About The Blog

Debate at the intersection of business, technology and culture in the world of digital money, both commercial and government, a blog born from the Digital Money Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Don’t worry, it still works fine | Main | Getting cash on the web »

Time for the one-time signature ...

By number19 posted Jan 14 2008 at 6:18 PM

[David Griffiths]  I have recently moved home, and I wanted to tell my bank the new address for my business account.  I logged into the internet business account management centre, with my username, password AND one-time passcode from my whizz-bang security gizmo, but I couldn't find any option for updating my address.  "Perhaps I have missed it", I said to the lady in the call centre, after she had been through all of the additional security questions and had confirmed that it was indeed me, "No", she said, you have to go into the branch and tell them".  "But I work in London, and can't get in".  "That's ok", she said "I'll contact your branch and they can send you the form".  "And where will they send it?" "Ah!", she said, "You don't live there anymore, do you?  You'll have to write to them".  "But if I write to them, how will they know it's me?"  "You'll have to write to them", she repeated.  Now I can tell a procedural road block whan I hear one, and I could tell I was hearing one - I considered my best option was to give in before they start quoting the Data Protection Act at me ... I sent the letter...


So I have the security gizmo, I have all of the answers to their security questions, I have full access to the account, and because of all of this, they are convinced it's me and they let me move my money to anywhere that I want to.  But they won't let me change my address. If a crim wants to do it, and divert my bank statements, cheque books, cards and so on to his address, he just sends them a letter, and signs my name (probably not that difficult) - job done, and there's nothing I can do about it. 

Can I see the one-time signature catching on as an additional security feature?  Perhaps I can, because it apears that the security experts don't think that the password, one-time passcode gizmo and security questions are enough.   


TrackBack URL for this entry:

Listed below are links to weblogs that reference Time for the one-time signature ...:


ING in Belgium started putting all customer signatures on file last year - it certainly helps as I previously couldn't perform a number of transactions at a branch other than my local one.

I think that this will be short lived though, as once the banks really get to grips with authentication using CAP (your one-time passcode gizmo) then they will realise that they can use it to authenticate you over the phone, in the branch, on the web, in ecommerce etc etc...

The comments to this entry are closed.