Online Banking Usability and The Dreaded Card Reader
Last Updated on: December 21, 2022
When a little card reader called PINSentry arrived for one of my accounts with Barclays, I was initially a bit curious about the technology, but I quickly became frustrated.
Could I use my bank on the move? What if I am in Starbucks and I forget it? Where am I going to keep it on my desk? (yes, this is a concern for me!)
For those of you that are not aware, these card readers look like a calculator with a slot for your card at the top. You enter your card, enter your pin, enter a code from the website and receive a code to type back into the website.
A number of years ago, while working for an upcoming warehouse software company, I came across a somewhat paranoid but fascinating solution one of our clients used to protect their network. We often had to access databases remotely, and in this case, we did so via a VPN (a VPN is basically connecting to a private network over the internet).
The added twist was that we had to enter an extra code. This code was shown on a little keychain dongle that had been sent to us – while I don’t remember the name or details, the dongle gave us the password, and it was different every time.
We had geeky conversations between ourselves on how this thing worked and how the algorithm could possibly be cracked. Soon enough, we realised that the whole idea was a huge burden – many people needed to access the VPN from many different places, and we only had one.
We toyed with the idea of setting up a webcam and broadcasting the readout via a webpage, undermining security. Fortunately, the client scrapped this device altogether.
I write this because this is exactly the frustration we all face with bank card readers. Currently, I am in Koh Chang, Thailand, and I am carrying no less than three of these readers, one of which I had to have shipped from the UK after the original stopped working.
Why else are these readers a burden?
- They prevent multiple users from accessing the account simultaneously (think business accounts and shared accounts)
- They require your card, so two items need to be carried at all times. Some people never use their cards and have no reason to carry them.
- Card readers can break.
- Card readers need batteries.
- They are easily lost or forgotten
It is no doubt a big priority that these systems remain secure. Ultimately, that security is irrelevant if the customers do not use the service, bypass the security or transfer to banks with a more user-friendly security method.
So, in my opinion, the number one priority for banks and customers is usability.
Unfortunately, the card readers are just the icing on the cake for me. Some of the other frustrations I find with online banking:
- Non-standard login methods preventing your browser or password manager (e.g. LastPass) from working
- Poor design and technology decisions, causing major usability problems. (e.g. browser back/forward buttons causing logging out)
- Lack of stored data (most of my accounts only hold a couple of months’ statements)
- Lack of browser/device compatibility (no chance of banking online with my phone)
- Lack of reliable notifications for payments (did they receive it? what is the status?)
Fortunately, I have seen recently a couple of examples of great forward thinking in the online banking arena. Of particular note is Barclaycards’ excellent new online interface, launched around July 2009. You can see up-to-date graphs on your spending categorised by groceries/fashion/travel etc.
As Barclaycard have pioneered, what else can we look into for our online banking solutions?
- Notifications – RSS, Text, Email and/or desktop messages showing transactions, balance, charges, and statements available
- Phone integrations – an iPhone app for my banks, with push notifications, would be immense.
- Integrations – Achievable via notifications for a programmer, but some integration with invoicing software or personal finance systems would be a big time saver.
- Better exports – the ability to export all information from all date ranges
- Better use of information – What must be available on each transaction? Location, company details, exact time, balance at that moment etc.
- Standardisation across banks, allowing the ability to view finances together (perhaps only realistically achievable by integrations)
I intend to investigate further, although it seems that existing websites bringing finances together in a truly automated way are still in infancy, probably due to our banking system here in the UK.
It is only last year that the banks upgraded their systems to allow instant money transfers (instead of 3 to 5 days delay). From a reliable rumour I heard, this was due to some banks using the equivalent of spreadsheets to organise these transactions.
Some of the sites that are worth investigating (thank you to Emma Davies of LoveMoney for her contributions here):
Mint.com – currently seems to be USA only
Money Dashboard – looks slightly amatuer, although claims to integrate automatically. Try with caution, I saw them spamming on money forums. Still in Beta with no launch date.
LoveMoney.com – A new UK only company launched in April 2009, with online banking launched in December last year. Constantly improving with updates every two weeks.
