enforcing their own policy of ID and signature check ought to be able to bring in more than that in profit through stealing, from the increased number of customers they would have if they had any kind of deposit security, with service fees. The whole banking industry is appalling!

    Comment by 90th Redoubt — 24 Oct 2009 @ 2:32

  2. A large UK bank accused me of impersonating myself a few years ago. I found myself in a strange, parallel universe, sublime discussion about my life, complete with invisible parries and fancy footwork. Ultimately they conceded that I was in fact me. They even compensated me due to their complete mismanagement of the entire issue. I never thought of suggesting a PIN though.

    Comment by robin — 24 Oct 2009 @ 8:27

  3. Barclays came top of the Which? survey of online banking security, so I guess they’ve just got complacent about the whole thing.

    Comment by Martin — 26 Oct 2009 @ 13:25

  4. I had an entertaining experience withdrawing “buy a car” rather than “buy a house” cash a while back. First pass verification was chip and PIN, followed by my passport. This led to a phone call to further verify, when I was asked my mother’s maiden name and my date of birth. “Is that the same date of birth on my passport?” I joked.

    Amusingly, while we were waiting I asked the counter assistant if she was going to check the security features on the passport. When I was met with a blank stare I suggested she put it under the UV document lamp. Cue lots of “ooh” and “ahs” and several staff coming over to have a look…

    In my daytime business (HMG contractor) we get very good advice on how to check the document security features of passports, driving licences etc. Seems daft that front line bank staff don’t receive similar advice (or if they do, they don’t appear to remember it!)

    Comment by Nik — 26 Oct 2009 @ 15:36

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress