Slashdot Mirror
HSBC Bank Sends Activated Debit Cards Through Mail
Knowzy writes "At least two divisions at HSBC Bank apparently failed card issuing 101 and are mailing out debit cards pre-activated. Because they are debit cards, fraudulent transactions come directly out of a victim's checking account. A similar report from 2004 suggests this issue is longstanding and widespread. When confronted with the evidence, HSBC would not commit to fixing this issue, preferring instead to offer vague statements like, 'Through our systems and analytics, we focus on the greatest and most active threats in an effort to avoid negatively impacting customer experience.'"
HSBC Customer Service (1.800.975.4722) HSBC Bank USA, N.A. P.O. Box 2013 Buffalo, NY 14240 https://www.hsbctaxpayerfinancialservices.com/htax/Cust/inquiry If it were my bank I'd take my money and walk....
'Through our systems and analytics, we focus on the greatest and most active threats in an effort to avoid negatively impacting customer experience.'
Oh by the way look at this other shiny pretty stuff we've been doing to divert your attention from this major fuck up, which we kinda did on purpose to save on customer service costs when you idiots try to use your unactivated cards.
Not that they are perfect but I've been much happier with my credit union than any commercial bank I've used in the last 20 years...
I still cannot find the droids I am looking for...
'Through our systems and analytics, we focus on the greatest and most active threats in an effort to avoid negatively impacting customer experience.'"
If you look at identity theft there are 3 "greatest" threats, stupidity on the part of the cardholder, stupidity on the part of the bank, or stupidity on the part of a third party. Even the best individual practices can't protect against stupidity from the bank or stupidity from a third party that has your card info for a legitimate reason.
For some reason banks seem to think that they aren't a threat to someone's security of their identity, they are a -huge- threat because they have all the information identity thieves need to make fraudulent purchases. Such things like this will undoubtedly have pressure put on the post office and mail handlers rather than the main culprit, the bank.
Taxation is legalized theft, no more, no less.
They aren't Chinese - they British. They were incorporated in London in 1990 and have been headquartered in London since 1993. Even the Wikipedia page will tell you that.
Well, you know, if they are going to pay for adequate customer service, then the upper level management will not be paid as many millions of dollars per year as they are paid now. Think of the suffering of executives and shareholders before you start worrying about customers!
Palm trees and 8
I insist my Bank either mails to the local branch for pick up (with ID) or in some cases sends by signed courier. Almost every service representitive, when questioned thinks this is a "good idea" because they admit they hear of an enormous ammount of fraud this way. Banks have no interest in doing this by default in my area.
I understand it's usual practice in MOST countries to mail pre-activated cards (maily credit, debit not so much) to residential addresses. Indeed credit cards go 'missing' in the mail often.
This is one of the most common methods of physically obtaining a credit card. Even if you have to go to the branch to get the card activated by a pin, which occurs with Debit cards (credit cards you just need to sign the back of them and their good to go) the fraudsters know branches are slack about correctly checking ID and obtaining a fake or doctored ID is trivial.
My advice, for you own good, insist you pick up your new card from your local branch, if you have the option of paying for a signed courier if the bank won't then do so.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
Here's the thing. You need a database server, an interactive phone system, and humans to talk to people who hit wrong buttons or don't have a clear enough phone line for touch tones... all of which cost money!
So, if the cost of faking the authentication and paying the fraud off weeks later (if it's caught by the consumer in time) is less than running the real system, that's profit for the bank's shareholders and our financial system requires the bank do what's best for the shareholders, not the customers.
Visa, MasterCard, AmEx, Discover, etc. should enforce a standard for these things, but they don't because if they did they'd have to punish HSBC, and in order to do that they'd lose transaction fees from a competitor that HSBC would most likely start....
HSBC becomes the first bank to issue pre-signed checks to make check writing easier for it's customers. Simply fill in the amount and date and use the checks as easily as their pre-activated debit cards.
My local credit unions either refuse to issue credit cards, or have co-branded cards that are actually issued by the major bank down the street from them. Credit cards is a risky game that small banks can't afford, because if the major employer in town shuts down they just might get defaults from enough people that the banks stability could be at stake. They aren't in the Too Big To Fail club.
The problem is not with mailing, it's with pre-activation. The customer has to be made to activate manually to confirm that they did receive the card anyway. Activating manually generally requires user credentials. This can be done online, saving the hassle of having to go to a bank personally. (required: key from issued card + key from user account)
Also, if "the fraudsters know branches are slack about correctly checking ID and obtaining a fake or doctored ID is trivial", I have more issues with the bank than just the mailing of cards. Switch banks ASAP.
