I'm absolutely fed up with online banking. It's almost designed to be irritatingly useless.
I have two accounts - one with NatWest, for a current account (that's a "checking account" for Americans) and credit card, and the other with IF for savings, in the form of an ISA and a standard savings account. Most of the time, I cannot log in to either.
This is due to a form of security theatre. Both are so complex in terms of passwords, account numbers, ID codes and security procedures as to be unusable.
For instance, Intelligent Finance has it setup so that if you enter your password wrongly, your account is frozen. Not only can you then not log in to the online component, but you can't phone them up and perform transactions. You have to phone them up, request a new login, wait a few days and then do the same charade again. When I was travelling last year, I needed to login and move some money over to my account to cover the cost of my hotel bill before I left for the US. It locked me out, so I called up, waited four days, got the new password, I tried to re-register with the new details for it to lock me out again! I phone them up, and they are not allowed to authorise a transaction while my account is frozen, unless I pay twenty-five pounds.
Hmm. Let me get this straight. I can't take money out of my own account for security reasons, unless I pay a feww in which case the security procedures disappear. If someone manages to break into my account, do you think they are going to be concerned about charges to ransack my savings? Thankfully, someone decided, in a previous incarnation of this problem, to waive the fee so that I could transfer some money.
It's just security theatre. The security procedure disappears if it's an opportunity for the bank to scalp you for money.
Here's how it should work. Banks should issue high-security OpenIDs that would use RSA SecurID (or something similar - perhaps physical token security as a downloadable Java application for a mobile phone or PDA) and/or some other form of strong authentication. They should send my statements in the format I want - which would be an encrypted XML file, by e-mail, not by post. I've got a damn GPG key, so encrypt to it please - I will even come in to the branch with my passport, and you could sign my key with a corporate key. If you want to do security, then let's do security, rather than the phony security of locking me out of my own account for mis-typing a password.
Here's another great security idea for the banks: why not issue so many IDs, usernames and passwords that are so complex and have so many restrictions that everyone writes the damn things down on a bit of paper anyway, thus defeating the security. Why not make it simple? I've got a bank account number, and I've got a PIN which I need to keep secret. Just let me login using my bank account number and PIN. Build security on top of that.
To close out, has anyone got any suggestions of banks that will provide a good rate on an ISA and have security that is sane? I'm not the only one who is utterly fed up with this nonsense.
As for the future of banking, I've put up a claim on Jyte: I wish my bank would e-mail me an encrypted file instead of a printed statement. Richard Bradshaw has some good claims up on the tag bank too.
