Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

HSBC Bank Sends Activated Debit Cards Through Mail

kdawson posted more than 4 years ago | from the unstanched-cash-wound dept.

Security 220

Knowzy writes "At least two divisions at HSBC Bank apparently failed card issuing 101 and are mailing out debit cards pre-activated. Because they are debit cards, fraudulent transactions come directly out of a victim's checking account. A similar report from 2004 suggests this issue is longstanding and widespread. When confronted with the evidence, HSBC would not commit to fixing this issue, preferring instead to offer vague statements like, 'Through our systems and analytics, we focus on the greatest and most active threats in an effort to avoid negatively impacting customer experience.'"

Sorry! There are no comments related to the filter you selected.

Hongkong Shanghai Banking Corporation (-1, Troll)

davek (18465) | more than 4 years ago | (#32804588)

I ditched this Chinese bank back in 1999, while I was still in college. I don't know why anyone gives them a dime of hard-earned cash. They already own the majority of American debt, why give them your paycheck also?

Re:Hongkong Shanghai Banking Corporation (5, Informative)

_merlin (160982) | more than 4 years ago | (#32804626)

They aren't Chinese - they British. They were incorporated in London in 1990 and have been headquartered in London since 1993. Even the Wikipedia page will tell you that.

Re:Hongkong Shanghai Banking Corporation (-1)

Smooth and Shiny (1097089) | more than 4 years ago | (#32804896)

Word, yo. They British dawg!

Re:Hongkong Shanghai Banking Corporation (0)

Anonymous Coward | more than 4 years ago | (#32805208)

They aren't Chinese - they British. They were incorporated in London in 1990 and have been headquartered in London since 1993. Even the Wikipedia page will tell you that.

And before it was London British, it was Hong Kong British. HSBC was never Chinese except geographically.

Re:Hongkong Shanghai Banking Corporation (0)

Anonymous Coward | more than 4 years ago | (#32805220)

They were originally based in Hong Kong but reformed itself as HSBC inc and moved to London when Hong Kong reverted back to Chinese rule.

Re:Hongkong Shanghai Banking Corporation (3, Informative)

RobertM1968 (951074) | more than 4 years ago | (#32805990)

They aren't Chinese - they British. They were incorporated in London in 1990 and have been headquartered in London since 1993. Even the Wikipedia page will tell you that.

At the time, they may indeed have been Chinese. How do I know this? I worked for Marine Midland Auto Financial Group, a Division of Marine Midland Bank; who was also Saab Scania Credit Corporation, Suburu Credit Corp, Porsche Financial Services and a number of other financial arms for major auto manufacturers (hey, didja really think the auto companies were their own banks?). This was back in 1986 and 1987... MMAFC and MMB were fully bought out by the (at that time) Chinese The Hongkong and Shanghai Banking Corporation.

At THIS time, Hongkong Shanghai Banking Corporation is STILL based in Hong Kong (as it's name implies).

The Hongkong and Shanghai Banking Corporation Limited, based in Hong Kong, is a wholly owned subsidiary and the founding member of the HSBC Group, which is traded on several stock exchanges as HSBC Holdings plc.

HSBC [wikipedia.org]

.

HSBC Holdings (who owns it) is based in London, and apparently for regulatory reasons due to an earlier acquisition.

Headquarters
HSBC's Hong Kong headquarters are at 1 Queen's Road Central in the Central area on Hong Kong Island. The HSBC Hong Kong headquarters building was also home to HSBC Holdings plc's headquarters until the latter firm's move to 8 Canada Square, London to meet the requirements of the UK regulatory authorities after the acquisition of the Midland Bank in 1992. It was designed by British architect Lord Norman Foster, and was the most expensive building in the world based on usable floor area at the time it was built.

HSBC Holdings [wikipedia.org]

.

Seems to me, like they are a London company in regulatory and legal requirements and location only, if Wikipedia's slant is correct. Sounds a lot like being a Delaware Corporation in this country...

Re:Hongkong Shanghai Banking Corporation (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32805028)

Nice job, typical pathetic anti-china troll. Cocksucking fuck.

Re:Hongkong Shanghai Banking Corporation (0)

Anonymous Coward | more than 4 years ago | (#32805402)

Get back to work. My iPhone 4 is still on backorder.

Re:Hongkong Shanghai Banking Corporation (2, Informative)

donscarletti (569232) | more than 4 years ago | (#32805634)

HSBC isn't really Chinese, it just owns Hong Kong, I'll tell you a story about it.

...for in this time the Empire was a devil of many faces, a merchant in India and a gaoler to Australia. But to the Chinese they appeared as Cai Shen, the god of wealth and bid the city folk pay sacrifice in the hall of HSBC and be rewarded with prosperity and monthly compounded interest .... And though the empire now sleeps in the dust, the high priest Sir Thomas Jackson still stands where his empress once stood, under the shadow of his great temple to money, which towers like a steeple over Hong Kong and reminds all those who look upon it of their piety.

Also China doesn't own the majority of American debt, they own roughly the same amount as Japan or the US does domestically, and the banks that own it are predominately the People's Bank of China (central bank) as well as the big 4 (ICBC, CCB, BOC, ABC)

This what you get when a bank to gets to big (0, Flamebait)

Joe The Dragon (967727) | more than 4 years ago | (#32804592)

This what you get when a bank to gets to big

tell em how you feel... (5, Informative)

metalmaster (1005171) | more than 4 years ago | (#32804608)

HSBC Customer Service (1.800.975.4722) HSBC Bank USA, N.A. P.O. Box 2013 Buffalo, NY 14240 https://www.hsbctaxpayerfinancialservices.com/htax/Cust/inquiry [hsbctaxpay...rvices.com] If it were my bank I'd take my money and walk....