Kublax – a 2007 seedcamp winner, but faces closure due to lack of funding. Could be saved by Simply Finance so still worth keeping in mind.
Wehuhu – No integrations yet (manual uploads) but this is a new service and could be expanding soon.
With some digging around, there appears to be a resistance from the UK banks which is delaying these types of systems. Quote regarding Mint.com “They’ve said they aren’t going to launch a UK version for the forseeable future. None of the major UK banks have gotten on board to allow sharing of transaction data.”.
Imagine the Future!
I am an optimist. I picture a time when I wake up in the morning, check my emails and see that I have received three payments with details of who from and the exact date/time they sent it.
This summary also shows that of the five payments I sent yesterday night, three have been received successfully, and two are still pending. My invoicing software is notified of the payments and marks the relevant invoices as paid.
Sat in my favourite coffee shop, I check out my iPhone banking app. I can quickly see the balance of all my accounts and credit cards (including available funds) and also that the two pending payments are now confirmed.
That evening I travel out of my home town and pay for petrol on my card in somewhere I have never been before. I instantly receive a text message to notify me of this transaction, due to its slightly out-of-character nature, with a web link and number to report the fraud and instantly freeze the card if necessary.
It is the end of the month, and I am checking my credit card statements. I can quickly see what I have spent compared to the past six months by expenditure category. I can see a graph showing my expenditure over the month and realise that the first week I went a bit overboard on clothes shopping.
My account shows that all bills are scheduled to be paid and calculates that there is enough money to pay them all, giving me a total of “free cash” that I can withdraw during the month.
This is just a sample of how much control we could have and how convenient banking could be. How nice would it be to see a cheap Macbook Air in the shop, check your finances instantly on your phone and only buy if you can?
Not very nice for the banks, it appears, which may be a reason they are dragging their heels when it comes to providing us with convenient information.
Why Banks Should Embrace
More control over our finances should theoretically mean fewer mistakes, fewer people overdrawn, less interest and fewer fines; all this equals less profit for the banks.
The reality is that not everyone will embrace these new features. Offering this technology does not instantly make everyone in the country good with money – those who are too busy, too scared and otherwise not motivated will still make the mistakes they always have.
The ones who crave this power will reward the banks with more business.
Advancing online banking technology will not put more money in people’s pockets, remove their greed or fix their lack of money skills.
Let me indulge you with an example. I always play it safe – if I have any doubt about how much money I have, I won’t buy it. I am not tricked by overdrafts, high credit card limits or buy now, pay later.
I like to think I know about money, and I don’t like paying interest – I always pay in full and on time. If I am given more control and information, I am likely to know precisely what I can afford and spend more
As a bonus, if I am told that buying a new espresso machine this month will only cost me £7.24 in interest if I put it on the card and pay it the month after, I will be tempted to do so.
There is an opportunity here for financial institutions to get a head start on others. I am not afraid to change to a bank that offers me more information, better access, more convenience and is more forward-thinking.
As banks know, an existing customer is more likely to take a loan or a mortgage or other products.
Better tools to access information and monitor information means people will use the banks systems more. More usage means more potential for advertising, up-selling and gaining customers’ trust.
If my bank embraced technology even slightly, I would respect them more and listen to what they have to say.
Solutions to Security
There still lie obstacles in the form of security put in place by expensive technology consultants and the paranoid media. Usability is almost completely ignored.
I admit I am not particularly security-focused, but I believe finding a solution that is convenient to the user is essential. Regardless, here are some potential security starting points:
- Instead of card readers, how about additional security only when unusual activity occurs? (e.g. different location of login)
- Grant lower security to those who want it. Give us a choice! I will take the risk because I know I won’t enter my details into www.barclaysbank.somerandomdomain.com/login
- Custom security levels. e.g. by default, require additional authentication only when money is transferred (customisable by the user)
- Bio-metrics – some way off for mainstream (who of you has a fingerprint reader?), but should be implemented when feasible.
- Trusted machines – link my laptop or desktop to the website, meaning I only have to jump through a hoop once
What do you think?
Are you happy with the banking system? Does the security inconvenience you, or do you not mind and prefer peace of mind? Do you have any alternatives or ideas?