Online banking

[stewboy]

Ok, so, I found out yesterday that I've actually got an assignment due soon for uni.

I'm assuming a lot of you do your banking online. The scenario for the assignment is that I need to redesign a bank's online banking system, perhaps incorporating recent technologies (eg social networking). To do that, I need to find out how everyone feels about the current systems.
How do you guys feel about online banking? How often do you use it? Is there anything that you feel you need but that you don't have? If so, do you have any ideas about how those needs can be addressed?

All I basically need to do is identify users' needs, then choose two different generic user profiles ('typical users') and create scenarios for how they use the banking system, and for each, propose a new design concept to address their needs.

Help me, guys!

[Creaphis]

I always pay my credit card bills online, and otherwise manage my accounts from there. I certainly don't need my online banking account to be integrated with my Facebook account. The only things I'd like in addition to my bank's current system are:

-Easier browsing of past transactions (I shouldn't have to query the system four different times to see four months' worth of transactions)
-A system in which I can add more "bill payees," as in, more possible destinations for online payment, without having to call my bank. It seems like this is something that could be automated.

I don't know how much this helps you.

[Reisal]

I use it for checking my balances, transferring funds and to pay my CC when needed.

[wildweasel]

Banking doesn't have nearly enough Farmville.



...In all honesty, though, I think my online banking site is just fine for what I need it for, which is checking my balance on my checking account.

[Stygian]

I'm signed up for online banking, but I generally just wait for my statements to come in the mail.

[VinceDSS]

As of now, I would not want social networking sites involved in my banking accounts, for security reasons. (did you know facebook literally "owns" everything you put in there ?)

Besides that I use online banking a whole lot. From paying bills, checking credit card transactions (contesting them if needed), transfer money, manage my portfolio, manage my IRA and 401k, pay the mortgage, order checks and whatnot.

I go there a few times a day.

[Bank]

What's this about Bank?

[Graf Zahl]

Creaphis said:

... my online banking account to be integrated with my Facebook account.

A scary thought that some peole might be lazy/stupid enough to give a company like Facebook access to such vital information...

[Jodwin]

Security. Everything else is secondary. What more important, it has to be security not related on technology, but to the way you access the service.

Case in point: In, at least, Scandinavian countries you are given a username/password pair and, in addition, a list of one-time passwords which you need to use to access the online banking service. Once used, you will be sent a new list of passwords, so that even if someone finds out your username and password they can do nothing without your list of codes, or if they get your list of codes they can't use it without your login. Even keyloggers are useless since each code can be used only once.

On the other hand, I know that a lot of online banks at least in the States use nothing but a username/password pair for accessing the service. This is ridiculously easy for anyone with enough malicious intent to break through. Keep in mind that we're talking about people's and companies' money here, it's not something akin to hacking your forum account, or your myspace. This is much more serious business (for real), and using nothing but a username/password pair is the fucking most stupid thing ever for an online bank.

And, see, it's not a technology-related security issue. You can throw in as much encoding or what-not as you want, but that can always be cracked given enough time and computation power. But if the system itself prevents any kind of access for you (since you couldn't access the codes), that's security much, much stronger.

[GreyGhost]

Linking third-party sites to your online banking account is bound to be a wealth hazard. I'd pull my money out of any bank fool enough to permit that.

My credit union uses "Personal Icons" as a second line of security. After entering their password, an account holder's presented with a jumble of icons out of which they have to select their own in a specific order.

One feature I'd like to see in online banking (which would require the co-operation of other banks so I don't expect it happen any time soon) is an account validity check on user-entered details before funds are transferred. I absolutely loathe being slugged Transfer Reversal Fees because some idiot messes up their BSB or account number - especially when the reversal fee exceeds the sum transferred!

[Enjay]

Heh, I'm a banking Luddite. I have one account and I use ATM machines to check my balance and take these paper certificates called "munnie" out. Then I use the "munnie" that I have taken out to buy "stuff". When I run out of "munnie" I go to the ATM and get more. :P


Then I come home and wonder why all sorts of banking organisations that I have never had any dealings with are sending me e-mails, in poor grammar, asking me to confirm my full name, date of birth, address, and mother's maiden name because they want to clear up a security breach in my online account. ;)

[kristus]

My online bank does pretty much everything that you need from banks. That is all.

[DoomUK]

What has been said. I use online banking to see how much money I have/don't have.

[Scet]

What would the facebook link even do? Tell people how much money you transferred? It sounds really stupid, but as long as it isn't a risk to non-facebook users I wouldn't really care.

My only complaint about the site I use is that it takes forever to view past history(so what Creaphis said). I would prefer an option to "show X last transactions" then the "last X days" system because I don't have many transactions and my bank defaults to something like seven days. Also store any settings in the database, not stupid temporary cookies.

