The Rapid Traveler previously recommended HSBC’s Online Savings Account as a backup to Schwab High Yield Investor Checking. It has no ATM fees or foreign exchange fees when used at HSBC ATMs, and they have perhaps the widest global ATM network. Reader Rita added the caveat that the rates in countries with volatile currencies are not always the best.
HSBC’s website for several months has posted notices of an impending move away from virtual keyboard entry of online security keys (in addition to regular typing of username and password). Virtual keyboards require mouse clicks on an on-screen keyboard to defeat automated break-ins.
The new system came out and it is a mind-testing doozy. Eight lines appear, displaying improperly in Firefox 8, corresponding to the number of characters in the security key. The instruction is to, “Please enter the first, fourth and second last characters of your security key.” “Second last” is curtly British, rather than the American “second to last,” but grammar aside, The Rapid Traveler had to scratch his head to work out the correct responses. His next temptation was to pick a much simpler security key. The reaction to change to a simpler key is natural but defeats the purpose of the exercise.
Increase inconvenience and end-users respond by lowering their security. If this system becomes widespread, which seems quite unlikely, logging-in can at least be a quick mental exercise in between the crossword and Soduko. Hopefully, before it comes to that, some HSBC executives will try to log in to their own accounts: the virtual keyboard return would not be far off.
This hassle is peanuts compared to online access to Chinese bank accounts. Tales for another day, but let’s just say that if The Rapid Traveler’s computer expires he will need to fly back to China to download, within China’s borders (or perhaps via a VPN), a new digital certificate to log in to one of his accounts, and that is just the start of the fun.
Readers, what crazy bank online security have you encountered?