Wednesday, 12 August 2009

Co-operative Bank update

Today we spoke to a Customer Assurance Manager at the Bank. He was able to give the Bank's perspective, which helped to fill in gaps in our knowledge and understand where the Bank is coming from. However it did not resolve what we feel are serious problems with the Bank's approach.

  • Many reports say that security is a concern for banks, and that they need to do something to battle online fraud.
  • However in some cases it is the companies that sell these security device 'solutions' who are doing the research that creates panics and drives the agenda. For example, Xiring - who are selling these security devices to the Co-operative Bank - "issued its own findings having carried out a survey of UK online banking customers". Yes, there is fraud, but those who shout the loudest warnings are those who have a vested interest in these solutions, which introduces bias. Some of the statistics come from the Government too - but if Iraq told us anything, it is that reports and statistics from civil servants bear little relation to reality, and if a civil servant is pressed for 'evidence' they may turn to the convenient figures from the security companies who are pushing for technological fixes just as easily as an old student thesis that they can tart up and present as 'research'.
  • But surely Banks can come up with better options than wasteful electronic devices? Are we being told that with all the knowledge banks have, of every single transaction that takes place, they can't work with legal authorities to catch fraudsters (organised crime or individuals)? If they wanted to crack crime, they could. For example, if certain banks in certain countries are islands for fraud, and the Government and banks there d nothing, it is possible (and preferable) to cut off all transactions with them.
  • What other options are there? Cracking the crime is just one, albeit the best one for everyone. Other options include allowing opt-outs of the Card Reader scheme, perhaps with delays in transactions as a compensatory security measuere. Or maybe gradual use of existing biometrics. Banks can afford to investigate other options that we wouldn't even think of. And consider Paypal - a massive international financial organisation, and a world leader in convenience, yet they don't use cards and card readers. Other solutions are out there, but we won't get them by listening to companies that sell security products. They will just want to create markets for yet more electronic devices.
  • In terms of security, if someone has your bank details, then even without a card reader they can use those details to transfer money just by using the phone banking service. However in the future the Co-operative Bank might make card readers a requirement for that too. And then if you are with the Co-operative Bank (or any bank using these systems) and want to transfer money, but you don't want to have excess electronics in your house (you know, if you are a model, responsible citizen and want to avoid supporting waste) then you would be stuffed: cut out of banking services, and disenfranchised.
  • The Faster Payments Service has led to these increased security concerns in banks. So the banks offer the 'convenience' of transactions going through faster; in exchange for the inconvenience of having to take devices to work and on holiday in order to do banking, and the waste of extraneous, unnecessary devices. If people had known that would be the outcome, we suspect many customers would have preferred to stick to 'slow' transactions. Note that the Co-operative Bank opted to join this service by being part of Apacs, the Banking industry body. So all this Card Reader fiasco is partly the result of that decision by the bank. We have complained to Apacs.
  • In our previous post we pointed out that these devices were manufactured in China. That is a concern for two reasons.
  • Firstly, again and again we have seen sporting goods manufacturers benefiting from human rights abuses, which is inevitable when organisations are trying to maximise profit by going for the cheapest source of products, as is happening here with the Co-operative Bank. The Co-operative Bank told me that the company they get the devices from is meant to avoid abuses, but like the recycling issue, the abuses that have taken place in the past by other companies have also done so without the Western company claiming to be aware of the abuses. But the abuses go on, since companies manufacturing goods for the West are bound to say they are responsible (otherwise they won't get the contract).
  • Secondly is the issue of distance. Resources are being transported around the world to China; then the manufactured goods are transported around the world again to the UK. Then distributed around the UK to customers. (Then, eventually, either binned or sent around the world again to be 'recycled'). We are talking about a massive carbon footprint. The Customer Assurance Manager admitted the obvious point - it is cheaper for the Co-operative Bank to get the devices from China than to manufacture them in the UK. The reasons it is cheaper are obvious - because workers there have less legal rights, no minimum wage, and less protection. It is a question of cost over ethics, and it is disappointing that the Co-operative Bank is willing to sideline the ethics. The Customer Assurance Manager admitted that if the Card Readers were manufactured in the UK the scheme would not be cost-effective. To CCS that sounds like the Card Reader scheme should be cancelled, if it can only exist by putting ethics in second place.
Other points
  • CCS has concerns that the Card Reader scheme is setting a dangerous precedent. The average citizen is already treated like a criminal by big organisations - Microsoft force you to activate Windows; 2K make you activate your Bioshock game; media companies plaster their films with anti-piracy messages (and ironically, those who use illegal copies of Windows, Bioshock and films have a much smoother user experience with all of that removed). If hardware security schemes like the Co-operative Bank's are successful, how long will it be before we end up at the point where we not only have to activate everything and have separate accounts with every service, but we also have to use hardware dongles (familiar to anyone who played games in the 1980's - and they were hated with a vengeance back then too!) for every online service? Going on holiday would mean having to take a second suitcase of devices for online banking and eBay, to check your mortgage online, to alter broadband subscription details, to pay for mobile phone credits, to connect to Twitter... It is not a route we should go down.
The Co-operative Bank must have a get-out for if the Card Reader scheme fails. Maybe it will be too unpopular, or have technical problems, or the manufacturer will go bankrupt, or human rights abuses will be brought to light, or criminal gangs will hack the devices etc. Many things can go wrong. So what criteria would it take to trigger a rethink on the scheme?

Updates 23 August 09:

  • We has contacted APACS on Wednesday, August 12, 2009, pointing out that the implications of their work on the Faster Payments Service are policies like this, which are harmful to the environment. They haven't bothered to reply.
  • We had a 'Final Response' from the Co-operative Bank on 17th August. They have no plans to drop this scheme, despite all the points made earlier.
  • So customers will no longer be able to do most of their online banking if they stick to their ethics and don't want to contribute to further waste.
  • Customers will no longer be able to do most of their online banking if they want to avoid the inconvenience of having to carry devices around with them so that they can bank online from home, from work, from holidays, from the houses of friends and family etc...
  • If the Co-operative Bank extend the scheme to phone banking in the future (which they said they may do), then anyone who does not want to use any of the devices will not be able to bank with the Co-operative Bank at all unless they have a nearby branch - but only a minority of customers have a branch nearby.
  • So the end result of all these new policies is further waste of the Earth's resources, and inconvenience to customers. And that is their 'Final Response'.

No comments: