banking

Just listened to IPM and a story about making ATMs accessible.

I think good Web applications can lend themselves to accessibility. First off, for partially sighted persons, one can increase the size of the font. You can’t do that easily on typical cash dispensers!

Next familiariaty. One could be trained to use the ‘ATM Web application’ from home. And when the time comes, the person will know what options to select.

Web applications are much easier to maintain and easier to find developers and tools for. For example, why shouldn’t a banking application support every language?

I think I might write an ATM Web application prototype. If I wanted to take this idea even further I would get it running in a secure public Web platform like Webconverger and write a plugin to dispense the cash, with something like WebVM…

Finally logged into Barclays Internet banking service once I’ve found my membership number. The fact that you need a membership number (&Surname) is very stupid Barclays.

So I found several transactions I didn’t recognise.

For example a “CRISPIN BENDING LE” from 9/9 (Tuesday) is something I have no clue about.

But later transactions from DOMINO‘S PIZZA (24.27GBP) and PERFECT PIZZA (18.88GBP) alarm me. Why? I don’t like pizza!

So did I mention Barclays Online Banking statement view is crap? It doesn’t tell me the:
* Details of the company (company number? cashier name?)
* Details of the business transaction (what I bought)
* Where the transaction happened
* When exactly the transaction happened
* If I used Chip&Pin or the order was made over the Internet/Phone without Chip&Pin aka “cardholder not present”
* A way to flag a suspicious transaction online

Emailing Barclays is weird. They want all your details filled out in a form. Ummm, I’m logged in and identified, why do I have to do this? In the past, I’ve sent about three emails / online feedback/complain forms to Barclays and received one very odd reply. I don’t see why Barclays doesn’t do some sort of “secure mail” service like I’ve seen several other banks do.

Anyway, I have to call them up on 08457555555. I have a couple of tricks:
* Don’t call on my mobile because it’s costs a small fortune
* I use Skype which is cheaper
* I key in ’**’ once authenticated on their telephone system to get to an operator ASAP.

Now I ask for more information about the transactions. After being on a hold for a few minutes I get extra information about these suspect pizza transactions. First place was a very excellent leather belt I bought at Camden Lock on the 6/9 (not 9/9) and the pizza places was one place I’ve never heard of and another in Leatherhead (never been to).

The operator then says he’ll cancel my card and send out a new one in 7–10 working days. Thank god I have a second current account for such situations. This card I have is only two weeks old and again incredulously the first transaction happened probably before I even received the new card.

The Barclays operative will also send out some fraud forms to fill in and I should get the money back within two weeks after returning the forms. What a crap process. I am getting a little tired of this. Can I have a Visa Chip&Pin card without those ridiculously insecure numbers imprinted on the card? Please? And generate one off (OTP) Visa numbers for Internet transactions?

17 minutes into the call, I got cut off as I only had 1.50GBP of credit on Skype. I hoped Barclays would call me on my mobile phone they have on record, though I think everything was done. Be good if Barclays was pro-active and had the slightest clue about security.

The operator mid-way in the call had the cheek to ask me if I had any cardholder insurance!? No Barclays this very much your fuck up. You and your partners VISA charge almost 2% for every card transaction so work-it-out you incompetent fools.

In the UK, people believe they have a thriving banking service industry. The British banking system is largely free of cost (except if you’re a business), however when you want to transfer money prepare to wait three working days. That’s archaic.

In the business I direct I typically have to do business all over the world. To do transfers in the EU or the USA, prepare to wait at least 5 working days, fill in forms physically at your bank and pay at least 20GBP. Call that service?

I decided to write to my Members of the European Parliament last March. Only one MEP, Caroline Lucas put forth my complaint to a member of the European Commission.

Five months later, I received a response from Charlie McCreevy, saying:

1. Acknowledges UK cross border charges are “very high”. Though UK banks are free to charge whatever they like.
2. I should “convince my bank” that I do not need to appear in person to make a international transfer.
3. An EU directive 2007/64/EC should force UK banks to take at most two working days to complete an EU transfer by 2012.

So:

1. 20GBP charge is not going away
2. Hopefully UK banking Web applications will improve to add a cross-border transfer form. Though judging by the history of how awful British Web banking applications are… I am not hopeful. I also suspect stupid “anti-terrorism” laws have also made this process, extremely painful in the UK.
3. Down from 5 days to 2 days by 2012… so carry on waiting

The British banking service industry needs to better serve its small Internet business banking customers. AFAIK Google checkout only operates in the US & UK. I would move my business bank account overnight to Europe if Google checkout operated in another EU country. I think we’re still very far from Economic Union.

Since VISA is absolutely insecure, here are the typical security “piece of mind” products that banks offer:

1. The savings account. If you have a high balance in your current account, please transfer it into a savings account, so that criminals can’t get all your money in one fell swoop.
2. The credit card account. Hey, here’s another card (don’t use your DEBIT VISA card dude) that you can use online. Idea is you pay for purchases later you know you made, with interest!
3. Insurance. Hey, pay the bank some money every month and when you get defrauded we’ll give you your money back. Promise.

So when you insure your car or home, are you protected? I really don’t think so! Barclaycard Card Protection could really do more, by doing something to prevent this madness. Barclays PIN sentry is stupid and Barclays verified by visa is confusing, esp. since it does some dodgy looking redirections. And don’t get me started on CVV!

