The first rule of internet banking, is, surely:
"If you ever have to phone a call centre, the system has failed."
(in the sense that the system (as a design concept) cannot then rightly be described as internet banking and has failed to meet its requirement specifications)
(There is of course a corollary to that, which is that if the system (as a computer interface) has actually 'failed', you must have access to phone or branch banking as a fallback in such an emergency :-)
I'm curious as to just how many internet banking systems are a failure, as per my "first rule"?
To take one example:
Alliance & Leicester.
I'm about to move, so I'll give them my new address. Login (authenticate) to internet banking, click on "email" link. Choose message category from list: "Change account details". Send email to A&L, from secure, authenticated, environment, with new address details. So far, so good.
Receive reply to email as conventional email to my email address. Umm, given that I wrote in a secure, authenticated, environment, shouldn't replies be sent to the secure, authenticated, environment?
The reply from A&L says "Can't do that by email. Please phone us."
So why have a "Change account details" communications category if they are unable to act on it?
And *why* are they unable to act on it?
I have logged in to the internet banking site, and authenticated myself as myself. If that's good enough authentication for me to withdraw all my money and run away, surely it's good enough authentication for me to tell them that I'm moving?
The only way I can access their email form is by being logged in to internet banking, therefore, if I am logged in, it has to be me using the form (or somebody who has my details, in which case having statements sent elsewhere are then the least of my worries..).
If their system has any integrity whatsoever, the routing information for the email (assuming the internal relaying of the communication to be by email and not by any more secure means) will show that the email originated from the secure, authenticated, webform.
So, what is their problem?
I've replied and pointed out the ridiculousness of this situation and asked them for a postal address to send change of address details to. I've got better things to do than wait in a call centre queue to painfully spell out my address to them (and explain the hardly-uncommon concept of flat numbers to them) when I could more easily present them with the address in a textual format with no room for error.
(This is why we invented the concept of the letter: to allow interactions to take place without the hassle of both parties having to be in the same (virtual or otherwise) place at the same time)
It's almost enough to make you switch accounts, even the couple of quid extra interest isn't worth this hassle.. Who's [1] doing the next-best online saver account these days..? ;-)
[1] Anybody who requires telephone interaction (except, *perhaps*, during the initial set-up) with their internet bank is automatically ruled out.