It is odd because it's all underwritten by RBS and I'm with NatWest (which are RBS) and their online banking can take any length passwords, or it could at least take the much longer length of my new one (yj). Thinking about it, Tesco couldn't even take the full length of my old one (yj).

Having the same underwriter doesn't mean the systems are in any way similar.
(That's a bit like saying two people that use the same garage must have the same driving styles.)

Even within a single company, with one department, different systems can have different requirements depending on when they were written - and the developers may well know that it never should have been done that way and really needs fixing but not be able to get authorisation from the rest of the business.

Mentioning FSA and PCI and stuff can be a good way to get the business to realise they do actually need to do something (especially if it comes from an angry customer, as opposed to a whining developer).

I agree that same underwriter doesn't really mean a thing. It's more a case of hoping a large bank would do things properly, which clearly they don't.

 

That's 2 letters I need to write.

Yeah, for some reason the big banks seems to be the worst, and they're the ones supposed to be setting the standards in the first place.

Is rather worrying to have someone at a (relatively small) company having to tell a multinational financial company not to send a bunch of live credit cards as test data. :/

Name and shame Peter.

 

Name. And. Shame.

Not sure I want to potentially risk getting sued or anything. :S

 

You know how those Americans can be. Especially the expensive/snobby ones always rushing about.

It's your public duty. Just give us a few clues :-)

There are iphone and android apps for it. Typing the keepass password on a phone is annoying though.

Wikileaks....?