Re:tell em how you feel... (1)

Elbereth (58257) | more than 4 years ago | (#32804628)

They closed my account and cancelled my debit card when I was a day or two late paying off an overdraft fee. Believe me, I told them how I feel back then.

But now I feel a little better about it.

Re:tell em how you feel... (0)

Anonymous Coward | more than 4 years ago | (#32805332)

They put a hold on my credit card when I tried to use the card in Niagra Falls / Canada. They said I needed to call them to let them know I am going out of the country. Even when the hotel was charged to the same credit card.

Re:tell em how you feel... (0)

Anonymous Coward | more than 4 years ago | (#32805376)

You don't need to call them. You can tell them online. Really not a big hassle.

Re:tell em how you feel... (5, Interesting)

girlintraining (1395911) | more than 4 years ago | (#32804654)

quote"A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don't do one."

Substitute recall for "policy change".

Re:tell em how you feel... (1)

LostCluster (625375) | more than 4 years ago | (#32804738)

This is why we have a government that forces companies to go through safety recalls...

Re:tell em how you feel... (1, Informative)

girlintraining (1395911) | more than 4 years ago | (#32804842)

This is why we have a government that forces companies to go through safety recalls...

You believe the government has a duty to protect you? Heh. You're funny. Find me a law that says they must render aid to you in an emergency. That you have a right to police protection, or any other form of protection. You don't have shit, unless you demand it, fight for it, and quite possibly still lose anyway to an entrenched bureaucracy.

Re:tell em how you feel... (4, Interesting)

LostCluster (625375) | more than 4 years ago | (#32805118)

I lost a job a little over a year ago. The government made my employer pay for insurance for in case they let me go for no fault of my own, and they didn't make a claim that it was my fault when they let me go, so I'm still collecting a weekly payment from the government where the biggest catch is that I have to make an effort to get another job. My benefits are about to run out, but 58 out of 99 US Senators (We'll miss you Mr. Byrd!) seem to think the government should pay for me to get more weekly checks, such a bill already passed the US House of Reps and would certainly be signed if it reached the President's inbox.

Yep. The government doesn't have a duty to protect me... they just like to and I'm not going to tell them to stop.

Re:tell em how you feel... (1)

Kitkoan (1719118) | more than 4 years ago | (#32805306)

Tell that to the millions of homeless, not to mention people having been mistreated by the police and nothing happen to the police for the crimes they did against them.

Re:tell em how you feel... (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#32805534)

Tell that to the millions of homeless, not to mention people having been mistreated by the police and nothing happen to the police for the crimes they did against them.

Maybe you'd like to post some citations for the stoopid charges you've made.

No? Of course not. You learned this crap in college no doubt. Maybe your parents can get their money back 'cause you clearly didn't learn jackshit.

Re:tell em how you feel... (0, Flamebait)

Kitkoan (1719118) | more than 4 years ago | (#32805742)

To start with, the National Law Center on Homelessness and Poverty [nlchp.org] states that, yeah, there are millions of homeless people.

As about Police abuse, since your no doubt some dumb kid (you 'stoopid' comment shows your still young and dumb) would mean your too young to hear of things like Rodney King. Not to mention other incidents like what happened last year by the US border guards [boingboing.net] kinda show that it does happen.

So... I'm of course believing you have some citations for claims that these things don't happen? Or maybe you can just try going to school to begin with.

Re:tell em how you feel... (0, Interesting)

Anonymous Coward | more than 4 years ago | (#32805470)

First, maybe if your employer wasn't forced to pay "insurance" money to the government, they would not have needed to lay you off.

Second, that forced insurance was also taken out of your paycheck. Maybe if so much money hadn't been going to "insurance" you could have saved some money so you wouldn't be a burden on society when you were laid you off.

Third, as one of the people paying you to sit on your ass wasting time and money on the internet, get a job, you fucking bum.

They call it insurance... (0)

Anonymous Coward | more than 4 years ago | (#32805638)

...but it's really just a tax and welfare program pair.

It's not run like insurance at all, they just call it that because people are comfortable with the idea of insurance.

Yes, governments love taxes and welfare programs. To take money from people who are making it, and distribute it among those who they think deserve it, gives them power. The more taxes, the more welfare programs, the more power. There's nobody in government who doesn't love power.

Whether it's manufacturing subsidies, or farm subsidies, or family allowance, or employment insurance, or social insurance, or food stamps, or socialized medicine, it's all the same thing: take from whoever has it, give it around as you see fit. It's all about power. Not about loving you, or protecting you. About their power, and you being dependent on it.

Re:tell em how you feel... (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32805646)

I would normally tell you that, unless you NEED the money, to please stop burdening our critically in debt country (and yes, the debt is at critical mass now). However, I encourage you to keep collecting unemployment so that the actual, reported unemployment number better reflects the true unemployment rate.
As it stands now, Obama keeps trotting he is successful in lowering unemployment from 9.9% to 9.5%, but whatever. If you count those fresh out of HS/college that can't find a job, those whose unemployment benefits already expired and those who simply gave up looking, the unemployment rate is actually 18.7%! That's right, nearly 1 in 5 Americans are out of work. So, do your duty and represent us.

Re:tell em how you feel... (0)

Anonymous Coward | more than 4 years ago | (#32805964)

(We'll miss you Mr. Byrd!)

***raises eyebrow***

Re:tell em how you feel... (1)

maxume (22995) | more than 4 years ago | (#32805156)

"I want you to listen to me very carefully, Tyler."

Re:tell em how you feel... (1)

Haeleth (414428) | more than 4 years ago | (#32805450)

Fight Club is a work of fiction. This means that the things it says are not necessarily true.

The reality is quite clearly different, as we can see by the recent events with Toyota: they were pressured into a massively damaging recall even though regulators were unable to prove that stuck accelerators had actually caused any deaths at all. Public anger is a powerful thing, particularly when the media chooses to fan the flames.

