Hacker News new | ask | show | jobs
by TheFattestNinja 1144 days ago
Same reason why, at most UK banks, your online credentials (both user and pwd) are case insensitive: it's convenient to the customer. It costs less money to "pay" for the reduced security than it does in attrition causing customer dissatisfaction (which makes them leave), missed transactions, customer support hotline ("I can't login"), etc,
1 comments
adrianmsmith 1144 days ago
"It costs less" ... and the question is who pays that cost. If customers leave it's bad for the bank, if customers get scammed then the customers lose their money "well you should have protected your identity better, there's nothing we can do". So from the bank's perspective, customers getting scammed doesn't cost them anything.
link
heartbeats 1144 days ago
Banks are usually liable for that.
link