Make your head shaking

Another HSBC at the finest! I was doing my Visa payment online, one of the fields was "Customer Comment"; that is good so when view my transaction, I know what I did. Due to the "smart" programming with the web application design, I could not put in any dashes, commas, underscore, basically any symbols. Fine. SQL Injection worry. But then, this comment field only allow 12 characters. Right. What? Short-hand? If so, how the hell do I know what I did. Fine. Then I entered "SIG ORIG SIN" and then click the Submit button to pay. Guess what happened? Error message displayed on the screen saying I was not allow to enter "SIG ORIG SIN" as MY OWN COMMENT! My own comment! The reason was this phrase is for Bank reference only. What? The error message say so. So, this made me really scare how the backend system works. How would a bank's backend system disallow a customer comment for customer use only field? By the way, "SIG ORIG SIN" stands for "Singapore Original Sin", a very nice vegetarian restaurant in Singapore's Holland Village area. If I were really "curious", I might want to do some further "expedition". Wonder how this bank gets this big yet lost the most in sub-prime mortgage among all the Asian banks.