goes by the name veron (english) or wanting (chinese). a definitive leo born august 1, 1984. a solo traveler. loves cats, coffee, sensual music, yummy food and technology. when she's not at her job as an IS developer for the government, she's likely to be out dining, or visiting an interesting art gallery or event.
i never had to use one before, and i had dreaded the very day when i would be forced to. sure, i know i should always try to protect myself. but it just feels so much better to go without it, you know? i don’t need that extra… barrier. i just want to get things done. i don’t want to have to reach for something else.
besides, it’s not as though i haven’t heard several complaints about it lately, as much as the media is encouraging the use of it. they keep saying it would be so much better and safer if everybody used one. so i knew it’s inevitable that some day, i would have to use it. my only wish was that the days before then would be prolonged for as much as possible.
when an unsuspecting-looking white package arrived in the mail recently, i knew that those days had come to an end.
the package came from the bank. DBS, to be precise. it contained the dreaded device, the latest security feature implemented by our local banks that puts the inconvenience into the formerly convenient internet banking. this, ladies and gentlemen, is the DBS iB secure device.
so from now on, whenever i log on to my internet banking account, i would need not just my user name and PIN, but a second PIN as well. this small device is to be brought along with me wherever i go because without the PIN it generates, i would not be able to use internet banking. how inconvenient!
most, if not all, of the banks here have started implementing this feature. this means that people holding accounts with more than one bank would be carrying a few such devices around! and the worst thing is that most of the banks enforce its usage; there is no way to opt out of this.
the purpose of internet banking is such that people may access their bank accounts and perform transactions from anywhere in the world, just as long as there’s internet access. when i travel, i travel light. who wants to bring along an extra device? when i am walking along the streets of bangkok and happen to need to access my bank account, i would simply walk into an internet café and log on to my internet banking account. would i have the security device with me? no!
so basically, you would have to carry the device with you everywhere you go. in addition to my phone, camera, wallet, ipod, cosmetic case, portable alarm and about a gazillion other things, i would also have to bring this thing with me. great. i already have trouble tracking all the items in my bag, now i have one more thing to worry about. what happens if i lose it or it gets damaged shuffling about with all those things? a replacement device costs $20. argh!
i really don’t see the point of having this second-level authentication. if someone did manage to somehow hack into my DBS internet banking account, he wouldn’t be able to transfer any of my money into his bank account anyway. there is already a security mechanism in place that requires a code to designate a new payee. and this code is dynamically generated and sent directly to my mobile phone. without my mobile phone the hacker wouldn’t be able to get any money out of me! the most he can do is send money to my predesignated payees (who’s my mom), find out how poor i am, where i ate last week or where i buy my lingerie from.
am i correct to say this? or have i completely missed the point of this additional level of authentication? if there’s anyone who’s actually in favor of this new security mechanism please leave a message to explain your point!
news updates
November 30, 2006: i just received a letter today from another bank, UOB. to my horror the subject heading read “two-factor authentication”. i immediately thought i was going to get another device. thankfully UOB performs the second level authentication through mobile phones! they are offering the device only to those people that actually request for one. now THAT’S what i’m talking about! three cheers for UOB!
December 1, 2006: i got tomorrow-ed! alright! thanks cobalt paladin for submitting my post!
Posted by Veron ·
Uncategorized category ·
7,404 viewspossibly related posts
like this post?
Send this post to a friend
Print this post
RSS feed for comments on this post
Subscribe to my blog RSS feed
Hi there,
It wasn’t all that difficult to find you, was it? ;-)
Drop me a line please.
Okay now a comment relevant to the post above.
HSBC shipped theirs long time ago. I have a HSBC India account, and they shipped mine to my India address, whereas I was here in Singapore. For 2 full months, I had to call up HSBC folks back in India (IDD :-o) everytime I needed to know my outstanding. Somehow I asked one of my friends to get it over here, and now I finally got it. Talk about inconvenience!!
This is a totally superfluous anti-hacker (anti-theft whtever..) mechanism which only causes a great deal of pain, esp for ppl on the move. View all comments by Beni
This is precisely the reason I had to stop using HSBC online banking a year ago, when they enforced on using this device. I received 2, and there was some confusion and they asked me to call them, change password, etc. I’ve never got them done until today.