[Jodwin]

Thinking a bit more about different "services" available through my online bank, there's not really anything more that I'd like to use. I'm able to manage my loans (currently just my student loan), my investments, with some banks my insurances and so on in addition to just viewing the money on my account. What I mostly do is just paying bills, withdrawing my loan and checking how much money I've got left, but I've also used automatic billing when I've been out of country for too long to get my bills from mail.

So there isn't really anything more that I'd like to use - in fact, there's even plenty of features that I personally don't see any use for yet. But the only issue I've had with my bank is the, at times, bad navigation. For example, for some reason I'm not allowed to check my loan balance from any other page except the "withdraw" one, and putting money on my credit card is made more complicated than it needs to be.

Only thing I've done in a real bank during the last few years was getting my credit card - applying for that was the only thing I wasn't able to do.



(okay, maybe it would be great if I was able to pay my online shopping aboard with little to no service fees without needing to use a credit card or Paypal, but that's not an issue you could fix with better online banking systems alone :P)

[stewboy]

I didn't mean linking Facebook to your banking account. Social networking does not necessarily mean Facebook. Doesn't matter though.
Thanks for the help, guys.

[Jonathan]

Most online banking sites I've used have suffered from very poorly designed UI, so if I was changing them, that's the first thing I'd fix, but I'm guessing that's not what your assignment's about.

Online banks generally make a decent fist of letting your manage your accounts, but what I'd really like them to do is help me manage my finances. They would have facilities to help me track my expenditure and see where it was going, and help me produce saving plans and even create savings accounts to transfer money into. For example, if I'm a student, I'd like to be able to enter my fees, rent dates and student loan details and see how my finances are likely to pan out over the year, and the amount of cash I'll have to spent on ancillaries. If I'm thinking of buying a new house, I'd like to see how my increased mortgage payments will affect my finances, and simulate possible knock-on effects of higher electricity and gas payments.

[Super Jamie]

I have used a few online banking systems.

First, like Jodwin says, is security. My bank just uses user/pass and doesn't let you use punctuation. I think this is stupid as it makes passwords magnitudes easier to crack. If I log in incorrectly three times then the account gets locked for increasingly larger intervals. I assume repeated login attempts (like a bruteforce) will result in my account being locked permanently and me receiving a phonecall asking what's going on. I've seen login systems where you choose pictures of birds/houses like a non-textual password though I'd really rather just type. Definitely enforce a minimum password length.

For adding billers to BPay or really large transactions I have to authorise transfers with a fast-expiring code which gets SMSed to my phone. I've made several large transfers once as I was paying for something big and actually got a phonecall on Sunday afternoon just asking if everything was ok, so evidently there are people monitoring this stuff 24/7 (or at least daylight hours) and some sort of algorithm which flags irregular transactions for follow up.

Secondly, I'd focus on the web technologies used. There are several ways to disable use of the Back button (ie: using backend Forms for everything) which should be important so people don't queue up the same thing 50 times and hit ok. I'd also keep the site as "skinny" as possible so it works on cut-down browsers like mobile/handheld devices and Javascript-restricted web kiosks. There's nothing more annoying than being in a strange place and not being able to check how much money you have or pay a bill. This could also be solved by developing a mobile version of the site, which would be nice. Don't tie it to any specific platform (ie: iPhone, BlackBerry, Android) regardless of how popular they are in your demographic. Make it as universal as possible.


I don't understand how your teacher expects you to integrate social networking into internet banking. Private money management is the exact sort of thing you DON'T want socially networked. Methinks your teacher is just throwing around buzzwords?

The most generic banking user I can think of would be a single user who gets their pay into one account, pays bills from that account, has a separate high-interest savings account and has a credit card, all in the one country and the one currency. That's me. You could ask business people (your parents, family friend, etc) how they use netbanking and get another generic profile from that.

[Hellbent]

Bank said:

What's this about Bank?

why do you have such a fuzzy name?

[Grazza]

I use online banking for my New Zealand accounts, as it seems to be reasonably secure and not overly complex. It is also a good deal easier than visiting my branch in person, given that I am normally about 19000 or 14000 km away from it.

I don't use online banking for my UK accounts. I tried it once and it seemed a mess. Overly elaborate security that reduced everything to one-word access, more or less, and which tried to force me to set my internet security settings to "please rape my computer" level in order for the bank's security systems to kick in. Fortunately, telephone banking works reasonably well, except for random inconsistencies between what you can and can't do with business as opposed to personal accounts (either their own rules change every so often, or some of their staff differ in their understanding of them).