An elderly relative of mine is with HSBC. Being quite savvy she liked to browse the Internet for bargains, and inevitably her search took her to eBay. Long story short a scammer sent a faulty item, lifting about £65/$100 from her debit card as payed through Paypal. Obviously the cardinal rule of debit card use is to avoid using one online as much as possible...never use one on eBay.
With what is certainly an anomaly in Paypal's so expertly rendered services that we now expect of a caring quasi-bank, she found herself delayed from getting her money back. Meanwhile our scammer had apparently left or been banned from Fleabay. So she called HSBC, citing the 'debit protection' they'd included with her current account.
Explaining the incident to the first man somewhere on the subcontinent was a nightmare. To his credit he seemed very pleased to help, but his listening skills and speaking style were out of touch with a native British English speaker. Simply put my relative couldn't understand half of what he was saying...and the calls degenerated into his profuse apologizing and her asking him to speak slower, politely.
This went on for a few more calls, two more foreign customer service people abroad went on - until eventually the lodged claim had enough clarity that it warranted getting a person who spoke better. Eventually an employee with English much closer to that of a typical Briton got on the phone, and despite being strenuously nagged over this seventy quid refused to pay because it was against the bank's policy to refund debit transactions.
But it all ended well as my relation had a cash ISA with the bank - it took a politely worded threat of changing accounts and ISA to a competitor before firmly requesting a superior a few times before an apparant manager reneged on HSBC's refusal and refunded the account in full. A whole lot of headaching for all concerned bar our scammer who apparently did a bunk with a nice chunk of change.
Moral of the story is to casually check with older/quite naive people who have the Internet but are not as experienced with the world of online shopping. Use credit cards not debit cards; if they are suspicious of credit explain it to them. Else they might have to talk to 'John or 'Richard' or 'Hannah' over at the other end of the commonwealth for hours chasing up. My family member was lucky judging by all the horror stories of 'debit protection' floating around.
The lack of even the rudimentary security is precisely the reason I refuse to carry a debit card. Without your knowledge, your checking account is empty and your mortgage bouncing.
With a credit card, you get to argue with the bank about their money.
With a debit card, you get to argue with the bank about your money.
What happens when the bank denies your dispute? With credit cards, you get nastygrams. With debit cards, your mortgage starts bouncing. Again.
I'll take an ATM card any day of the week over a signature debit card.
SirWired
Details please, AC.
HSBC is a big, international company with many divisions. I'm not making this claim about all of them. Just the two I personally tested.
Also, how do you know the card you received wasn't preactivated? All of the cards in question had the standard "You must activate" sticker on it. The sticker was a lie.
You are NOT liable for debit fraud over $50 on your account, provided you notify the bank within 3 days of it occurring. The $50 exemption for banks is to incentivize you to report fraud quickly rather than waiting until the end of the statement cycle and looking at the paper, long after the fraudster has disappeared.
If your credit sucks too much to get a real credit card through a credit union---go get a secured credit card from people like Public Savings Bank or a credit union that offers secured credit cards. You put up a security deposit and that's your credit line. If you close the account, you get the deposit back. If you get the secured card through some banks like CapOne, etc---they may unsecure the card after a while and return your deposit, which means then you have an unsecured credit card with a credit line.
Nonetheless... good luck with some of these banks in getting NSF funds due to fraud reversed. Large banks generally do whatever they can to keep their fee income, including pissing you off to the point where you close your account and take all your business away. Large national and regional banks as a whole only get concerned if you're a large customer that has significant deposits; mostly because branch managers do get graded on retail stats like how many new accounts opened and products purchased, etc. Losing a big depositor makes weekly stats look ugly, so they will bend over to save you. They really don't care much about the depositor who can barely keep $1,000/£500 in the bank.
The same goes with lending products. Customers with excellent credit (which the banks checks periodically by doing soft pulls on the credit bureaus), revolve their accounts somewhat and generate lots of transaction volume are woo'd and if you call to cancel a card--you will get xfer'd to a "customer save" department... ALWAYS manned by native English speakers, where they try to save the account from closure. Contrast that with borrowers with mediocre credit, make only minimum payments, late-pay or don't use their accounts much at all, the bank is happy to see them go.
You should always use a credit card when making purchases because it's the bank's money on the line, not your own and if you detect fraud, you can ask for a chargeback. Chargebacks cause the merchant to get money wiped off their credit card remittances for the amount of the chargeback.