Luckily for me, I haven’t received that thing from DBS. I hope I would never receive it but I know it’s just a matter of time. :( View all comments by uzyn
And with your sex-oriented title, are you trying to conduct a ping.sg popularity experiment? Haha. View all comments by uzyn
Hey beni, good to hear from you :) That’s exactly what I’m talking about. Internet banking is made for convenience. And let’s face it, the majority of people who really need to use it are those frequently on the move. Yet this device directly inconveniences this group of people. View all comments by Veron
Hey uzyn, I think HSBC is the first bank to implement this in Singapore. Not so sure if it was due to them that the other banks followed suit. And you would definitely get your DBS device. The bank promises to give this out “with compliments” to every single Internet banking user by the third quarter of 2007. And somehow I received it this early. Argh!
And yes, I’m trying to see how much does sex sell. This rather boring post is already receiving more pongs on ping.sg than my previous food and travel posts! View all comments by Veron
darn not quite i sexpected oops expected i mean. well about the point of sms for code, i think what they had in mind is when the hacker has your handphone and your pin. View all comments by tyc76
Haha sorry to disappoint you my dear.
Seriously what are the odds of that happening? Oh yeah someone may just happen to record his user name and PIN on his mobile phone, and then get his bag stolen (which had contained both the phone and the device). Sounds possible, but the first thing he would do is call the bank and let them know of the theft. The thief wouldn’t get any money from his bank account anyway!
In my opinion this device is just a hassle. An unnecessary one. View all comments by Veron
Couldn’t agree more with you on this subject. Like yourself I was expecting myself to receive the device at a much later date, but now its sitting pretty in my home, much to my inconvenience. I’m in Canada now and can’t access the device and DBS had promptly changed my login settings to the one that requires the authorntication of the device. F*#k….
And by the way, I don’t think the sexy opening made a difference to hits. Everytime I see some ridiculars sensual blogs I would just delete them in my google reader.
I had been reading your blog since subscribing to Ping and was really surprised when I saw your opening para. Nonetheless, it was kindda neat for a change from your usual style. View all comments by Ed***
nice try experimenting with title, Veron!
anyway I’m waiting for mine to arrive also. Currently I also have a Standard Chartered ibanking account, and their version of the 2nd level is actually a sms to the mobile phone, which in my opinion is more convenient and definitely more mobile. Carrying that gadget around seems quite… silly? View all comments by chillycraps
Hey Ed***, this sexy opening is an experiment. Over at ping.sg we have been discussing about the fact that the most pinged posts are the sex-related ones (mostly by a blogger with the initials SS). To be frank I am one of those people who ignore such posts at the first glance. This current post I have over here is simply an experiment, and while the minority gets turned off, I think it worked for most people. View all comments by Veron
Hey chilycraps, you got that right. It is silly to carry this device around! And they make everyone do it! Can you imagine a high-ranking CEO whipping this silly device out to use it?
As to why DBS implemented this instead of using mobile phones, their rationale was that they didn’t want to have to go through a third party to get the PIN sent. With this device the PIN is sent directly. I guess it works for people going overseas who aren’t using their usual SIM card. But I would like to have the option of using this device or my mobile phone. View all comments by Veron
You just got tomorrow-ed. I saw that in my feed aggregator, congratulations!
And I was reading about your experiment (somewhere in the comments someone mentioned ping.sg) and the first thought was:
“Does it even have to be experimented in the first place? I thought it was already taken for granted that IT sells?”
Lmao… View all comments by Aristocrat
Heh heh! Yeah, I submitted the cheeky entry to tomorrow.sg. Guess the editors found it amusing too and agree that this entry is worth being tomorrowed! View all comments by Cobalt Paladin
Haha Aristocrat! I know sex sells! But I simply had to try it to believe it! View all comments by Veron
“50 visitors currently online”! Whoa! The power of tomorrow.sg… Thanks Cobalt Paladin! View all comments by Veron
Hi Wanting,
I really like your blog. Very well designed and well written.
I like your heading for this article on internet banking. Was thinking about the media article on the rise of aids but then to my surprise, it was on internet banking. Wahahaha
Anyway, i too feel it is troublesome to have the 2 factor authorisation. esp with DBS bank where i do the most transactions. I don’t think the phishing cases have resulted in any losses to the bank as third party payments are already controlled. View all comments by Jonathan
Iknow most people dread them.
We are from a safe sect so we use our tools safely. We outwit hackers. See http://www.wits88.com :)
michael View all comments by michael
Hi Jonathan,
Wow I haven’t been addressed by my Chinese name in a very long time! Thanks for your comment, and I’m glad you like my blog.
I do most transactions with DBS too. In fact I came to work today and needed to transfer some funds to someone. And hey, guess what? I didn’t have my device with me!
