Are banks really that safe?

This week saw an amazing jump forward in internet banking security in Hong Kong, HSBC's security rating jumped from bungling idoits to have trained chimpanzees. Kind of reminds me of Microsofts attitude to security. Features first, until something starts going wrong.

HSBC Hong Kong, probably overflowing with compaints from people who had been caught out with phishing attacks, and transfered their life savings to some nice guy in nigeria. Finally put a stop to transfers outside of registered accounts..

I had quite a long conversation 6 months ago, when I though It might be quite usefull to monitor my bank account on-line.

"So can I sign up for a read only account?"
"Sorry we dont offer that facility..."

Well duh, yeah, they only offered the "give your money to compete strangers" type of facility..

Of course it's pretty damn obvious that to do internet banking properly, any kind of transaction should be confirmed via SMS or simple automated phone calls.. But since the banks only wanted to say 'we have internet banking', rather than actually doing it properly. We end up with a plug and prey banking system.

I bumped into an 'unnamed source' involved with IT at HSBC, while he didnt know much about the internet farce there, he did reveal something even worse.

HSBC HQ in London have decided to go with Windows XP for their next generation ATM's. Well, in kind of nice to know that hong kong hasnt got a monopoly on stupid decisisions.. They did have a few redeaming facts, it was being written in Java.. (I bet it would quicker/simpler/more reliable in PHP/Python.. - but suit's and smart IT dont always go together).. And they did retain the option to use Linux. (although their major suppliers appear to have been slacking on delivering that option)..

Maybe it's time to start moving the savings to a safer bank.. like sticking it under my mattress :)