My father has accounts with a different UK bank from me. He decided to sign up for online banking with them, just so he could check his balances online (not to make transactions online) without having to telephone them. Unfortunately, once he had done this, it turned out the deal was: he couldn't then use telephone banking at all (it was an either/or) and he needed to get a card reader to use any online banking services (even to check his balance). Marvellous.

I manage my UK-based investments online, but that's pretty much essential in order to be effective. Gotta be able to trade quickly. The systems for this seem reliable enough.

And while we're on the subject of banks, it's annoying how often my card gets stopped*. And it's normally for quite mundane purchases in the UK; big purchases abroad in exotic locations never get queried. I particularly liked when I was in Canada, and they queried a few (very small) purchases made in Greenland and northern Canada. Fair enough perhaps, but when did they telephone me to ask about these transactions? Yup, 3 am Ottawa time.

I try to use cash as much as possible nowadays...

One of my pet hates with banking secuity systems (online and telephone) is the way so many of them insist on you putting in your date of birth. FFS, this is one of the easiest pieces of information for an identity thief to discover, so why not dispense with it and substitute a real security measure?

---------------
<small>* By that I mean that the anti-fraud guys at the bank decide that some transactions look suspicious and therefore prevent further use of the card until I have got in touch with them to confirm that the purchases were indeed made by me.</small>

[Ralphis]

I'd love to have online banking be able to show me statements further back than 3-6 months...I mean, it's not like it's taking up physical space to allow me to go back 2-5 years in statements.

[RestlessRodent]

Online banking is nice, the interface is simple and does what it needs to do. I looked at all my statements and the only direction the money in the bank goes down.

Grazza said:

stuff

Sounds like you are in the illegal business with multiple off-shore accounts so that the government cannot freeze your account.

[GreyGhost]

Super Jamie said:

Don't tie it to any specific platform (ie: iPhone, BlackBerry, Android) regardless of how popular they are in your demographic. Make it as universal as possible.

Seconded - there's few things more annoying than a browser-specific website. Unfortunately my credit union's online banking system is becoming difficult to access from non-Microsoft browsers.

[Mordeth]

About security:

My medium-sized Dutch bank uses a secure logging system, consisting of an online banking part and a personalised (offline) gadget that acts as an authenticator. The authenticator has a personal 5-digit key, used to switch it on. The bank displays a generated one-time-only code online, which I have to copy on my switched-on authenticator. This scrambles back a different code, which I have to copy back online as answer. Only then do you get access. Transactions can then be queued online, commitment of any transaction requires another round of authentication.

Even if the data you recieve or sent is being sniffed, a potential thief has no way of predicting in advance what code needs to be sent in return, without having physical access to the authenticator gadget. Tricking someone to visit a bogus website also won't work, since there is no 'password' to type in... authentication results as a means of answering back the correct one-time-use code to a provided one-time-use code.

For webshops there's a online payment system, that works by asking my bank to do the required transaction. The bank requires a prior contract with this webshop. Authentication between the bank and me is same as described above.

[stewboy]

Thanks for the replies, but I handed in my assignment Monday before last. Feel free to continue the discussion though.

[the_lurker]

I keep all my money in a safe under my bed.

[Grazza]

GhostlyDeath said:

Sounds like you are in the illegal business with multiple off-shore accounts so that the government cannot freeze your account.

With deductive powers like that, you could get a top job at a bank.

Seriously, with the current state of banking, it is simply common sense to spread your money between many different banks, asset types and currencies, especially any in which you do business.

[Scet]

the_lurker said:

I keep all my money in a safe under my bed.

That better be a big safe that is also fire and water proof, otherwise that's horribly insecure. Also you won't get much of a credit rating or be able to deal with inflation with your money under the bed.

[SYS]

I don't like online banking. Mainly for reasons that Jodwin pointed out. My bank also boasts it's very own I-Phone application.

Grazza said:

And while we're on the subject of banks, it's annoying how often my card gets stopped*. And it's normally for quite mundane purchases in the UK; big purchases abroad in exotic locations never get queried. I particularly liked when I was in Canada, and they queried a few (very small) purchases made in Greenland and northern Canada. Fair enough perhaps, but when did they telephone me to ask about these transactions? Yup, 3 am Ottawa time.

Usually if you inform them that you 're going to be out of the country you won't have to worry about them phoning, or turning off your cards. They love to assume foreign transactions are fraudulent until you tell them they aren't. They just assume some bloke in where ever you are got ahold of your info and is cleaning you out.

[Grazza]

They used to request that, but recently my bank has been saying (as part of the automated message when you phone the relevant number) not to bother telling them if you'll be out of the country, as it won't affect whether they query transactions one way or the other.