I did a chargeback once when a kid at Starbucks rang up my coffee, twice, on two tickets. I only got one receipt but when I checked my credit card statement... two transactions for the same money for the same day hit my account. I clicked on the charge and clicked "Contest charge" and explained why I thought it was wrong. The next day the charge was gone off my statement, and that Starbucks store got $4.96 wiped off their credit card remittances for charging me twice, which leaves it to their store manager to search their records to find out why they got a chargeback and who caused it to happen, etc.
You can't easily do chargebacks with debit cards because you have to fight your bank. With credit cards it's easy, because Visa/MC/Amex/DISC build purchase protection into their credit card contracts.
Debit cards are substantially more dangerous than credit cards since debit cards are EFTs, although some banks offer equivalent protections.
Imagine your bank sends you a new card because yours will expire soon, but some kids steals your mail and used your card. You never noticed the card went missing since you rarely use it. Kid makes small charges initially but makes larger purchases over 60 days later. You eventually notice the fraudulent activity and tell the card company they are morons for sending an activated card, not noticing unusual activity, etc. If you had a credit card, well they might try making you pay, but ultimately you'll successfully contest the lines they add to your credit report. If you had a debit card, well you've already lost the money, and they won't fix it if they first fraudulent charges were 60 days ago.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
HSBC isn't really Chinese, it just owns Hong Kong, I'll tell you a story about it.
...for in this time the Empire was a devil of many faces, a merchant in India and a gaoler to Australia. But to the Chinese they appeared as Cai Shen, the god of wealth and bid the city folk pay sacrifice in the hall of HSBC and be rewarded with prosperity and monthly compounded interest .... And though the empire now sleeps in the dust, the high priest Sir Thomas Jackson still stands where his empress once stood, under the shadow of his great temple to money, which towers like a steeple over Hong Kong and reminds all those who look upon it of their piety.
Also China doesn't own the majority of American debt, they own roughly the same amount as Japan or the US does domestically, and the banks that own it are predominately the People's Bank of China (central bank) as well as the big 4 (ICBC, CCB, BOC, ABC)
When Argumentum ad Hominem falls short, try Argumentum ad Matrem
I would worry a lot about the statement 'Through our systems and analytics, we focus on the greatest and most active threats in an effort to avoid negatively impacting customer experience.'
That would seem to indicate they have much worse problems than the pre-authorized debit cards in the mail that must require a lot of resources and planning to take control of.
Definitely a bank to avoid as both a customer and investor.
When I worked in the mortgage industry, everyone said that these people would destroy your credit. I saw instances of them submitting the same account to the 3 credit rating bureaus under different business names so that credit reports made it look like people had way more outstanding debt. I've heard horror stories about them as a lender in general in fact, so much so that I've been given advice to never accept a store credit card that's backed by HSBC. I also briefly did work for them as a real estate appraiser, and our firm rather rapidly decided to stop doing business with them entirely, though I cannot remember what the reasoning is now (it's been several years).
They aren't Chinese - they British. They were incorporated in London in 1990 and have been headquartered in London since 1993. Even the Wikipedia page will tell you that.
At the time, they may indeed have been Chinese. How do I know this? I worked for Marine Midland Auto Financial Group, a Division of Marine Midland Bank; who was also Saab Scania Credit Corporation, Suburu Credit Corp, Porsche Financial Services and a number of other financial arms for major auto manufacturers (hey, didja really think the auto companies were their own banks?). This was back in 1986 and 1987... MMAFC and MMB were fully bought out by the (at that time) Chinese The Hongkong and Shanghai Banking Corporation.
At THIS time, Hongkong Shanghai Banking Corporation is STILL based in Hong Kong (as it's name implies).
The Hongkong and Shanghai Banking Corporation Limited, based in Hong Kong, is a wholly owned subsidiary and the founding member of the HSBC Group, which is traded on several stock exchanges as HSBC Holdings plc.
HSBC
.
HSBC Holdings (who owns it) is based in London, and apparently for regulatory reasons due to an earlier acquisition.
Headquarters
HSBC's Hong Kong headquarters are at 1 Queen's Road Central in the Central area on Hong Kong Island. The HSBC Hong Kong headquarters building was also home to HSBC Holdings plc's headquarters until the latter firm's move to 8 Canada Square, London to meet the requirements of the UK regulatory authorities after the acquisition of the Midland Bank in 1992. It was designed by British architect Lord Norman Foster, and was the most expensive building in the world based on usable floor area at the time it was built.
HSBC Holdings
.
Seems to me, like they are a London company in regulatory and legal requirements and location only, if Wikipedia's slant is correct. Sounds a lot like being a Delaware Corporation in this country...
StarTrekPhase2 - The Five Year Mission Continues!