Re:tell em how you feel... (1)

mysidia (191772) | more than 4 years ago | (#32805666)

They were pressured, not forced.

There's one thing the poster forgot to include in the equation... probability of bad publicity, and number of lost sales of future products due to bad publicity X average cost of each lost sale.

Re:tell em how you feel... (1)

lorenlal (164133) | more than 4 years ago | (#32805760)

To be fair, the poster relayed the quote with the information that was contained in the original quote. That's not on the poster. If you haven't watched Fight Club, I highly recommend it.

But yes, you're right: A successful business has to keep their image as clean as possible, and at least appear to be doing the best they can. Or they can go the BP route and just work around all the rules, and not care because not enough people have the ability to affect their bottom line... But that's a whole different set of articles.

Re:tell em how you feel... (3, Informative)

postbigbang (761081) | more than 4 years ago | (#32804680)

The reason for the Buffalo NY address is that they bought Midland Marine Bank years ago.

Re:tell em how you feel... (1)

RobertM1968 (951074) | more than 4 years ago | (#32806034)

The reason for the Buffalo NY address is that they bought Midland Marine Bank years ago.

Marine Midland Bank (and associated subsidiaries) - back when it was the #3 bank in the country. But yes, that is otherwise mostly accurate. I worked for them. They (HSBC) already owned a large amount of MMB's stock (1980 onwards) - they just finished the acquisition (wholly own) in 1988 (though Wikipedia says 1987 - I am pretty sure it is wrong - I worked there and remember when the purchase was completed, and when shortly afterwards, we were offered relocation packages from Melville, NY to Syracuse, NY - or severance pay if we didnt want to move).

Anyway, MMB was indeed headquartered in Buffalo, with major offices in Syracuse and Melville.

Re:tell em how you feel... (5, Funny)

Lord_of_the_nerf (895604) | more than 4 years ago | (#32804784)

If it were my bank I'd take my money and walk....

According to the article they're more than happy to let anyone take your money and walk.

Re:tell em how you feel... (0)

Anonymous Coward | more than 4 years ago | (#32805420)

I might just take your money and walk along with everyone elses money I can get my hands on as well!

Re:tell em how you feel... (1)

martin-boundary (547041) | more than 4 years ago | (#32805548)

According to the article they're more than happy to let anyone take your money and walk.

Hey, that's an O(1) authentication algorithm! Pretty damn impressive from their IT team...

Re:tell em how you feel... (2, Insightful)

nurb432 (527695) | more than 4 years ago | (#32804928)

Call them on your way out the door as you close your account.

In Other Words (4, Insightful)

Low Ranked Craig (1327799) | more than 4 years ago | (#32804618)

'Through our systems and analytics, we focus on the greatest and most active threats in an effort to avoid negatively impacting customer experience.'

Oh by the way look at this other shiny pretty stuff we've been doing to divert your attention from this major fuck up, which we kinda did on purpose to save on customer service costs when you idiots try to use your unactivated cards.

Not that they are perfect but I've been much happier with my credit union than any commercial bank I've used in the last 20 years...

Re:In Other Words (0)

LostCluster (625375) | more than 4 years ago | (#32804762)

Credit card denials are actually profitable for the card issuers, they get to charge a fee when all they do is have to tell the merchant "no" plus collect the full regular fee when the transaction is retried after the problem is fixed or they pull out another card.

Re:In Other Words (3, Insightful)

SkyDude (919251) | more than 4 years ago | (#32805558)

I'm a merchant that accepts all major credit cards, and no, declines are not charged a fee. Only successful authorizations are charged.

Re:In Other Words (3, Insightful)

Aladrin (926209) | more than 4 years ago | (#32804878)

Actually, I read that differently.

Since they wouldn't commit to fighting this threat, and instead said they would work on their biggest threats...

WHAT THE HELL ARE THEIR BIGGEST THREATS!?

I'd be very, very scared of a bank that acknowledges that it has bigger threats than causing their customers to lose their money.

Re:In Other Words (1)

Dog-Cow (21281) | more than 4 years ago | (#32804922)

HSBC's biggest threats are those that might cost THEM money. Duh.

Re:In Other Words (1)

LostCluster (625375) | more than 4 years ago | (#32805418)

Their biggest threat is an employee not doing as instructed. Like lowering the standards on mortgages they buy in credit swaps...

Re:In Other Words (0)

Anonymous Coward | more than 4 years ago | (#32806012)

LostCluster,
You are a bit confused, it wasn't a "rogue" employee.
The banks actively and heavily promoted adjustable rate loans that once borrowers were locked in they then adjusted up until the borrowers failed.
Then then collected on the insurance they bought in case of failure AND of course still took possession of and sold off the property.

These decisions came from the top not the bottom.

Re:In Other Words (1)

Kitkoan (1719118) | more than 4 years ago | (#32805428)

Their biggest threats are loss of money for both themselves and their shareholders. Their interest in protecting their customers comes much further after this. HSBC is a business, and like all businesses, they are watching their and their shareholders bottom line online.

Greatest threats... (4, Insightful)

Darkness404 (1287218) | more than 4 years ago | (#32804624)

'Through our systems and analytics, we focus on the greatest and most active threats in an effort to avoid negatively impacting customer experience.'"

If you look at identity theft there are 3 "greatest" threats, stupidity on the part of the cardholder, stupidity on the part of the bank, or stupidity on the part of a third party. Even the best individual practices can't protect against stupidity from the bank or stupidity from a third party that has your card info for a legitimate reason.

For some reason banks seem to think that they aren't a threat to someone's security of their identity, they are a -huge- threat because they have all the information identity thieves need to make fraudulent purchases. Such things like this will undoubtedly have pressure put on the post office and mail handlers rather than the main culprit, the bank.

