The first rule of internet banking

The first rule of internet banking, is, surely:

"If you ever have to phone a call centre, the system has failed."

(in the sense that the system (as a design concept) cannot then rightly be described as internet banking and has failed to meet its requirement specifications)

(There is of course a corollary to that, which is that if the system (as a computer interface) has actually 'failed', you must have access to phone or branch banking as a fallback in such an emergency :-)

I'm curious as to just how many internet banking systems are a failure, as per my "first rule"?

To take one example:

Alliance & Leicester.

I'm about to move, so I'll give them my new address. Login (authenticate) to internet banking, click on "email" link. Choose message category from list: "Change account details". Send email to A&L, from secure, authenticated, environment, with new address details. So far, so good.

Receive reply to email as conventional email to my email address. Umm, given that I wrote in a secure, authenticated, environment, shouldn't replies be sent to the secure, authenticated, environment?

The reply from A&L says "Can't do that by email. Please phone us."

So why have a "Change account details" communications category if they are unable to act on it?

And *why* are they unable to act on it?

I have logged in to the internet banking site, and authenticated myself as myself. If that's good enough authentication for me to withdraw all my money and run away, surely it's good enough authentication for me to tell them that I'm moving?

The only way I can access their email form is by being logged in to internet banking, therefore, if I am logged in, it has to be me using the form (or somebody who has my details, in which case having statements sent elsewhere are then the least of my worries..).

If their system has any integrity whatsoever, the routing information for the email (assuming the internal relaying of the communication to be by email and not by any more secure means) will show that the email originated from the secure, authenticated, webform.

So, what is their problem?

I've replied and pointed out the ridiculousness of this situation and asked them for a postal address to send change of address details to. I've got better things to do than wait in a call centre queue to painfully spell out my address to them (and explain the hardly-uncommon concept of flat numbers to them) when I could more easily present them with the address in a textual format with no room for error.

(This is why we invented the concept of the letter: to allow interactions to take place without the hassle of both parties having to be in the same (virtual or otherwise) place at the same time)

It's almost enough to make you switch accounts, even the couple of quid extra interest isn't worth this hassle.. Who's [1] doing the next-best online saver account these days..? ;-)

[1] Anybody who requires telephone interaction (except, *perhaps*, during the initial set-up) with their internet bank is automatically ruled out.
Reply to
David Marsh
Loading thread data ...

Which is more than I got when I wrote to them about an incorrect DD.

They are thick ime as a personal and business customer. Avoid the 'customer service' end of the operation and make your complaint to the head office

Ask the usual suspects - FirstDirect, Nationwide & Smile. Keep the AL account open with a nominal balance as some credit scores give more points the longer they can see you've had an account.

Daytona

Reply to
Daytona

The Nationwide online service is pretty brain-damaged, although the E-savings interest rate is pretty competitive. Anything non-trivial can't be handled online (even asking them to readvise your PIN - which you can get online at Egg). You have to phone them.

The Egg savings account may not have the best interest rate around (unless you are a new customer, but don't get me going about that) but I keep a bit of money in there as it gives me access to their excellent money manager facility.

Brian

Reply to
BrianW

First Direct's e-savings and mini e-isa accounts have very competitive rates, and I would heartily recommend them. I find I can do everything I need online (I can't remember the last time I had to phone them, it must be well over a year ago). Their internet banking plus facility is also excellent.

Reply to
Snuggles

Possibly the issue is that of identity fraud. It is one thing for someone to break into your account and access the money in that account and another for them to have your account details registered at their address by which time they are a fair way towards establishing themselves as you.

Reply to
Tony Lewis

At 22:42:15 on 12/03/2005, BrianW delighted uk.finance by announcing:

You don't need an Egg account at all. I had a Credit Card which I cancelled over

6 months ago and I still have access to EMM.
Reply to
Alex

Daytona wrote in uk.finance about: Re: The first rule of internet banking

That doesn't sound encouraging.. :-(

Ah, and to think I used to chortle heartily at their "compact and bijou" advert (not that the ads succeeded in making me open an account at the time, either).. ;-)

Not particularly keen on FirstDirect, it being part of one of those strange no-branches-here foreign banks from the south ;-)

(And I recall there were at one point ethical issues about Midland/HSBC, not sure how they stack up these days?)

Nationwide are excellent as a "bank", but, surprisingly. given their mutuality, their savings rates are really less than particularly special.. (not bad, but definitely not great, either)

..and smile's rates really are laughably poor.

It wouldn't be worth it, it's just a savings account. I'll stick with it for now, given I can't really be arsed opening a new account elsewhere, but I'll be on the lookout..

Reply to
David Marsh

BrianW wrote in uk.finance about: Re: The first rule of internet banking

Works fine for me. What don't you like about it? My only complaint is they don't update your balance until 6am, rather than at midnight, so you can't check, for example, whether your salary's gone in before you go to bed. (Bah.)

It's /alright/, but ING equals it (and at one point were ahead, I'm sure), plus ING pay interest monthly, too, which is a plus for me.

That's a bit annoying. Fortunately, that's not a problem I've had to experience.

Hmm, 4.75%'s not really very special. :-( (And, if it makes you feel better, the introductory offer has now expired, not really worth all the vpaperwork for just 6 months-worth, anyway..)

That's the jackpot of all cracking/phishing attacks waiting to happen, if you ask me!

You won't catch me keeping all my baskets in one egg..

Reply to
David Marsh

Tony Lewis wrote in uk.finance about: Re: The first rule of internet banking

[snippy] [A&L unable to process change of address by email]

Perhaps, but if somebody has øwned my authentication details such that they could use the secure, authenticated, email form from within the online bank, then they could equally well use those details (if needed) on the phone to the bank, and impersonate me that way, so the form is no less secure than the phone.

Or they could, as I'm about to do, even write them a nice paper letter telling them that I've moved, and nobody would be the wiser that it wasn't me (I'm not sure if A&L actually have a copy of my signature anywhere).

Reply to
David Marsh

In message , David Marsh writes

Funny coincidence

I sent a mail yesterday to the sort of organisation likely to refuse requests by email and attached my own privacy notice to it. Use/Amend at your leisure

Privacy notice: I don't care that emails might be insecure. The phone is also insecure as people around me can hear me talking but people around me don't generally see what I'm writing in an email. Therefore, I consider email not only to be more secure than voice, but also a lot more convenient as there's no waiting in queues, no reception problems, no phone bills, no menus to work with and my mail can get passed from person to person without wasting my time. Therefore, despite any concerns you may have about e-mails being insecure, I have found that since having used email continuously since 1983 (22 years ago) none of the alleged problems with mail have turned out to be an issue for me. However, I do have a PGP key and can send and receive high grade encrypted email if necessary. Therefore , please use email when corresponding with me rather than voice and stop propping up stereotypes about the Internet being insecure. Other avenues also have their own security issues.

Reply to
Craig Cockburn

BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.