Differences You Can Bank On

Observations on the differences between US and European banks

By Paul Raines

March 01, 2007 — CSO —

I may be living in Europe now, but I still keep a practiced eye on the news coming out of the States.

Last fall, between Britney's divorce and the midterm elections, I couldn't help but notice a little newsbyte that several American online trading companies had been hacked. Yikes! Luckily, when I logged on to my accounts held with U.S. financial institutions, I found that my balances had not mysteriously vanished down a cyberdrain, but the episode did give me pause. The fact is, I've found stark differences in the practices at my American and European banks, and all evidence points to Europe being much more security-conscious.

I first noticed this with the different password requirements by American and British subsidiaries of the same bank. When I lived in the United States, this bank—which shall remain unnamed—allowed me to establish any eight-character password for online banking. If I wanted, I could use my cat's nickname as my password.

However, when I later did business with the bank's subsidiary in the United Kingdom, the password was chosen for me and sent to my home address. This password was also eight characters long, but it was an incomprehensible amalgam of special characters, numbers and letters in both upper- and lowercase.

The result, of course, is that I knew I would never remember it. I tore out the password and tucked it inside my wallet. Yes, Mother, I know I'm not supposed to do that. But let's be honest. If given the choice between doing this and forgetting the difficult password, calling the help desk, being put on hold for 30 minutes, and then requesting a new password only to be told that you'll receive it in five working days, which would you choose? Besides, isn't a strong password tucked in my wallet better than the password "kitty"?

Anyway, I happened to be friends with the global head of information security at this bank, so I rang him up to ask about the difference. He explained that the bank's American and British subsidiaries are run under the philosophy of "each tub on its own bottom." They made and implemented their own security models for online banking based upon the "cultural and regulatory differences" in the regions.

It seems the American subsidiary is more attuned to customer friendliness, while the U.K. subsidiary is more attuned to security.

Another big difference is in the use of stored-value cards. Here, I bank with an internationally known Dutch bank. When I first set up my account, I was given a smart card that functions the same as a debit card in the States but with added functionality: A chip on the smart card can be used to store electronic money. The idea is that you can transfer funds from your checking account to the chip, then use that money for small transactions such as paying for parking, purchasing train tickets and making incidental purchases at stores. The advantage from a security standpoint is that the parking meter, ticket machine or what have you doesn't have to authenticate you back to the bank; it's enough that you're holding the card. The disadvantage is that if you lose the card, you also lose the stored money—but I solve that by not keeping more than 20 euros on the card.