July 05, 2008

Nationwide Super Secure Emailing

I received this email from my UK bank, Nationwide (OK, it's actually a building society) recently. An admirable effort on their part to improve security and combat phishing attempts. But can you spot the glaring stupidity? That's right, my postcode is not XXXX XXX. I'm not telling you what it is, but it certainly is not that.

So, the whole point of the email - if your postcode is not shown like it is here the email isn't from us - is totally lost. I know why my postcode isn't shown: I'm an ex-pat with an overseas address, so my postcode isn't UK format. But really that's no excuse. Just flag any overseas addresses first and then leave them out of the mailing. How difficult is that?

Sending an email like this is laughable, and makes Nationwide look silly. It's very poor marketing too, from what is normally a most excellent building society.


Alex Fenwick said...

That's something which a large company should never make the mistake of.

The poor planning behind the campaign is obvious because of this and it may be worth actually letting nationwide know about this as a security flaw such as that could potentially be exposed by fraudsters.

Ribs: said...

Alex, I think you're right - I'll drop them a line.