waider | Entries tagged with bank of ireland

My online banking stopped working with Safari. Known problem, apparently. I just tried logging in, got the error page, and recycled back to the front page only to discover that there's now a separate link for people using Safari to follow.

When you click on it, it goes to an IP address, and you get a certificate error on account of this (hostname doesn't match certificate). This is exactly how people get spoofed by phishing sites, and here's the Bank of Ireland doing it all by themselves. Most excellent.

update: for bonus points: the IP address doesn't have a reverse lookup (although whois reveals that it's at least in BoI's IP space); and for extra bonus points, there's a "Protect yourself online" link which, when you follow through it and click its "Proceed" button, dumps you back to the real site where your hapless Mac browser will fail to work once more. A+.

I've finally given in and run up Firefox on the Mac.

Why?

Because I can no longer access either my online banking or my motor tax renewal forms with Safari. Who'd have thought I'd be driven to open-source technology by a bank and local government?

Bank of Ireland Life Online, but without the www still goes to a domain control/placeholder page. Seriously. Who let these people near the Internet?

Bank of Ireland, once again: http://bankofirelandlifeonline.ie/ currently redirects to a placeholder page with the text, "we've just hosted our site with irishdomains.com but we haven't moved in yet.". Add a www in there and you get the Bank of Ireland Life site you'd have expected. Oh, and the placeholder has a "click here to log into the site management stuff" link.

(cropped to avoid screen-filling; it's a stock Netscape iPlanet Server (or thereabouts) internal error page.)

BoI steals candy from babies, sort of.

The VFI are still the same bunch of misanthropes as the last time I checked: they're expected to criticise proposals to lower the legal blood alcohol limit for drivers, because let's face it, people should be allowed drink and drive, nanny state, our own business, etc. etc. etc.

And Bank of Ireland aren't quite done on their admission of laptop losses; apparently they lost one in Kildare 7 years ago. The bank seems to be treating it as an unconfirmed allegation, while RTÉ seems to be taking it as fact.

Last week, the bank said that medical records, bank account details, names, addresses and dates of birth of 10,000 customers were on the laptops.
In an update, Bank of Ireland said an assessment had concluded that the risk of fraud arising from the thefts was 'very low', as the data on the laptops did not include bank account passwords, PINs or copies of signatures. (link)

This is so pig-headedly wrong I can't come up with a suitable comment. You have someone's date of birth, bank account details, name, and address? You can get some pretty funky fraud going right there, with a little ingenuity and some social engineering to grease the wheels of the process.

"Bank of Ireland apologises to customers and is committed to moving as quickly as possible to allay the concerns of affected customers," the company said in a statement last night. (link)

Indeed. Moving as quickly as possible by not saying anything for months (the laptops were stolen over a period between June and October last year).

The opposition parties are, as expected, getting their mouths in on the act: Labour deputy leader Joan Burton said "I am calling on the Financial Regulator and on the Information Commissioner to make a clear statement on the implications of these security breaches,", because, no doubt, a clear statement is more important than, say, some action. Somewhat more usefully, Fine Gael’s communications spokesman Simon Coveney called for "...the mandatory encryption of all sensitive personal data carried portably; and for the strengthening of the Data Commissioner’s powers to investigate and enforce regulations, even where a complaint has not been made." - both measures I agree with, although I suspect the latter can only practically be accomplished by random checks since we don't yet have the ability to confer psychic powers on the Commissioner; the former is loosely specified in the existing legislation under the requirement to "adequately secure" data on a sliding scale based on its importance, impact of its disclosure, etc.

Bank of Ireland - my bank - have lost 4 laptops containing information on 10,000 customers. No, that's not right. They lost the laptops last year and only reported the loss on Friday. A cursory glance at the Data Protection Commissioner's website doesn't reveal any requirements for disclosing this sort of breach, mind you.

So while the court was busy shredding mail, it transpires that not one but three private-sector businesses had customer data leaks: Allied Irish Bank, Quinn Direct, and can-we-please-play-even-if-it's-not-an-actual-leak Bank of Ireland. Well done, guys, we can declare some sort of parity with the UK once more...

Part of the HTML "receipt" my online banking service gives for money transfers:

Payments are processed Monday to Friday, excluding Bank Holidays.