Greed (2, Insightful)

betterunixthanunix (980855) | more than 4 years ago | (#32804640)

Well, you know, if they are going to pay for adequate customer service, then the upper level management will not be paid as many millions of dollars per year as they are paid now. Think of the suffering of executives and shareholders before you start worrying about customers!

In before... (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32804648)

...the standard free market rant.

Roll the dice. (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32804660)

HSBC was the old Marine Midland bank -- a horrible institution under any name. Anyone who puts any money in HSBC is already a huge risk. This is only a single issue they gamble with your money.

Oh. (0)

Anonymous Coward | more than 4 years ago | (#32804668)

"By sending a combination package of the security embedded transaction device, and its use activated within our customer database, we have increase satisfaction by lowering cost and increasing responsiveness to banking service requests"

Oh. I could have been a master marketer. Why oh why did I go into science and peddle objective considerations when banging a stick in a swill bucket pays so much better! :|

Great (1)

HaloZero (610207) | more than 4 years ago | (#32804686)

According to the expiry date on my HSBC card, one of the mailed cards could very likely have been mine.

I will be cancelling my HSBC account as soon as I can find an effective replacement bank. We have an ESL Credit Union nearby; looking for any other alternatives if anyone has any suggestions.

Re:Great (3, Interesting)

LostCluster (625375) | more than 4 years ago | (#32804790)

My local credit unions either refuse to issue credit cards, or have co-branded cards that are actually issued by the major bank down the street from them. Credit cards is a risky game that small banks can't afford, because if the major employer in town shuts down they just might get defaults from enough people that the banks stability could be at stake. They aren't in the Too Big To Fail club.

Re:Great (1)

soupforare (542403) | more than 4 years ago | (#32805088)

I'm very pleased with DCU. They've got the customer service and low/lack of fees that my old hometown bank had before they were bought up. I don't partake, but I've friends that tell me that the investment and loan products are fair. The biggest problem they have is lack of locations, but I do everything over PC Branch or SUM network ATM anyway.

Re:Great (1)

number11 (129686) | more than 4 years ago | (#32805958)

I will be cancelling my HSBC account as soon as I can find an effective replacement bank. We have an ESL Credit Union nearby; looking for any other alternatives if anyone has any suggestions.

I don't know anything about ESL CU, but my personal accounts have been at a (originally "state employee") CU for 30 years. Their Visa is operated by somebody else under their name, but has a pretty low interest rate (10%, IIRC) and "points", which someday I'll find out if those are good for anything. When they stopped taking deposits at [major scum bank] ATMs (due to fraud, and the cost of dealing with it when it's via somebody else's ATM network), I made unhappy noises, and they changed my account so that I can "electronically deposit" (fill in an online form with the check info, and they credit to my account immediately, I mail in the check(s) within 10 days, I avoid thinking about ways that one might game this system). Plus, of course, most banks are operated to maximize profit for their shareholders (probably not you), while CUs are owned by the members (account holders), so at least in theory any profits accrue to you.

Cards should not be mailed. Period. (4, Interesting)

w0mprat (1317953) | more than 4 years ago | (#32804692)

I insist my Bank either mails to the local branch for pick up (with ID) or in some cases sends by signed courier. Almost every service representitive, when questioned thinks this is a "good idea" because they admit they hear of an enormous ammount of fraud this way. Banks have no interest in doing this by default in my area.

I understand it's usual practice in MOST countries to mail pre-activated cards (maily credit, debit not so much) to residential addresses. Indeed credit cards go 'missing' in the mail often.

This is one of the most common methods of physically obtaining a credit card. Even if you have to go to the branch to get the card activated by a pin, which occurs with Debit cards (credit cards you just need to sign the back of them and their good to go) the fraudsters know branches are slack about correctly checking ID and obtaining a fake or doctored ID is trivial.

My advice, for you own good, insist you pick up your new card from your local branch, if you have the option of paying for a signed courier if the bank won't then do so.

Pre-Activated Cards should not be mailed. Period. (4, Informative)

Psaakyrn (838406) | more than 4 years ago | (#32804804)

The problem is not with mailing, it's with pre-activation. The customer has to be made to activate manually to confirm that they did receive the card anyway. Activating manually generally requires user credentials. This can be done online, saving the hassle of having to go to a bank personally. (required: key from issued card + key from user account)

Also, if "the fraudsters know branches are slack about correctly checking ID and obtaining a fake or doctored ID is trivial", I have more issues with the bank than just the mailing of cards. Switch banks ASAP.

Re:Cards should not be mailed. Period. (1)

icebraining (1313345) | more than 4 years ago | (#32804820)

Debit cards in Portugal *can't* be pin-less. They come with a random default pin number inserted, which is transmitted separately to the costumer.

And brute-force doesn't work, obviously: ATMs don't give you your card back if you get the number wrong more than 4 (IIRC) times.

Re:Cards should not be mailed. Period. (0)

Anonymous Coward | more than 4 years ago | (#32805064)

You can buy plenty of stuff from the internet without ever entering a PIN.

Re:Cards should not be mailed. Period. (1)

mlts (1038732) | more than 4 years ago | (#32805354)

Depends on the ATM. Here in the US, a lot of ATMs don't capture the card, but allow someone to keep sliding it through a reader. I've not entered too many wrong PINs, so I'm guessing it would cause that card to be not valid at that ATM after a number of bad guesses.

Re:Cards should not be mailed. Period. (1, Insightful)

LostCluster (625375) | more than 4 years ago | (#32805164)

USPS: The service you use when if it gets lost, it's not your loss. Insurance available if money can replace what you lost.
UPS/FedEx: The services you use when you want to know where your package is, possibly change the delivery address or pull it back before it's out for delivery, and want confirmation that it got there or at least was dropped at a secure location like a mailroom or co-branded store location.

