HSBC to issue credit card sized Internet banking keycode device

HSBC is to issue all customers with a one-time password code reader that can be used without the need to insert a Chip and PIN card.

  0 8 comments

HSBC to issue credit card sized Internet banking keycode device

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The device, which is small enough to keep in a wallet or purse, generates a unique PIN code each time a customer logs on to their accounts. Users must enter a personal four-digit PIN to generate the six digit passcode.

Called the HSBC Secure Key, it differs from the approach taken by other UK banks such as the Co-operative Bank, Barclays, RBS and Nationwide which have equipped customers instead with bulkier Chip and PIN card readers.



Chris Pilling, head of HSBC customer security development, says: "Our Secure Key is small and lightweight enough to keep in your wallet or purse, so you can still do your banking wherever and whenever you like."

The device will be issued to all new HSBC customers that register for online banking from 23 March and will be rolled out to all existing customers over the coming months, says Pilling.

Sponsored [New Report] The Future of Payments 2025 – Digital, instant, profitable?

Related Company

Comments: (8)

A Finextra member 

Much more practical than the Barclay's version. The Barclay's one being so bulky I never carry it around with me therefore limiting my access to internet banking to only when I'm at home, hardly banking for the 21st century!

A Finextra member 

Natwest also have a 'large' device which means I end up using their private banking number instead of going on-line when at work.

These guys should take a look at what Google have done with their 2-step verification feature which works of SMS and a native android app. I think all the banks will have to eventually go this way instead of trying to win the war on best custom reader. 

A Finextra member 

.. or Intelligent Finance who use SMS with an authentication code to make payments.

Fundamentally the banks need to design the security approach taking as the highest priority (other than security) the customer experience. If customers can't easily access internet banking on the move then they'll take their business to a bank that does allow them to.

A Finextra member 

Online Banking Card Readers: no more room in the suitcase

https://www.finextra.com/blogs/fullblog.aspx?blogid=2611

Whatever the size or spec it's just yet another one to carry around! 

Nick Collin

Nick Collin Director at Collin Consulting Ltd

Really dumb idea.  They now have to duplicate all the expense of getting the right device to the right person.  Why on earth don't HSBC swallow their pride and admit Barclays et all got it right?

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

Finally HSBC UK does it!

HSBC India issued RSA tokens for One Time Password (OTP) generation for Internet Banking access more than six years ago. I didn't have to visit the branch to collect the token which came to my home address by post. It got activated upon first use. Losing the token, battery running dry and all other standard concerns around this technology have somehow spared me so far, and I've been a satisfied user of this security method. 

Around four years ago, I visited the HSBC branch in Canary Wharf to open a bank a/c. After finishing the entry of the basic particulars into her PC, the manager who was doing this on my behalf asked me to come over to her side of the table and enter a static password for Internet Banking access on her computer.  

Given my elegant, self-service experience with HSBC India, I was surprised to come across a somewhat old-fashioned process in HSBC UK - and that too at the branch right below its global HQ!

When I pointed this out, the manager admitted that, unfortunately, all system enhancements in UK were put on hold pending a multi-year core replacement. Looks like this has finally happened!

This experience taught me a lot about how legacy systems stymie progress in one part of a bank whereas their absence infuses agility into its other parts, however remote they may be from the headquarters.  

A Finextra member 

What´s the news? Banks in Sweden issued these devices already in 1996 to their internet banking customers.

A Finextra member 

If Im honest, I really dislike having to use tokens. I just think they are clunky, and if I lose one I have to wait for a new one, delaying things and restricting my access (like the last time!!). They cant be that cheap for the banks either.

Banking is a pain with hardware tokens for standard users. Just use OTP protection on screen without tokens. It is so much easier and still protects the bank.

[On-Demand Webinar] Exploring the ethics of AI in bankingFinextra Promoted[On-Demand Webinar] Exploring the ethics of AI in banking