It really isn't that hard...

when our protection becomes our punishment

[First blog!]

We are quite a fortunate company, we are a ‘cash company’ ie we have no borrowings nor do we operate within credit facilities supplied by our bank, overdrafts, loans, credit cards etc.

As an IT company which mainly offers service based offerings on annual contracts paid monthly by BACS, we very rarely need to purchase hardware, software and nor do we have to invest heavily in stock. This is a brilliant position to be in as a business and this makes us a very nice customer for the banking world as we never ‘need’ anything but we provide regular, substantial deposits into the account(s).

Our current business bank (Barclays) has rapidly increased it’s ‘customer protection’ over the past 24 months with the introduction of the ‘PinSentry’ device and with the increased number of CNP debit card transactions (Customer / Card not present) the card fraud team have become as twitchy with their ‘suspend account’ button as a vietnam sniper!

I believe that I am a not too shabby businessman, I know how much revenue my company generates every month and what our monthly expenditure is. This is a basic, fundamental of running a business but also means that I do not have the urge or requirement to log into my online banking service every working day.

Due to the increased security measures, even logging into the online banking service is as challenging as the Krypton Factor as I need;

• User name (Long array of chars which is too bizarre to remember)
• Debit card
• PIN Sentry device

New payees have to be validated using the dreaded PIN Sentry even though I have already logged into the secure environment using the above. Surely this is too much security. My PIN Sentry protection now enforces me to carry my card, account details and PIN Sentry with me wherever I go so if someone does obtain my bag they have basically got everything they need to get into my account anyway.

I also have some company accounts held at LLoyds TSB who have a much better system that only requires a user name, password and selective characters from a memorable phrase, which even I can memorise!

Today we lost out on a business deal, and it hurts (Hence this post)..

This morning was one of those rare occasions where we actually needed to order in some hardware for a solution which had a very tight deadline due to the previous supplier ‘disappearing’ at the eleventh hour. Standing tall with reassurance and confidence I informed the client “Don’t worry, we can sort this for you. Trust me”

It is Friday morning and the challenge was set. Order some hardware online, wrap up some server side code and a small database to be installed by Monday morning. No problem and boy, what a margin!

We placed our orders on a secure site and even validated the transaction using the Barclays Visa Verification Scheme and dived into our coding environments only for the Barclays anti-fraud team with their ‘twitchy fingers’ to cancel our transaction and suspend the account due to ‘unusual behaviour’. What was this unusual behaviour? We used our card more than once this month!

After spending an eternity on the phone validating our identity by having to log in with PIN Sentry etc etc the cards were re-enabled. At this point we only have an hour left to get the items out for next day delivery (Sat am) so we replace the online order only for the card to be rejected again. Reason for this rejection… ‘unusual behaviour’, 2 transactions for the same amount, to the same supplier!

I know that the clever algorithms, silly plastic widgets and over protective portals are there for our protection but with Barclays there is simply too many levels of protection and they are just too severe and sensitive. In my opinion it is quite simply over the top!

How many times has my business account(s) been fraudulently accessed in the past 2 years?

• Barclays with their many tiers of security (Twice)
• LLoyds TSB simple security (None)

Interesting statistic based on my own experience..

Is the security really worth the hassle and potential loss of business such as today’s encounter and does it actually make a difference to professional fraudsters? In my experience the answer is certainly no.