There's a reason why UPS and FedEx can charge much more for moving a piece of paper... they do it with a whole lot more features than USPS could ever offer.

Re:Cards should not be mailed. Period. (1)

hedwards (940851) | more than 4 years ago | (#32805266)

For all intents and purposes correct. However USPS does offer certified mail, wherein the item travels under lock and key the entire way until an authorized party signs for it. That's definitely quite a bit more secure than what either Fed Ex or UPS will offer.

Re:Cards should not be mailed. Period. (0)

Anonymous Coward | more than 4 years ago | (#32805560)

FYI: Only registered mail travels that way with the USPS, not certified.

Re:Cards should not be mailed. Period. (3, Informative)

number11 (129686) | more than 4 years ago | (#32805992)

"Certified" mail can require a signature for delivery (it's an extra-cost option). But it travels the normal first-class mail channels until it gets to you. You may be thinking of "registered" mail, which is handled in a secure fashion (and costs correspondingly).

Re:Cards should not be mailed. Period. (1)

WryCoder (18961) | more than 4 years ago | (#32805574)

USPS has Priority mail for speed and Certified First Class for on-line tracking, with and without signature confirmation, with and without a hard copy receipt of delivery ("return confirmation"). Then there is Registered mail, which is insurable and kept under lock and key until delivered. These services are much cheaper than FedEx.

There is also USPS Express Mail - next day delivery with tracking. It's essentially equivalent to FedEx, and delivers to PO Boxes, which FedEx won't do.

Re:Cards should not be mailed. Period. (1)

Rich0 (548339) | more than 4 years ago | (#32805580)

This raises a question in my mind. Just why do credit/debit cards expire, anyway?

Everybody validates every transaction online, if they have half a brain. If a merchant doesn't and the account is closed, then they're on the hook for the transaction regardless of the date on the card.

So, why should a credit card ever expire? If you want to put an expiration or renewal policy on the account, sure, go ahead and do it. But, why put that date on the card itself? We wouldn't mail out so many cards if we didn't constantly have to churn our accounts every few years.

On the other hand, on my one account it seems like I get a new card at least annually when I get one of those letters informing me that some merchant has lost my account number (along with a million others no doubt). That of course brings up my next question - why on earth do we have an authentication system that relies on a shared secret that is embossed on the front of the card and shared with anybody who ever does business with me? I guess it made sense in 1965, but RSA isn't even patented any longer, and you can accomplish something similar with symmetric ciphers that are unlikely to ever be broken as long as the only parties that need to be able to authenticate are your card and the central bank...

Re:Cards should not be mailed. Period. (1)

David_W (35680) | more than 4 years ago | (#32806066)

Just why do credit/debit cards expire, anyway? Everybody validates every transaction online, if they have half a brain.

Almost everyone... however, surprising as it may be, some places STILL use carbons. One of the doctors' offices I occasionally visit does. It surprised the heck out of me the first time, as I thought credit card machines were pretty standard fare these days. (I seem to recall them mentioning something about getting one soon; it's 2010, that qualifies as "about time" to me.) So I imagine expiration dates are a holdover until the credit card companies finally just say the machines that can do online verification are mandatory, at which point they could phase out expiration dates (and embossed numbers). Of course with the speed that industry seems to move that may happen sometime in the next decade or so.

Re:Cards should not be mailed. Period. (1)

Ksevio (865461) | more than 4 years ago | (#32805822)

So what do people like me do that use HSBC Direct (online banking)? There isn't a branch location within a hundred miles of me now.

I don't remember if I had to activated my debit card when I got it, but I remember there was a hassle to get the PIN since it had to be sent separately from the card.

Deregulation at its finest... (2, Interesting)

LostCluster (625375) | more than 4 years ago | (#32804706)

Here's the thing. You need a database server, an interactive phone system, and humans to talk to people who hit wrong buttons or don't have a clear enough phone line for touch tones... all of which cost money!

So, if the cost of faking the authentication and paying the fraud off weeks later (if it's caught by the consumer in time) is less than running the real system, that's profit for the bank's shareholders and our financial system requires the bank do what's best for the shareholders, not the customers.

Visa, MasterCard, AmEx, Discover, etc. should enforce a standard for these things, but they don't because if they did they'd have to punish HSBC, and in order to do that they'd lose transaction fees from a competitor that HSBC would most likely start....

You missed the point completely. (1)

Weezul (52464) | more than 4 years ago | (#32805424)

HSBC does not pay nearly the same costs for fraud when the card is a debit card, instead customers pay far more.

It's entirely possible that you'll never notice the missing card for 60 days, given banks usually send cards unsolicited when nearing expiration. If so, all the money taken from the account, even after those 60 days will not be reimbursed by your bank.

Credit cards offer more protection largely because you're spending the banks money, therefore banks usually don't make this mistake with credit cards.

Re:You missed the point completely. (1)

LostCluster (625375) | more than 4 years ago | (#32805486)

That's the point... debit card fraud costs less than the cost of fixing it, credit card fraud costs more than doing something about it, so they do something about it.

Re:You missed the point completely. (1)

Sporkinum (655143) | more than 4 years ago | (#32805946)

I was just a victim of debit card fraud. We paid off all our debt a few years ago, and decided to go debit card only. We had heard about people getting their card number stolen and charged against, so we used cash on vacation, except for card swipes at the pump for gasoline. Unfortunately, we had to use the card number to reserve hotel rooms, even though we paid by cash. About a week and a half after getting back from vacation in Colorado, we got about $1200 in charges from Mexico of which the blocked $600 worth. Needless to say, the card was canceled, and we are waiting on a new one. We are supposedly going to be refunded, but we are going to get a credit card since it has better protection against fraud like this.

