I Know How Important It is to Use Protection, But…
I never had to use one before, and I had dreaded the very day when I would be forced to. Sure, I know I should always try to protect myself. But it just feels so much better to go without it, you know? I don’t need that extra… Barrier. I just want to get things done. I don’t want to have to reach for something else.
Besides, it’s not as though I haven’t heard several complaints about it lately, as much as the media is encouraging the use of it. They keep saying it would be so much better and safer if everybody used one. So I knew it’s inevitable that some day, I would have to use it. My only wish was that the days before then would be prolonged for as much as possible.
When an unsuspecting-looking white package arrived in the mail recently, I knew that those days had come to an end.
The package came from the bank. DBS, to be precise. It contained the dreaded device, the latest security feature implemented by our local banks that puts the inconvenience into the formerly convenient internet banking. This, ladies and gentlemen, is the DBS iB secure device.

So from now on, whenever I log on to my internet banking account, I would need not just my user name and PIN, but a second PIN as well. This small device is to be brought along with me wherever I go because without the PIN it generates, I would not be able to use internet banking. How inconvenient!
Most, if not all, of the banks here have started implementing this feature. This means that people holding accounts with more than one bank would be carrying a few such devices around! And the worst thing is that most of the banks enforce its usage; there is no way to opt out of this.
The purpose of internet banking is such that people may access their bank accounts and perform transactions from anywhere in the world, just as long as there’s internet access. When I travel, I travel light. Who wants to bring along an extra device? When I am walking along the streets of Bangkok and happen to need to access my bank account, I would simply walk into an internet café and log on to my internet banking account. Would I have the security device with me? No!
So basically, you would have to carry the device with you everywhere you go. In addition to my phone, camera, wallet, ipod, cosmetic case, portable alarm and about a gazillion other things, I would also have to bring this thing with me. Great. I already have trouble tracking all the items in my bag, now I have one more thing to worry about. What happens if I lose it or it gets damaged shuffling about with all those things? A replacement device costs $20. Argh!
I really don’t see the point of having this second-level authentication. If someone did manage to somehow hack into my DBS internet banking account, he wouldn’t be able to transfer any of my money into his bank account anyway. There is already a security mechanism in place that requires a code to designate a new payee. And this code is dynamically generated and sent directly to my mobile phone. Without my mobile phone the hacker wouldn’t be able to get any money out of me! The most he can do is send money to my predesignated payees (who’s my mom), find out how poor I am, where I ate last week or where I buy my lingerie from.
Am I correct to say this? Or have I completely missed the point of this additional level of authentication? If there’s anyone who’s actually in favour of this new security mechanism please leave a message to explain your point!
November 30, 2006: I just received a letter today from another bank, UOB. To my horror the subject heading read “two-factor authentication”. I immediately thought I was going to get another device. Thankfully UOB performs the second level authentication through mobile phones! They are offering the device only to those people that actually request for one. Now THAT’S what I’m talking about! Three cheers for UOB!
December 1, 2006: I got Tomorrow-ed! All right! Thanks cobalt paladin for submitting my post!



Nov 29, 2006
30
Hi there,
It wasn’t all that difficult to find you, was it? ;-)
Drop me a line please.
Okay now a comment relevant to the post above.
HSBC shipped theirs long time ago. I have a HSBC India account, and they shipped mine to my India address, whereas I was here in Singapore. For 2 full months, I had to call up HSBC folks back in India (IDD :-o) everytime I needed to know my outstanding. Somehow I asked one of my friends to get it over here, and now I finally got it. Talk about inconvenience!!
This is a totally superfluous anti-hacker (anti-theft whtever..) mechanism which only causes a great deal of pain, esp for ppl on the move.
Nov 30, 2006
18
This is precisely the reason I had to stop using HSBC online banking a year ago, when they enforced on using this device. I received 2, and there was some confusion and they asked me to call them, change password, etc. I’ve never got them done until today.
Luckily for me, I haven’t received that thing from DBS. I hope I would never receive it but I know it’s just a matter of time. :(
Nov 30, 2006
18
And with your sex-oriented title, are you trying to conduct a ping.sg popularity experiment? Haha.
Nov 30, 2006
3470
Hey beni, good to hear from you :) That’s exactly what I’m talking about. Internet banking is made for convenience. And let’s face it, the majority of people who really need to use it are those frequently on the move. Yet this device directly inconveniences this group of people.
