At times I really do wonder how my UK bank manages to be so creative with security.
They alternate between a rather good Internet banking service, an excellent card fraud department and a hopeless card issuing mechanism.
As a repeated victim of card cloning (that's when a copy of the card is made without you physically losing it) I am well acquainted with the fraud department of said bank. They are remarkably good and proactive: I often get phone calls or letters outlining transactions they would like me to check and confirm. They had already been authorised but clearly didn't quite match my "user profile" or had been declined and they wanted to discuss it with me. I always take the time to ring them back when they send me a letter, confirm the transactions and thank them profusely for their efforts. As a matter of fact it would be marvellous if everyone did the same: when people feel gratitude for their work they put more effort into it and in the case of card fraud it is the kind of effort one's pockets appreciate too.
The Internet banking service is not as stellar as ones using one-time pads but it offers passable security and a simple, clear interface.
Where they continue failing me is their physical card issuing service.
The first time my ATM card was cloned I recieved an identical card on which the only change was the so-called "issue number" (incremented by one) and the expiration date which was defined exactly as "re-issue month + 36 months". That's it. So if you had my previous card it wouldn't be rocket science to know what the new one would be like, in fact trivial: just see when the old one stops working (that gives you the "re-issue month") and add 36 months. Guess what? That is exactly what happened. What is the solution to this? New bank account, totally different number, close the old one: the ideal solution to minimise your customer's distress.
I had thought that it was a "feature" of the ATM card until a problemette appeared wth my credit card: the signature had become unreadable, the regulations mandate that you cannot re-sign your card so I ask for a new one to be issued. The new card is identical except for the expiry date which is (no prizes for guessing) "re-issue date + 36 months ".
Must be a habit... so instead of cutting the card up I burned it as I'd rather not discover more creative uses for rubbish rummaging, sellotape and card swipe readers.
Posted by arrigo at January 21, 2004 12:40 AM