Monday, October 5, 2009

Why is My Online Banking So Lame?

I saw a funny article in "The Norman Transcript" on the subject of online banking and as last week was " Online Banking is Weak Week" on the PIN Payments News Blog, I felt compelled to share some excerpts:



Excerpts from The Norman Transcript

by Dave Moore





If my bank did a better job of protecting its customers who choose to do online banking over the Internet, I might tell you who they are. However, since they have recently decided to implement weaker online protections than they previously had in place, I will from now on refer to them as My Bozo Bank (MBB). (The name has been changed to protect the guilty).



I was already in a funky mood when I received an e-mail from MBB that read as follows: "Dear Mr. Moore; Your online banking account and free bill pay service have not been accessed since 9/18/2008. It is our goal to provide you with the most convenient financial services available. For security reasons, please contact Customer Service within the next 30 days to reactivate your online banking account and bill pay service. If we do not hear from you, your account will be deleted."



"Isn't that just swell?" I thought. True enough, I rarely do online banking; I just don't have much use for it. Even so, I hadn't really planned on spending the morning trying to talk my bank into not cancelling my online account. At least they didn't put links in the e-mail for me to click on; instead, phone numbers for customer service were provided. After checking to make sure that the phone numbers were legitimate, I called MBB and was connected to a cheerful customer service representative.



I should have been tipped off from the get-go when I saw how easy it was to access and change my account information. In order to confirm that I was who I said I was, all Miss Cheerful asked me for was my account number and the amount of my last deposit. Suddenly, I was no longer a stranger, but a valued customer with all of the rights and privileges of a king. The moral of this part of the story: don't lose your checkbook or throw away un-shredded deposit slips.



The worse was yet to come, though. I was informed that I was going to be issued a new, temporary online banking password, and that I should login to my account and change it to something more secure. My new temporary password was the last four digits of my "Social." Ugh; that would never do.



I also was disturbed that My Bozo Bank has not implemented any of the security measures known as "two-factor authentication" that are now recommended by the Federal Deposit Insurance Corporation (FDIC) and the Federal Financial Institutions Examination Council (FFIEC). I wrote about two-factor authentication almost three years ago in an article titled, "Two-factor authentication flawed, but a good move." As of today, all it takes to access a bank account at Last-Place is a username and password. This, too, is totally unacceptable.

My Bozo Bank ended its e-mail with the following: "We apologize for any inconvenience this may cause you. We simply want to ensure the safety and security of your financial information. If there is anything we can do to assist you, please don't hesitate to call."



Well, I'm calling. A copy of this article will be forwarded to the president of my bank. I'll give them a week or so to get their security up to snuff. Failing that, I will move my account to a bank that understands online banking security. I hear that Bank of America now offers two-factor authentication; maybe I'll check them out. I recommend that you, too, scrutinize your bank's online security policies and, if found lax, fire your bank. There's just too much at stake.





Dave Moore has been repairing computers in Norman since 1984, when he borrowed $1,200 to buy a Commodore 64 system. He can be reached at 919-9901 or www.davemoorecomputers.com.







Reblog this post [with Zemanta]

Disqus for ePayment News