HSBC adds another service (5, Funny)

Anonymous Coward | more than 4 years ago | (#32804730)

HSBC becomes the first bank to issue pre-signed checks to make check writing easier for it's customers. Simply fill in the amount and date and use the checks as easily as their pre-activated debit cards.

Just one question. (1)

vawarayer (1035638) | more than 4 years ago | (#32804746)

Up here, in Canada we have Eskimos, igloos, and whatever else you cliché of the moment is. We also got NIPs on our freaking bank cards, so if a bozo gets one in the mail they can't do zit with it if they aren't the trueful owner. Didn't read TFA though, maybe I missed somethin'

Re:Just one question. (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32804860)

Seriously. We aren't talking about credit cards here - we're talking about cards with a PIN number. Guess it wrong a few times, the account gets locked. The odds of someone guessing a 4+ digit code in 3 tries or less? You're more likely to be mugged by the security officer outside of your bank on your way to complain.

Re:Just one question. (0)

Anonymous Coward | more than 4 years ago | (#32805060)

No, seriously, you're talking about debit cards, not ATM cards.
Cards backed by VISA, AMEX, MC, or Discover.

Cards which can be used at any merchant doing business with those credit companies, with just a signature and NO PIN.

Re:Just one question. (0)

Anonymous Coward | more than 4 years ago | (#32805198)

your forgetting that most retailers require more than 50 dollars before a signature is required. i went to the dollar store and found they had 6 foot long gold tipped usb 2.0 cables on clearance i got all they had it was like thirty bucks ran my debit card. it didn't ask for my signature they said it takes fifty dollars before a signature is required.

Re:Just one question. (1)

shutdown -p now (807394) | more than 4 years ago | (#32805936)

What people call "debit cards" here in Canada (at least in my experience) are cards which require entering a PIN whenever money are withdrawn in any way - be it from ATM or at the register.

They usually cannot be used to purchase things online at all, though recently I've noticed some local businesses advertising the ability to pay with debit cards online for their services. I don't know how that works, as my bank - ironically, HSBC Canada - does not provide such a service.

Re:Just one question. (1)

aXis100 (690904) | more than 4 years ago | (#32806020)

Here in Australia what you are describing is a ATM Card / EFTPOS Card.

Debit cards are a new spin on Credit cards for people with bad credit ratings. They work exactly like a credit card, but you use your own savings account, not the bank's credit. Personally I wouldnt go near them as signiature security is shockingly poor.

Re:Just one question. (1)

Knowzy (950793) | more than 4 years ago | (#32805070)

Actually, we're talking about MasterCard branded "check cards." No PIN required. Just swipe or enter online anywhere MasterCard is accepted.

You're right, though, it's not exactly a credit card. It's worse.

As a debit card the money comes directly out of the linked checking account. If it were a credit card the victim would simply dispute the charges and never pay for them.

Re:Just one question. (1)

slimjim8094 (941042) | more than 4 years ago | (#32805270)

Yes and no. If you process a "check card" (I have a Visa one) as credit, it takes a few days to work through (they show up as grey in my e-banking register, instead of black). And if you report a lost/stolen card within 2 days of noticing it, you're limited to $50.

So your AMEX will probably protect you better, but check cards aren't exactly unsafe. I'd rather have chip-and-PIN than a magstripe, but if I want to spend any significant amount of money I still need either a PIN, CVV or a signature.

Re:Just one question. (1)

LostCluster (625375) | more than 4 years ago | (#32805394)

Yes and no. If you process a "check card" (I have a Visa one) as credit, it takes a few days to work through (they show up as grey in my e-banking register, instead of black). And if you report a lost/stolen card within 2 days of noticing it, you're limited to $50.

And furthermore most major banks will forgive that $50 the law allows them to deduct, calling the program $0 Lost/Stolen Card Liability. But, the problem is while they're verifying your claim, you don't have your money. You'll get it back in a few days, but they won't pay your Late Fee on your other obligations that you were going to pay with money you thought you had in the account.

Re:Just one question. (1)

Knowzy (950793) | more than 4 years ago | (#32805502)

Yes, you do get your money back eventually. According to one of my sources, the banks are obligated to replace the funds in two weeks [privacyrights.org] .

In practice, it may take longer.

I was hit by a card skimmer [krebsonsecurity.com] last year. It took over three weeks for Bank of America to replace the $500 stolen from my account. (I never got the $3 foreign ATM fee back, FWIW.)

As LostCluster points out, having an empty checking account when you're not expecting it can put you in a tight spot with your landlord/mortgage holder, etc.

First p0st! (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32804750)

HSBC Is Not Alone (0)

Anonymous Coward | more than 4 years ago | (#32804782)

Intrust Bank, NA [intrustbank.com] , for example, mails debit cards, ready-to-use.

Why to avoid debit with HSBC (4, Informative)

Robotron23 (832528) | more than 4 years ago | (#32804844)

An elderly relative of mine is with HSBC. Being quite savvy she liked to browse the Internet for bargains, and inevitably her search took her to eBay. Long story short a scammer sent a faulty item, lifting about £65/$100 from her debit card as payed through Paypal. Obviously the cardinal rule of debit card use is to avoid using one online as much as possible...never use one on eBay.

With what is certainly an anomaly in Paypal's so expertly rendered services that we now expect of a caring quasi-bank, she found herself delayed from getting her money back. Meanwhile our scammer had apparently left or been banned from Fleabay. So she called HSBC, citing the 'debit protection' they'd included with her current account.

Explaining the incident to the first man somewhere on the subcontinent was a nightmare. To his credit he seemed very pleased to help, but his listening skills and speaking style were out of touch with a native British English speaker. Simply put my relative couldn't understand half of what he was saying...and the calls degenerated into his profuse apologizing and her asking him to speak slower, politely.

