Tuesday, 18 October 2011

IBAN Numbers For The UAE. Be Scared...

DespairImage by ~Aphrodite via FlickrThe news made me shudder. The UAE is introducing IBAN codes for all bank accounts.  By rights, this should cheer me up no end as the IBAN number has long been a mainstay of electronic payments to my real bank in the UK. But it doesn't. It makes me very, very afraid.

My fear is unreasonable, I know. HSBC has a nice, reassuring letter on its website, It even has a 'generate your IBAN' application that lets me key in my twelve digit account number and see what my IBAN number would be.

Let us for a moment skip over the wisdom of an application that asks me to input sensitive personal information without any attempt at security or validation. I am sure any reasonable, competent bank wouldn't encourage its customers to give away account numbers and so on in a way that could lead them to give such information away on, say, a phishing website.

The IBAN number is actually nice and easy. It consists of a two letter country code (AE), a two digit checksum and a three digit bank identification number (HSBC's is 020). Then you have a 16-digit number which consists, in HSBC's case, of four leading zeroes and your 12 digit HSBC account number.

It's nice to see HSBC so keen to use IBAN numbers. This is the bank that didn't have a field on its web-based transfer screen to enter IBAN numbers into - and then charged the currency losses resulting from  the rejected transaction back to the customer.

So why do I think they're going to screw this up? Well, in part because over the 18-odd years I've banked with them there has been no aspect of banking that they haven't at one stage screwed up for me, so I don't see why this should be any different. And in part because I bank with an institution stupid enough to get its customers keying their bank account numbers over open connections with no security or validation. But also because we're all going to need this new system working like clockwork come the end of November.

Why? Because the deadline for implementation of this new numbering system is the 19th November - and any electronic payment made into a UAE bank account without a valid IBAN number after that date will potentially bounce back and incur addtiional charges. And that includes the payment of your salary - the UAE's wages protection system (WPS) will require employers to use IBAN numbers to make salary transfers. If that causes any problems, we'll be rightly banjaxed as most people are paid at the month's end - and the end of November (the first test of the new system) segues neatly into the UAE's National Day holiday. This year the UAE celebrates its 40th year as a nation - it's going to be a biggie.

Maybe it will all go wonderfully. Maybe I'll be proved wrong to be so suspicious and cynical. We'll see...
Enhanced by Zemanta


KJ said...

It'll probably go the way of Emirates ID and have 14 more deadlines in the future.

Luke said...
This comment has been removed by the author.
Luke said...

I share your fear.

I have always found the fear of handing out account numbers interesting.

I think you'll agree that Germany is a quite well-developed country and yet people are quite happy to give out their account details to all and sundry. There is no cheque system here as everything is done by transfer. If you don't give out your account details, you won't get your money.

So I guess the banking system in "less-developed" countries must be to blame for the risk of fraud.

Ana Elisa said...

I guess you were right.. they already screwed it up!

It seems like HSBC sent an email to all their Premier customers (most wealthy ones) and forgot to bcc.

Basically everyone's email was exposed!! I'm sure it was a happy day for those people behind pishing sites.


From The Dungeons

Book Marketing And McNabb's Theory Of Multitouch

(Photo credit: Wikipedia ) I clearly want to tell the world about A Decent Bomber . This is perfectly natural, it's my latest...