Nov 30, 2006
3470
Hey uzyn, I think HSBC is the first bank to implement this in Singapore. Not so sure if it was due to them that the other banks followed suit. And you would definitely get your DBS device. The bank promises to give this out “with compliments” to every single Internet banking user by the third quarter of 2007. And somehow I received it this early. Argh!
And yes, I’m trying to see how much does sex sell. This rather boring post is already receiving more pongs on ping.sg than my previous food and travel posts!
Nov 30, 2006
6
darn not quite i sexpected oops expected i mean. well about the point of sms for code, i think what they had in mind is when the hacker has your handphone and your pin.
Nov 30, 2006
3470
Haha sorry to disappoint you my dear.
Seriously what are the odds of that happening? Oh yeah someone may just happen to record his user name and PIN on his mobile phone, and then get his bag stolen (which had contained both the phone and the device). Sounds possible, but the first thing he would do is call the bank and let them know of the theft. The thief wouldn’t get any money from his bank account anyway!
In my opinion this device is just a hassle. An unnecessary one.
Nov 30, 2006
3
Couldn’t agree more with you on this subject. Like yourself I was expecting myself to receive the device at a much later date, but now its sitting pretty in my home, much to my inconvenience. I’m in Canada now and can’t access the device and DBS had promptly changed my login settings to the one that requires the authorntication of the device. F*#k….
And by the way, I don’t think the sexy opening made a difference to hits. Everytime I see some ridiculars sensual blogs I would just delete them in my google reader.
I had been reading your blog since subscribing to Ping and was really surprised when I saw your opening para. Nonetheless, it was kindda neat for a change from your usual style.
Nov 30, 2006
42
nice try experimenting with title, Veron!
anyway I’m waiting for mine to arrive also. Currently I also have a Standard Chartered ibanking account, and their version of the 2nd level is actually a sms to the mobile phone, which in my opinion is more convenient and definitely more mobile. Carrying that gadget around seems quite… silly?
Nov 30, 2006
3470
Hey Ed***, this sexy opening is an experiment. Over at ping.sg we have been discussing about the fact that the most pinged posts are the sex-related ones (mostly by a blogger with the initials SS). To be frank I am one of those people who ignore such posts at the first glance. This current post I have over here is simply an experiment, and while the minority gets turned off, I think it worked for most people.
Nov 30, 2006
3470
Hey chilycraps, you got that right. It is silly to carry this device around! And they make everyone do it! Can you imagine a high-ranking CEO whipping this silly device out to use it?
As to why DBS implemented this instead of using mobile phones, their rationale was that they didn’t want to have to go through a third party to get the PIN sent. With this device the PIN is sent directly. I guess it works for people going overseas who aren’t using their usual SIM card. But I would like to have the option of using this device or my mobile phone.
Dec 1, 2006
31
You just got tomorrow-ed. I saw that in my feed aggregator, congratulations!
And I was reading about your experiment (somewhere in the comments someone mentioned ping.sg) and the first thought was:
“Does it even have to be experimented in the first place? I thought it was already taken for granted that IT sells?”
Lmao…
Dec 1, 2006
16
Heh heh! Yeah, I submitted the cheeky entry to tomorrow.sg. Guess the editors found it amusing too and agree that this entry is worth being tomorrowed!
Dec 1, 2006
3470
Haha Aristocrat! I know sex sells! But I simply had to try it to believe it!
Dec 1, 2006
3470
“50 visitors currently online”! Whoa! The power of tomorrow.sg… Thanks Cobalt Paladin!
Dec 1, 2006
2
Hi Wanting,
I really like your blog. Very well designed and well written.
I like your heading for this article on internet banking. Was thinking about the media article on the rise of aids but then to my surprise, it was on internet banking. Wahahaha
Anyway, i too feel it is troublesome to have the 2 factor authorisation. esp with DBS bank where i do the most transactions. I don’t think the phishing cases have resulted in any losses to the bank as third party payments are already controlled.
Dec 1, 2006
14
Iknow most people dread them.
We are from a safe sect so we use our tools safely. We outwit hackers. See http://www.wits88.com :)
michael
Dec 1, 2006
3470
Hi Jonathan,
Wow I haven’t been addressed by my Chinese name in a very long time! Thanks for your comment, and I’m glad you like my blog.
I do most transactions with DBS too. In fact I came to work today and needed to transfer some funds to someone. And hey, guess what? I didn’t have my device with me!
UOB’s approach of letting people decide for themselves whether they want the security device is so much better.
Dec 1, 2006
16
Actually, you should thank ping.sg. That’s where I first found the article. :)
Dec 1, 2006
3470
True, I found many excellent blogs through ping.sg too. It’s my favourite website of the year.