My government-aided special savings account matures at the end of March, and to this end I have to submit a declaration that I've not broken any of the rules associated with the scheme. Reading through the paperwork I find I can submit this declaration online; bear in mind this is essentially a tax document of sorts, in that it's a pretty grievous offence in the eyes of the Revenue folk if you lie on it, but they're happy to accept a checkbox on a web form as a declaration. Go Revenue!

The Bank of Ireland website which is hosting the click-to-declare page then leads me to a page covering further options once the scheme has ended: increase, decrease or cancel the monthly contribution to the account. I try to click on one of the boxes and discover it's not an input box, it's a graphic. There's a note at the bottom of the page to the effect that they can't take this instruction on-line, you have to PRINT THE FORM and post it. NNNGH.

So now I'm trying to decide if this is a sort of incompetent not-getting-this-whole-intarweb-thing on BoI's part or an ingenious way to continue raking in cash, given that in the absence of any instruction the monthly contributions to the account will continue unabated until members of the Irish League of Procrastinators (motto: we'll get around to it) finally realise that it might be a good idea to send in that form we received months ago.

Curious as to whether my pensions broker had any online means for me to investigate the state of my pension, I had a look at their website. Sure enough, there was a link to Pensions Online. So I clicked on it. And I got:

Site Unavailable

Pensions Schemes Online is available Monday to Friday from 8am until 8pm.

Er. WTF? Do you people not understand THE INTARWEB?

Current Music: Lou Bega: Mambo No. 5 (The Trumpet)

So the next response I got from the telco was that they'd logged in and it all looked fine. So I logged in, and sure enough it worked, and nothing was changed, right? Otherwise they'd have told me. Of course, it broke 30 seconds later, and refixed itself on a page refresh. Fabulous service. In the meantime, I can't seem to get photos from my phone to the photo album on the site via the SMS gateway, so I can't do my bounce-off-vodafone-into-flickr trick.

But enough about the telco! My bank has "improved" their online offering, by which I mean they've reskinned it and made some of the HTML less standards-compliant than it used be, and moved some columns around. My account numbers are still displayed with the first four digits hashed out, and the two credit cards I cancelled several years ago are still listed as "Balance Unavailable". One of the genuinely new things is that if I go to the Money Transfer page, it lists all the beneficiaries I've registered with BoI over the years (previously you just typed in the account number, now you select it from this list). The list for some reason includes my own accounts. Including the full account number, diligently obscured elsewhere on the page. Nice, guys.

Needless to say, this means that Finance::Bank::IE::BankOfIreland is temporarily out of commission.

Once more, there's an industrial dispute out to spoil your weekend.

Current Music: Otis Redding: My Girl

Current Music: Eminem: 8 Mile

May as well clear a few more items off the list of whines:

Vodafone

I can have either a paper bill or an electronic bill. If I choose the latter (I do) I get an email AND a text message telling me my new bill is online. I can't switch this off. I've asked, and they've not even understood the question. It's probably not in the three-ring binder.
The online bill is randomly available in Mozilla. As in, sometimes it's there, sometimes it's not. I don't know what's at fault here; I got no help from customer care.
The bill summary is incomprehensible. Right now it's telling me I've got €55.07 worth of an outstanding balance, but that's not taking into account (as best I can tell) my chosen payment package which gets me up to €75.00 worth of calls per month.
Data time and call time aren't exchangable.
The site is an overblown mass of animations and deeply nested stupidity; finding useful information in it (such as "What are my GPRS settings?") is needlessly difficult, and for some reason despite the proliferation of personal-use WAP-based phones, the various pages about accessing WAP and using your phone for data access are all filed in the Business section of the site.

Bank of Ireland

The aforementioned broken site.
Frames, when the site is working.
The WAP version of the site is readonly: you can't transfer money or do any of the other useful things. What's the point in that?
The site that hosts information about my investment savings account also has difficulty with Mozilla; sometimes the login works, sometimes it throws me to a page that tells me the login failed, and sometimes it throws me to a page that says my session is in some way invalid.

The Weather

It's raining again.

An Irish security firm is on strike today, one that's responsible for filling ATMs. The banks have assured the general public that everything will continue to work (for the most part) etc. etc. So I'm not very amused at my bank's online service being out of commission at the moment.