Bitcoin Forum

This morning as you might be aware the OpenSSL bug called Heartbeat was announced. Here is my and others experience with HSBC, Barclays and Nationwide.

HSBC

I called HSBC, this my personal bank. They seemed to pretend like they knew what I was talking about. I asked to be transferred to some security report line or be given an email. HSBC informed me that everything is fine and as far as they were aware, I had nothing to worry about. I knew that they probably weren't lying considering how long I was on the line. Plus their site and mobile apps don't seem to be running on OpenSSl so I trusted them (Yes, I trusted a Bank.)

Barclays

My parents are on Barclays and use their internet service but I was also more personally invested in this. As many of you, I use the application called pingit. According to this page, http://www.barclays.co.uk/Mobile/BarclaysPingitSoftwaretermsandconditions/P1242607867693 the app uses OpenSSl. Due this being a mobile application it's hard to find out if Heartbleed is being used.

I decided to call them so I can report the possible vulnerability. My experience can be summed up in three points.  

• 1) They have no security report line or email
• 2) Customer service didn't seem to care
• 3) Even calling head office and reporting the issue they were unable to transfer me to a security team or didn't seem to be worried

After 40mins and 5GBP spent on calls later, I was told the internet fraud email. This a internet fraud prevention email not a security report bug email.  Either way, I wrote to them:


This turned out no results and I still haven't received an email back. I assumed that this was useless and tried to reach them on twitter. That also turned out no reply.

Nationwide

This not my personal experience and I only know small details of the experience. I was in talks with someone on twitter about this problem, their bank is Nationwide. They were unable to got any results.


Conclusion

I find it amusing how every single Bitcoin exchange has dedicated security emails and even phone lines but massive Banks such as HSBC and Barclays don't. It might be amusing for now but in the long term this a serious problem that has to be addressed.

Banks are like MtGox  :)

Probably the best analogy for my experience, I'v heard so far.

Don't waste your time reporting to them, the only thing you should be ready for, is that if you lose money be ready to sue the heck out of them since it's their fault for not being as secure as they claim to be

I had pretty much the exact same experience with Barclays, tried twitter and they completely ignored me.

If you're serious about this, it may be a good idea to report it to someone in government so they can have an excuse to go yell and lecture the banks, not much but it would get attention, you could even show the responses of the banks.

Nah it's just a waste of time in my opinion. No one in the government is interested in minor problems of some random guy.

Plus let's be honest at the end of the day we all know who pays their bills.

Indeed. It's futile. :)

If you lose money due to fraud ot security problems on their end they'll give you it back. Can't say the same for bitcoins though.

That's true but it also takes time plus there really isn't an excuse for not having security emails. Another thing you have to consider is that Banks also store your details and most have scans of your passport so security vulnerabilities could lead to identity fraud which is a serious problem.

No bank I've ever banked with has held any photo ID, but identity fraud is always an issue with any place you give your details.

The blockchain in principale is safe, and you use your wallet on your indiscretion, You might be refering to exchanges but that's a regulation problem.