The teller says, "Thank you sir for visiting our bank today. I would like to issue you our new security device." First you fill out a form stating that you've received the device, then she hands you a billy club. "Sir, if anyone tries to rob you or the bank, please use your club to defend yourself. Thank you buh bye."

Sound silly? Well, that's how the world's second largest bank has chosen to address problems with its Online HSBC service.

According to antispam and email security firm CipherTrust, HSBC (or more specifically, its customers) is the target of approximately five percent of all phishing attacks worldwide. "Phishing," as HSBC defines it, is "a scheme used by Internet cyber-criminals to 'lure' you into providing your personal and financial information online."

HSBC's anti-phishing site goes on to say that "the fraudsters create email masquerading as banks, credit card companies, online auctions, and department stores looking for you to update personal information."

Instead of utilizing the software and tactics offered by security vendors to upgrade their level and quality of protection, HSBC chose to put the burden on another party: you. Now, every time HSBC customers want to add a new transfer account to their Online HSBC account, they must snail-mail a paper request form, which then takes seven to 14 days to process.