This went on for a few more calls, two more foreign customer service people abroad went on - until eventually the lodged claim had enough clarity that it warranted getting a person who spoke better. Eventually an employee with English much closer to that of a typical Briton got on the phone, and despite being strenuously nagged over this seventy quid refused to pay because it was against the bank's policy to refund debit transactions.

But it all ended well as my relation had a cash ISA with the bank - it took a politely worded threat of changing accounts and ISA to a competitor before firmly requesting a superior a few times before an apparant manager reneged on HSBC's refusal and refunded the account in full. A whole lot of headaching for all concerned bar our scammer who apparently did a bunk with a nice chunk of change.

Moral of the story is to casually check with older/quite naive people who have the Internet but are not as experienced with the world of online shopping. Use credit cards not debit cards; if they are suspicious of credit explain it to them. Else they might have to talk to 'John or 'Richard' or 'Hannah' over at the other end of the commonwealth for hours chasing up. My family member was lucky judging by all the horror stories of 'debit protection' floating around.

Re:Why to avoid debit with HSBC (4, Interesting)

oldspewey (1303305) | more than 4 years ago | (#32805264)

my relation had a cash ISA with the bank - it took a politely worded threat of changing accounts and ISA to a competitor

I still remember the time I had a major bank screw up and erroneously charge me something like $150 in service fees. The entire thing was completely and entirely their fault, but their "policy" was not to reverse the charges in cases like this.

I calmly explained to the branch manager that I would pull everything out of the bank if they persisted in their decision. At the time, this included a chequing account, two savings accounts, a retirement investment portfolio, and a term deposit that was (rather fortuitously) coming up for renewal. The manager must have thought I was bluffing because she said there's nothing more she could do.

It took me about 4 weeks to thoroughly unwed myself from that bank and move every last penny to a competing institution, but I must say it was some of the most enjoyable and emotionally satisfying paperwork I've ever done.

Re:Why to avoid credit with HSBC (0)

Anonymous Coward | more than 4 years ago | (#32805390)

I have a similar story... change to credit, make HSBC the charger of fees on my account and it's much the same.

I recently made a large purchase on a HSBC co-branded card (the large retailer offered a "payment plan" which included the HSBC card). I figured I'd pay it out in two months but didn't have the cash right now. I also needed the large whitegoods item since mine had just died.

Long story short, I call them up, activate the card, confirm the payment details (so I can repay it) and seek assurances that if I pay half the balance soon that I won't have to pay more at statement time.

I do just that. I pay them two payments totalling $1k. One within a week of opening the account, another one or two days before the first statement is generated. HSBC refuses to accept that those two payments count towards the monthly account (actually, my lawyer informs me that consumer law says they do) and charges me late fees and interest on the full purchase amount.

Cut to three months later and I am filling paperwork for a police fraud report and small claims court to recover my costs in dealing with their fraudulent and illegal business practice.

Their primary business practice seems to be: "be evil, because most people won't notice or dispute it and the costs of dealing with the 0.5% who do care are insignificant next to the money we're printing". Nothing new there - most big companies behave that way.

Friends don't let friends get debit cards (4, Insightful)

sirwired (27582) | more than 4 years ago | (#32804980)

The lack of even the rudimentary security is precisely the reason I refuse to carry a debit card. Without your knowledge, your checking account is empty and your mortgage bouncing.

With a credit card, you get to argue with the bank about their money.

With a debit card, you get to argue with the bank about your money.

What happens when the bank denies your dispute? With credit cards, you get nastygrams. With debit cards, your mortgage starts bouncing. Again.

I'll take an ATM card any day of the week over a signature debit card.

SirWired

Re:Friends don't let friends get debit cards (0)

Anonymous Coward | more than 4 years ago | (#32805578)

This is a bunch of bunk. If your debit card is issued through Visa, you have the exact same protections as with a Visa credit card.

http://usa.visa.com/personal/security/visa_security_program/zero_liability.html

They say so right on their web page.

It took them a little while to follow through, but Mastercard has also followed suit.

http://www.mastercard.com/us/personal/en/cardholderservices/zeroliability.html

Re:Friends don't let friends get debit cards (1)

Knowzy (950793) | more than 4 years ago | (#32805874)

This is a bunch of bunk. If your debit card is issued through Visa, you have the exact same protections as with a Visa credit card.

Yes, AC, using a debit card as a MasterCard/Visa card does offer the same fraud protection as a standard credit card. The difference, as the OP explains, is you are on the hook initially for fraudulent transactions. They instantly flow out of your checking account.

When the bank gets around to agreeing with you that the charges are fraudulent, they will return the cash. This will be weeks later. You're bills may be due much sooner.

this makes perfect sense (1)

ILuvRamen (1026668) | more than 4 years ago | (#32805044)

This may appear to make no sense but I get it. Let me walk you through it. They do something horribly insecure and stupid. Then they issue this: "Through our systems and analytics, we focus on the greatest and most active threats in an effort to avoid negatively impacting customer experience." Then they realize that the biggest security threat at the moment is themselves. That blows their minds and with blown minds, they're unable to immediately solve the problem. That's how the sequence of events led up to where we are now with them still doing nothing about it.

They didn't do this to me (0)

Anonymous Coward | more than 4 years ago | (#32805114)

I got a new debit card from HSBC a few days ago. It was not preactivated...

Re:They didn't do this to me (2, Informative)

Knowzy (950793) | more than 4 years ago | (#32805260)

Details please, AC.

HSBC is a big, international company with many divisions. I'm not making this claim about all of them. Just the two I personally tested.

Also, how do you know the card you received wasn't preactivated? All of the cards in question had the standard "You must activate" sticker on it. The sticker was a lie.

What's the law? (1)

DoofusOfDeath (636671) | more than 4 years ago | (#32805246)

Can someone explain what the law is regarding banks' responsibility for safeguarding customers' money?