People may argue VISA is convenient, though now I find it simply isn’t. For every account (think business), I need to track at least two sub-accounts. Add business banking, add foreign accounts and enjoy managing a NIGHTMARE scenario.

Protection and Insurance is not the same for me, is it for you? I think insurance is just a way for banks and organization to skirt around their responsibilities to properly handle your digital transactions. And make some money in the process.

Proposed solution: I recommend banks deploy some sort of GRID PIN verification, used in conjunction with a physical piece of paper (that can fit in your wallet, unlike the silly pin sentry device) of one time passwords. Hey, if my bank can afford to send me statements for free, they can send me some one time passwords every 3 months or so too.

Last August I lost my VISA debit card. So I ordered a new one.

It was a bit annoying, as I had to update Amazon, Ebuyer, Google Checkout with my new VISA debit card details…

Then yesterday I received another new VISA debit card. WTF? There was no explanation why with the card…

When I was abroad a friend of mine’s VISA card stopped working. Why? Because back in Europe his bank decided to send him a new VISA card. Now that’s very inconvenient. That card had to be somehow securely couriered to India (I think) fast. Quickly as he had no money otherwise!

So I rang up Barclays yesterday to find out why, and they said they sent me a new VISA debit card because their new PIN sentry requires it. WTF? The cards look identical! So cards made last August, even though they announced this “new secure” initiative back in at least April, aren’t valid? WTF? !!

Barclays helpdesk also informed my old VISA will stop working in four days. I wonder if a pre-order I made with the “old” card is going to fail? I think this PIN sentry roll out is going very badly. I still don’t know how this thing is supposed to work. Why don’t they demo (and TEST) it in their branches first??

Do I physically carry this device with me when I am abroad to do Internet banking for example ?!

I’m left in the dark…

I’ve been moaning about Internet banking Web applications for awhile now. However this aggressively marketed HSBC Firstdirect banking service couldn’t escape the blog treatment.

• It’s free to view your statements on your mobile until 2007! Isn’t that amazing? Amazing that viewing your statements is somehow not as free on the ‘Mobile Web’!
• Requires Windows, IE, and ActiveX. Seriously OLD SKOOL. I wonder if I can still dial up and telnet on their system?
• Their demo of screenshots. No you can’t demo the actual Web application. Not until you’re signed up. By which you can get 100GBP if you don’t like it… (that’s satisfaction guaranteed!) Err, that’s after you’ve pumped 9000GBP through their system in 6 months.

Honestly get a clue HSBC. I was interested in getting an HSBC account, because I heard (unconfirmed) you could do international transfers in their Web banking application. That would save me a ton of hassle, as I currently need to go to my Barclays high street branch to do a transfer to the EU. And pay 20GBP for the privilege of filling forms over and over again.

However that killer “international transfers” feature is missing from the ‘innovative’ firstdirect Web banking feature list. The Internet is global and I want a decent Web banking application!

While purchasing a couple of USB sticks from ebuyer.com(E), via Google Checkout(GC) I was surprised how many emails they sent me.

1. GC – order receipt
2. E – order confirmation
3. GC – you’ve received a note from E
4. E – Payment processed
5. E – Order dispatched
6. GC – Your order has dispatched (sent twice?!)

I guess it is a minor improvement they’re not sending any PDF/Word attachments of invoices. This is still all too common.
I now notice on my Internet Banking application on Barclays I get these cryptic reference codes when money goes out like:

REF 195 6847321804 BCC

Anyone know how I can make that useful?

Are Barclays paid up members of the UKIP?

Priority International Payments to Europe up to €50,000: £20 (provided IBAN and SWIFTBIC are quoted)†

Additional charge for payments to Europe where IBAN and SWIFTBIC have not been provided
£7 (with effect from 27 March 2006)†.

20 GBP charge to send some money to my friend in France? That’s insane. I am glad I still have my Finnish account. Pity it has no money in it.

Can anyone recommend a British bank which has cheaper/free EU transfer charges?

As I don't have a credit card, nor want one I investigated paying "Ludicrop Research and Development aka Flickr":http://www.flickr.com/account_order_faq.gne#alternative 24.95USD via International Money Order.

The Western Union money order from Australian post costs 8.65AUD. And I would have to pay additional postal charges including an envelope. Argh, pain. There is at least an additional 30% charge to pay Flickr via this method. Not to mention it’s snail mail slow.

In Melbourne newspapers covered a crackdown on Online Banking fraud with announcements of Fingerprinting technology.

Umm, haven’t you Australian security experts heard of One Time Passwords?!

Sampo my bank in Finland sends me a plastic credit card with lots of number pairs. When I shift money it asks for a number which I match up with the other pair on the card and submit it. It’s different every time. Once I’ve exhausted all the options, Sampo sends me another plastic card with new numbers. Unless someone has my account details, password and the plastic card then you can’t shift my money around.

Sampo is smart.

My ANZ Internet Banking account in Australia on the other hand is daft. Javascript popup window so it is difficult to know whether your connection is even secure. After logging in with my account details and password I can shift money even to overseas accounts. Which is a security nightmare. Some Web browsers (UAs) are able to cache my password, so anyone using my computer could shift my money around. One time passwords would prevent this, as someone would require the new matching number.

ANZ, get a CLUE!

I imagine Finger Printing technology not only to be costly and stupid, but I heard from a Japanese security professional that elderly people do not have enough moisture in their fingers to use such devices.