Bank unilaterally changes password

Just seen a funny, but worrying, story on the BBC, a man who had the password 'Lloyds is pants' on his bank account had it changed by the bank to 'no it's not'. It was changed as it was 'inappropriate'. He tried to change it to 'Lloyds is Rubbish' - or 'Barclays is better' but this was not allowed. He tried 'censorship', but was told his password had to be six letters or less!

  1. "No it's not" is more than six letters.
  2. A bank suggesting a password that's seven letters long is too long is sadly mistaken
  3. Why was an employee at the bank even able to see the whole password?

When the password is set, it should be done by having the customer enter it secretly in the branch, at the time the account was opened. If done by post, then it should be by an anonymised form which bears a reference number allowing the computer to tie the password to the account, but not for the person entering that password to know the account.

Anyone employee needing to verify a customer should be told by the computer to ask for the 'second, tenth and eleventh' characters of the password, they should enter them - but not be able to see the characters before a correct verification (so if just one letter is wrong, the employee can't know what two were).

At no time should an employee be able to link a full password to an account. The only time an employee should even see a full password is if they're in the section of the head office which handles the anonymised forms.

Unless I've overlooked something, this seems indicative of a security flaw... and as someone with shares in the bank concerned, it worries me. I've written to the bank to try and find out what's happening here.

The bank said: "It is very disappointing that he felt the need to express his upset with our service in this way. Customers can have any password they choose and it is not our policy to allow staff to change the password without the customer's permission. "

Gotta Have a bit of Bubbly at the Shareholders'....

It's really bugging me how, in popular culture, shareholders are being painted as rich fat cats with evil intent. A classic example is the Nationwide adverts. A woman complains of being charged for taking her money out while abroad, and is told that that's like their 'tip' which pays for 'The Bubbly at the Shareholders' meeting'.

There are other examples, e.g. when a company makes a profit, there seems to be implicit disapproval (e.g. Tesco). This forgets that if a company with a turnover of a 100billion making a 1billion profit is equivalent to a company with a turnover of 100million making a million.

Now, all things being equal, I'm perfectly happy to concede that if Company A pays dividends to shareholders, and Company B has no shareholders to pay, then Company B is likely to provide better value to customers. It's common sense. However, all things are not equal.

Let's take a look at the best buy tables for financial products right now

The top three results for an instant access savings account are HSBC (6%), Citibank (5.84%) and Bradford and Bingley (demutualised BS) (5.8%). The Post Office comes fourth. Nationwide, offers 4.7% on their Instant Access account. (Based on saving £3000)

True, if you can put aside 200 quid a month, their regular saver account looks attractive, at 6.5% - until we see the Halifax at 7% (admittedly, that's a one year term though). We can do even better, with Alliance and Leicester at 12%. To be fair, it's not as straightforward as that, and here's where my argument is undermined. The higher rate is for one year, and after that you have to start from scratch, transferring the total to a regular account (6%). I think the 6.5% with Nationwide can be over a longer period. So assuming it's not fixed term then after about 20 months the 6.5% from Nationwide would be better (if I've done my sums correctly).

However, interest rates can, and do, change - 20 months is a long enough timeframe that the 'best solution' shifts, and 12% over one year could well be the better route in that case.

It doe annoy that Building societies, for example, regularly play the "we're not paying shareholders" card, but the interest rates, especially for 'starter' accounts, can be appalling, e.g. the Britannia offer 2.55% with their flexible savings account on amounts over £100000... okay, they offer more on their 'direct savings' account, but still, there are a significant number of people who want the 'security blanket' of a passbook.

In other fields, Pharmaceutical companies are sometimes castigated for the prices of their pills (and I'm completely behind the argument that prices should be lower when it comes to countries in places like Africa, supplying these nations at cost is good PR for the company too). When paying for the pills the implication is often that the company is profiting from illness and that this is inherently bad. It is true that the company profits from illness. However, it's conveniently forgotten that though each pill costs pence to produce, the first pill cost billions, and that has to be recovered in order to make the next wonderdrug. Yes, the shareholders are making a profit from illness, but without their investment that cure would not have been developed at all. There are also issues about third parties making 'copycat' drugs once someone has paid the development costs. That's a whole other issue.

Putting the nitty-gritty arguments about individual sectors of the economy aside, what really annoys me about this tendency to see shareholders as evil is the fact that it's share dividend and capital growth that pays for things like pensions. If you have a pension, you are indirectly a shareholder.