Re:What's the law? (1)

christoofar (451967) | more than 4 years ago | (#32805398)

See: TARP.

Re:What's the law? (2, Informative)

Weezul (52464) | more than 4 years ago | (#32805552)

Debit cards are substantially more dangerous than credit cards since debit cards are EFTs, although some banks offer equivalent protections.

Imagine your bank sends you a new card because yours will expire soon, but some kids steals your mail and used your card. You never noticed the card went missing since you rarely use it. Kid makes small charges initially but makes larger purchases over 60 days later. You eventually notice the fraudulent activity and tell the card company they are morons for sending an activated card, not noticing unusual activity, etc. If you had a credit card, well they might try making you pay, but ultimately you'll successfully contest the lines they add to your credit report. If you had a debit card, well you've already lost the money, and they won't fix it if they first fraudulent charges were 60 days ago.

Customers in the US are protected by Regulation E (3, Informative)

christoofar (451967) | more than 4 years ago | (#32805520)

You are NOT liable for debit fraud over $50 on your account, provided you notify the bank within 3 days of it occurring. The $50 exemption for banks is to incentivize you to report fraud quickly rather than waiting until the end of the statement cycle and looking at the paper, long after the fraudster has disappeared.

If your credit sucks too much to get a real credit card through a credit union---go get a secured credit card from people like Public Savings Bank [publicsavings.com] or a credit union that offers secured credit cards. You put up a security deposit and that's your credit line. If you close the account, you get the deposit back. If you get the secured card through some banks like CapOne, etc---they may unsecure the card after a while and return your deposit, which means then you have an unsecured credit card with a credit line.

Nonetheless... good luck with some of these banks in getting NSF funds due to fraud reversed. Large banks generally do whatever they can to keep their fee income, including pissing you off to the point where you close your account and take all your business away. Large national and regional banks as a whole only get concerned if you're a large customer that has significant deposits; mostly because branch managers do get graded on retail stats like how many new accounts opened and products purchased, etc. Losing a big depositor makes weekly stats look ugly, so they will bend over to save you. They really don't care much about the depositor who can barely keep $1,000/£500 in the bank.

The same goes with lending products. Customers with excellent credit (which the banks checks periodically by doing soft pulls on the credit bureaus), revolve their accounts somewhat and generate lots of transaction volume are woo'd and if you call to cancel a card--you will get xfer'd to a "customer save" department... ALWAYS manned by native English speakers, where they try to save the account from closure. Contrast that with borrowers with mediocre credit, make only minimum payments, late-pay or don't use their accounts much at all, the bank is happy to see them go.

You should always use a credit card when making purchases because it's the bank's money on the line, not your own and if you detect fraud, you can ask for a chargeback. Chargebacks cause the merchant to get money wiped off their credit card remittances for the amount of the chargeback.

I did a chargeback once when a kid at Starbucks rang up my coffee, twice, on two tickets. I only got one receipt but when I checked my credit card statement... two transactions for the same money for the same day hit my account. I clicked on the charge and clicked "Contest charge" and explained why I thought it was wrong. The next day the charge was gone off my statement, and that Starbucks store got $4.96 wiped off their credit card remittances for charging me twice, which leaves it to their store manager to search their records to find out why they got a chargeback and who caused it to happen, etc.

You can't easily do chargebacks with debit cards because you have to fight your bank. With credit cards it's easy, because Visa/MC/Amex/DISC build purchase protection into their credit card contracts.

Re:Customers in the US are protected by Regulation (1)

mysidia (191772) | more than 4 years ago | (#32805910)

Nonetheless... good luck with some of these banks in getting NSF funds due to fraud reversed. Large banks generally do whatever they can to keep their fee income

hm.. sounds like an opportunity to take the bank to court, on charges of unjust enrichment (in regards to the nsf fees), negligence (sending out pre-activated debit cards), breach of duty (in regards to securing the plaintiffs' account), and false advertising (in regards to advertising their debit cards as 'secure').

In addition, if the fraudster drained your account, and the bank enabled that... this may have prevented you from entering into a business relationship with someone else to buy goods at a certain price.

Not having the funds, you may have been unable to complete the transaction on time, or might have had to pay a higher price.

Bury the bank in paperwork and legal filings, and not only will they be refunding NFS fees, they should be paying you more, either when the gavel comes down against them, or they agree to settle on reasonable terms.

So HSBC has worse problems than this - uh oh (4, Insightful)

RichMan (8097) | more than 4 years ago | (#32805784)

I would worry a lot about the statement 'Through our systems and analytics, we focus on the greatest and most active threats in an effort to avoid negatively impacting customer experience.'

That would seem to indicate they have much worse problems than the pre-authorized debit cards in the mail that must require a lot of resources and planning to take control of.

Definitely a bank to avoid as both a customer and investor.

Re:So HSBC has worse problems than this - uh oh (0)

Anonymous Coward | more than 4 years ago | (#32805912)

All banks have this, or else they should.

Bank Change (2, Insightful)

helix2301 (1105613) | more than 4 years ago | (#32805792)

If my bank did this I would change banks. I know I have heard of small local banks being hacked and getting debit card numbers. But sending an activated debit card threw the mail is just bad business and bad security.

Notorious for destroying peoples credit (2, Informative)

Scared Rabbit (1526125) | more than 4 years ago | (#32805818)

When I worked in the mortgage industry, everyone said that these people would destroy your credit. I saw instances of them submitting the same account to the 3 credit rating bureaus under different business names so that credit reports made it look like people had way more outstanding debt. I've heard horror stories about them as a lender in general in fact, so much so that I've been given advice to never accept a store credit card that's backed by HSBC. I also briefly did work for them as a real estate appraiser, and our firm rather rapidly decided to stop doing business with them entirely, though I cannot remember what the reasoning is now (it's been several years).
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?