UOB’s approach of letting people decide for themselves whether they want the security device is so much better. View all comments by Veron
Actually, you should thank ping.sg. That’s where I first found the article. :) View all comments by Cobalt Paladin
True, I found many excellent blogs through ping.sg too. It’s my favorite website of the year. View all comments by Veron
Hi. I prefer to call your Chinese name. I happen to have a friend with the same name too! View all comments by Jonathan
well, u probably haven got burn like me… This happen to me just a 2 days ago. My dbs ibanking was being HACKED.. my last transaction was on 27/11 bll payment to sp services. On 30/11/05, i tried to access my ibank and login but the password was rejected 3 times and account was locked. I got a feeling something happened and called the bank. After verifying my personal details, they told me my last transaction was 30/11 of 2 transactions of $20.39. I was shocked View all comments by sad girl
I got even a bigger shock when the bank says there was a $2949 ttransaction of d2pay from dbs bank out of my account on 29/11/06. I cant believe that dbs security is so easily being hacked into.. i made police report + bank report… now still pending.. its $3k suddenly gone.. how i hope that i can get the device earlier.. but i lose confidence in dbs banking… have being with OCBC banking for 10 yrs and none of this happen… and ironically, i just open account with dbs bank 2 months ago.. sighz View all comments by sad girl
and i have to let u guys know… that its not the ibanking that we should worry as we have to verify if transfer to a third party.. this smart hacker here use enets … d2pay to transfer to other accounts.. so the device will be really helpful.. its beter to be safe than sorry… View all comments by sad girl
Hi Sad Girl,
I am sorry to hear about your loss and can understand how you feel that the secure device would have prevented something like that from happening.
However, I believe the main gripe that most people are having is that they are being strong-armed by DBS into using it, and not given an option to use other methods instead.
I wish you well in your future dealings with the DBS. When I get my secure device, the first thing I will do, like many others, will be to transfer all my money to UOB and close my DBS account.
What a PR nightmare, DBS. View all comments by Johnny Malkavian
We have been telling banks in Singapore over and over again for a long time, but to deaf ears. It’s hard to sell security. sigh. It only becomes important when ‘it’ really happens to them.
Incidentally, most of our customers now are not Singapore based. Does that say something? :)
Have a witty day!
michael
http://www.wits88.com View all comments by michael
Security measures can get a bit stifling, especially when extra authentication is needed, but if it concerns the safety of both my data and money, I strongly feel that these measures are not only necessary, but the last line of defence in the event that your pin is compromised.
Don’t wait until your money has all been transferred out to whine about the lack of security.
I do agree that the implementation is probably a little option-less, since given the mobile phone penetration in Singapore, it is quite dumb not to leverage on the omni-present cell networks for the 2FA authentication. View all comments by pkchukiss
I see a deluge of comments, plus new visitors as well lol.
Well Sad Girl, if it’s iBanking you are engaging you might want to take note of the “security” of the desktop/laptop you are using. Sometimes there may be keyloggers in your comp? However I’m not sure if a “secured” site is able to prevent keylogging. Likewise, cleaning your comp of spyware is important too. The consumer needs to play a role, not just the service-provider.
Good luck! View all comments by Aristocrat
The device is extremely inconvenient. They should only use it for authorizing new bill payments or new funds transfer payees. Having to use this device simply to log and check an account balance is overkill.
It doesn’t address the problem that I might be overseas and wouldn’t want to carry the device with me. What was wrong with the previous handphone OTPs for adding new funds transfer payees?
I really don’t get it. This 2FA thing is absolutely useless. So much for *internet* banking. I might as well go back to using the ATM.
I *hope* that they don’t introduce this to their Business Internet Banking (IDEAL) soon. That would really piss me off. View all comments by chrischoo
I read the upcoming Citibank one has an SMS option so u don’t need to carry the token thingy around. Also, u can login without the second factor password, u only need it when u need to transact.. seems more convenient. Maybe DBS should use this approach… View all comments by Eng Kiat
For a moment, I tot you shot-gun-ed. :P View all comments by DK
if a hacker can get hold of yr pin and yr handphone..doubtful that the device will still be with you…
i got mine today..and i will not register it online till the very last day i die die have to use it. View all comments by zeroflame
With regards to Veron’s quote
“UOB’s approach of letting people decide for themselves whether they want the security device is so much better.”
Yes UOB understand their customer well. Time & time again the If it’s not broken, don’t fix it concept has been proven. Looking at how some HSBC & DBS customers moving to other online banking platform.
Now for those who are entrepreneurial, i have an idea as explained on my blog at http://billiondollarwebsites.blogspot.com/2007/07/veron-at-sparlette.html View all comments by alex from billiondollarwebsites.com
be notified of new comments through email without commenting.