Online banking security

Although my life is firmly in the US now, I still have a couple of bank accounts in the UK. One difference between US and UK practice has struck me as curious: both my UK accounts have far, far higher security than my Wells Fargo account here.

To log into my Wells Fargo account, I need my username and a password. I tried to set up a 10-character password, but the most the system will accept is eight characters. Odd. You’d think they’d encourage tougher passwords.

My two British banks take very different tacks. NatWest requires me first to have a customer number (my birthdate plus a unique four-digit number). If I successfully navigate that, I reach a window where I must enter my four-digit PIN (but only three random digits of the four, in case someone is looking over my shoulder) and then three of the ten alphanumeric characters of my password (again randomly selected). It’s an interesting mental exercise to do this, but I like the security it suggests. If I get through that, I reach a window that reminds me when I last logged in. If something doesn’t smell right at that point, there’s a fraud department to contact.

Smile (which I would dearly love to set up a US bank because it’s so wonderful in every way) has yet another approach. To log in, I need my bank sort code, my bank account number and my four-digit PIN. That takes me to a window where I am asked either for a significant date, significant name, first school attended or last school attended. Which choice you have is random. So someone would have to be a wonderful mind-reader as well as a good thief of data to get through to my Smile account. (Smile, not incidentally, is owned by The Cooperative Bank, not a corporation, and operates on pretty stringent ethical principles. I think there’d be a significant market in the US for banking along these lines.)

What’s curious about all this is that the US is so much more security conscious in so many ways than Britain. I get junk mail on a weekly basis from banks and credit card companies about the danger of identity theft. But they do a poor job of guarding my security online.

Leave a Reply

Your email address will not be published. Required fields are marked *