It's true that there are corporations which do not 'play nice' and seem to exhibit the short term view of maximising shareholder profit only. Guess what? These are corporations which, unless they have a monopoly (which is another matter) tend to die. Whilst it is the long term aim of a company to maximise shareholder return, this in turn gives rise to the aim of 'pleasing the customer'. It's in shareholders' interests for the company to please it's customers. Though the sole aim of the company is to maximise shareholder returns and a company which fails to supply what customers want, in the way they want it, will soon not have customers and fail. The message here is that if you want better interest rates and terms from your bank, be prepared to move your account - it's easy these days, they do all the paperwork for you.

Of course, I'm not saying that organisations with shareholders are whiter than white. Of course not, I'm simply saying that they're not necessarily evil.

This 'shareholders are fat cats' outlook allowed Gordon Brown to remove some tax benefits for dividend income on shares around a decade ago. This was reasonably popular at the time, presumably as it was seen as targeting the rich. However, it had a direct impact on the success of pension funds, and the subsequent difficulties which some have experienced.

As you've no doubt realised, the demonisation of shareholders is really annoying me. Shareholders are regular people, like you and me - even if they haven't bought shares directly. It's real people, investing in businesses which provide jobs and pay taxes. It's people putting their own money at risk - of course, they're doing it in the expectation of a reward - and why not? After all, that's why people save money in savings accounts...

Giving money to a good cause is called 'Charity'. Companies are not charities, nor should they be.

Disclosure: Yes, I have shares. The only company mentioned above that I directly have shares in is Tesco (though I will have an interest in FTSE100 companies via a tracker).

Natwest Three

The Lib Dems have started a campaign about the US/UK lopsided extradition treaty. Essentially the US can extradite a UK citizen without presenting probable cause. For the innocent, this can mean a multiple year trial (as well as expensive defence) in the US. In the case of the Natwest Three, as I understand it the alleged crime would have taken place in the UK, by UK citizens against UK interests. The employers (who are the alleged victims) have not wished to press any charges. As there is a loose connection to Enron, the US want to press charges but have not presented a probable cause to the UK. If the UK want to extradite a US citizen then the same arrangements do not apply. A special relationship indeed.

This case has been on the slow burn for some time now, the esteemed Boris wrote about it back in 2004, but it's in the past few days that it has come to the fore of public awareness.

This treaty was originally presented as a bill which would aide the extradition of terror suspects (also without probable cause, but in these days the concept of evidence seems secondary when we have terror suspects) - and yet it's scope is wider than was originally spun. This is a good case in point why legislation should be tightly drawn and why 'trust us' isn't enough.

In domestic law, the Legislative and Regulatory Reform Bill is such a piece of legislation. As is the ID card bill. There are also domestic laws designed to punish contain terror 'suspects' - not convicts - which could suffer the same problem.

The bottom line here is this: why should any UK citizen be deported without a prima facae case being made by the USA?

I suppose that this is the special part of the special relationship that we keep hearing about?

Here are the other articles which Boris wrote, (I knew the Boris Plugin for Firefox would be handy!) from May 2005 and July 3rd 2006. This isn't the only case out there, there are others. My issue is not that I think there's no case to answer, I don't have anything like the information needed to make a judgement - and have no opinion on the individual cases.

My problem with all this is that these extraditions are being made to a foreign power without evidence being presented to support the allegation that there is a case to answer. There is a new business setting up to insure executives against the possibility of extradition to the US.

The fact that the treaty is not reciprocal adds insult to injury, but it isn't the main issue - if the treaty were reciprocal it would not make it right.

In parliament, the Lords have voted for a suspension until it is reciprocal, and there has been a debate in the commons - and a protest vote passed at 246 to 4. Not that this is likely to change anything.

Tony Blair has defended the treaty saying that the UK and America have "roughly analogous" grounds for extradition.

It adds a twist to the story that a potential witness has been discovered dead - that should keep people speculating wildly.

Update: Boris has posted an extract from the westminster debate.

Card Cloned

I was in Tesco yesterday and my card was not accepted. Odd, I resolved to ring the card company when I got home. I forgot. Today I had a call - and I rang them back on their number (they were fine with that, unlike a previous company).

Yesterday there was a payment to someone like for a few hundred pounds. This was following a transaction for 78p to some obscure place. It triggered some alarm bells with the card company and they froze things until they could talk to me.

The 78p was a test to see if the skimming worked.

I didn't authorise these transactions - somehow the card had been skimmed (amazing really, I never let the card out of my sight in shops and restaurants as I am aware of skimming possibilities).

Fortunately things had been caught, no money changed hands - unfortunately I now have to get a new card.

Tesco Credit card handled the whole thing pretty well.