There was an article from This Is Money this weekend that caught my attention. Having been a user of HSBC’s new online banking security for a few weeks, I had been waiting for stories like those in the article to raise their heads.
We use online banking because it’s a help, you can access your finances from a computer anywhere in the world and make transactions with ease. It saves time, save’s you having to queue at the bank, make the trip to the bank or suffer the banality of elevator music as you wait on hold to speak to someone from Asia tying to get a handle on the English Language.
HSBC’s previous method of log in to their services was using a pin number and user name that the user would have chosen. But this in itself was not great from a usability standpoint. Each user would have their own ID, not something you yourself would have picked but rather a long winded letter/number ID. A cookie would remember the ID but wrongly enter your pass details once and this would disappear.Your option then to access your bank accounts would be to either phone HSBC or try and find the flimsy piece of card with the number on in your wallet.
So as technology progresses and our lives and online processes are meant to be made easier, HSBC have gone and added another layer of security to their online banking system. The result is something that is frustrasting, cumbersome and gives an experience that feels like it hasn’t been tested before being rolled out.
What you’re looking at is the HSBC Secure Key. It’s a small piece of plastic and akin to a cheap calculator you may find in a pound shop. Turn it on and enter your pin, press a button and you’re given a security code allowing you to log in to your accounts with a security question for added measure, interestingly this security question never changes. Let’s look at the usability of the device itself. Well touch screen it isn’t . The buttons aren’t responsive to touch and I’ve found the only way to get it to spark to life is to jam my finger hard into it. – not great.
It’s also not responsive to user error, if you’ve put your pin in incorrectly it will come up with an error code, having followed the instructions online, I found it still didn’t want to kick back into life – very annoying.
What annoys me most is the practicality of the device. It’s just another thing you have to carry around with you and due to it’s size it can easily be mislaid unless you attach to something like your keys etc. It’s a hinderance to making the accessible unaccessible.
The log in process is also extended, not simplified and doesn’t take into account that a user may be logging into their accounts from anywhere. Let’s take a scenario where you’re on holiday, you want to check your balance so you find a computer and get online. Most log in processes will rely on your personally set log in details, things you’ve chosen that are unique to you and memorable. The HSBC log in first requires your user ID, as it’s assigned to you and not really a memorable format then I guess your instant access to your online baking from anywhere in the world just became complicated. If you’re able to get your wallet out and get your ID, then move onto the next stage and enter a memorable piece of information that says “this is me, this is unique to me”…fine, that’s what we’re used to but then comes the ID required from your pocket security calculator…left it at the hotel? Well in that case….no online banking for you my friend and that bamboo panda will just have to wait!
In design there is a gap in the site layout of the log in stages that gives instruction on how to use the Secure Key. Use the key once and you’ll know how it works so it doesn’t need to be interfering with your log in every time. Take into account the 30 second window you have before the device turns off and you have a spanner in the usability works.
For me and it seems a lot of other users, this is a step back in online banking. For a bank whose motto is ‘the worlds local bank’, they have introduced something that is really only making a user’s experience better from a security point of view if they’re sat at their own computer with the necessary tools.
Maybe I’m being too harsh but when something is introduced that has customers thinking about changing banks than you have to ask, were customers asked in the first place for feedback?