Month: August 2010

FinovateFall Very Early-Bird Deadline is this Friday — Register Now to Save $200 and Lock in Your Spot!

By Eric Mattson Posted on
Categories: Finovate

FinovateFall_wdate_web.gif

For some people, August is a month of summer sunshine and family vacations.

For us, it’s when we finalize the list of presenters for FinovateFall and start getting really excited about how awesome the fall show is going to be. We’re only a few days away from announcing the 56 innovative fintech companies that will take the stage this fall to demo their latest and greatest and so that excitement is really starting to build.

The handpicked demo companies are innovating across the fintech spectrum from online banking to mobile payments to small business invoicing to investing to youth marketing and much more. It’s an incredible roster and they’ll be showcasing their new products to an audience that is equally impressive.

Just a few of the organizations that are already attending include:
Citi, Bank of America, J.P. Morgan Chase, RBC Ventures, Tower Group,
USAA, Capitol One, Black Rock, Discover, Intuit, Wells
Fargo, AXA, IDC, CIBC, Ally, Standard Chartered, Alliant CU, Rabobank, Umpqua
Bank, Visa, Associated Press, Canaan Partners, Harris Bank, H&R
Block, TD Ameritrade, AARP, SunTrust, Microsoft, Polaris Ventures, Aite
Group, Korn Ferry, Thomson Reuters, and Gartner.

If you’re interested in attending the conference, the deadline for Very Early-Bird Tickets is this Friday, August 13th (less than 72 hours away!). Registering now will save you $200 on your ticket and reserve your spot (space is limited and we’re expecting to sell out). We’ll see you in New York!

ericphoto.jpgEric Mattson is CEO of Online Financial Innovations, the parent company of NetBanker, Online Banking Report and the Finovate Conference Series. He can be reached at eric@netbanker.com.

Share this:

Send Post Twitter LinkedIn Facebook

The Need for Context-Sensitive Login Security

By Jim Bruene Posted on
Categories: PayPal, Security & Privacy

image I’m a frequent PayPal user and need access to it on the road while logged in to who-knows-how-secure coffee-shop WiFi. Whenever I entered my password, I was hit with the unsettling realization that this could be the time I handed over my credentials to a hacker.

So a few months ago I began using PayPal’s optional out-of-band, one-time password solution. Each time I log in, a random six-digit code is sent to my mobile phone. That code must be entered to complete the login. And while I feel much more secure, the extra 20 to 30 seconds it takes is a hassle, especially after a decade of password-only access (note 1).

To improve the user experience, while maintaining the extra authentication security, I’d like to see PayPal make the following changes: 

  • Instead of requiring the user to press the “send SMS” button after logging in, just send the SMS code automatically. I’ve logged in at least a dozen times since enabling this feature and I still forget to press the button. I usually look at my phone for 10 seconds waiting for the code until I remember that I must click the button.
  • Allow low-risk transactions to be authorized without the extra SMS code. I bought some iPhone chargers on eBay today for a total of $30. I would have preferred to skip the out-of-band authorization on this low-risk transaction, a small purchase made on eBay through my authenticated eBay account. 

Relevance for Netbankers
The second suggestion (above), what I call “context-sensitive security control,” is an important part of the tradeoff between security and usability. As long as customers are hassled for extra info only when the risk is higher, there’s a much better chance of gaining their cooperation, and attention, in security monitoring. Many banks feed an extra security question when customers log in from an unrecognized computer. That’s a great use of context-sensitive extra security.

Another situation where context-sensitive security controls can be deployed is for determining when an account is locked for excessive login attempts. If a user is logging in from a recognized computer, they should get far more leeway in the number of password attempts before the nuclear option, full lockout, is deployed. Unfortunately for me, Chase Bank has not yet taken this step (notes 2, 3).

————————-

Notes:
1. When we go shopping for a new business-banking relationship, out-of-band authorization capabilities will be a non-negotiable requirement.
2. Yesterday, Chase locked me out, without warning, after just 4 attempts (or was it 3?) from my main computer, which the bank knows very well. That’s ridiculous, from a recognized computer I should be able to try at least 7 or 8 times. I have multiple Chase accounts with different usernames and passwords and with a typo or two it’s easy to surpass 3 or 4 attempts.
3. Yes, I’ve whined about this before, but it’s been 3 years, so I was due.

Share this:

Send Post Twitter LinkedIn Facebook

The Eight Core Functions of Online Banking

By Jim Bruene Posted on
Categories: Strategies

image What could be more fun on a gorgeous summer day than boiling down online banking to its core functions?

From the consumer’s perspective, banking is pretty simple. You stash away some money in the bank and then you spend it. Rinse. Repeat.

The online/mobile banking experience should echo that simplicity. Here are eight key things users should be able to do: 

  • See: View balances, checks written, purchases made, images, and so on
  • Sort: Interact with the data by rearranging, categorizing, tagging and so on
  • Save: Store all data, images, and reports for future reference 
  • Share: Allow other authorized users to view/receive selected info
  • Send: Move money to pay bills, transfer funds, pay down loans and so on
  • Select: Choose account options, change service plans, modify settings, and so on
  • Service: Investigate and fix issues
  • Secure: Batten down the hatches for all financial matters

I believe the industry is only about 10% to 15% of the way towards delivering on these eight items. Most online banking services are pretty good with See. And there’s been a lot of work done with Secure and Send, but they are not nearly perfected yet (I spent 40 minutes in the branch Tuesday sending a $3,000 wire, and I still don’t know if the recipient got it). But the other areas are wide open.

Did I miss anything?

Note: Photo credit — Adonis Hunter (Flickr)

Share this:

Send Post Twitter LinkedIn Facebook

BankSimple Scores More Press

By Jim Bruene Posted on
Categories: Public Relations, Simple, Strategies

image In the history of online banking, has there ever been so many words written about a company before it’s even opened for business? I can’t think of any.

It’s a two-edged sword. Free publicity is great for building a brand. But it can also ratchet expectations up so high that delivering the goods becomes harder.

The BankSimple team is keeping things low-key on its website. You even have to search a bit to figure out how to get on its mail list (see note 1). But some of the press accounts are downright giddy over the yet-to-be-launched-nonbank bank (note 2).

image Case in point: Friday’s Mashable post which generated 1,000 Tweets, 365 likes, 33 comments, and eight Diggs. The author, Jennifer Van Grove gushes about BankSimple, using terms usually reserved for a new Apple i-something launch:

The Banksimple formula is one that puts customers first and focuses on automatic, “worry-free” money management with a digital twist and penchant for social integration.

…the startup’s bleeding-edge approach to banking that we predict will be both controversial and groundbreaking.

And these were the subheads in the article:

  • A New Way to Bank
  • Predictive Money Management
  • Social Media Meets Banking
  • Fee-Free for Real
  • The Zappos of Banks

But after all that setup, the reader comments were predominantly skeptical/negative. I think it all sounded a little too good to be true.

Relevance to Netbankers: Despite the skeptical Mashable comment thread, there is a real appetite in the country (world?) for fresh ideas in the banking sector. But there’s also huge trust hurdles for financial startups. BankSimple is planning a hybrid model. A Web-based, social-media-loving startup running on the banking rails (note 3). It worked for PayPal. It will work again (note 4).

——————————

Notes:
1. Prospective customers must first click on the Join tab on the far right of homepage. Users are asked for their email address (obviously) and something I’ve not seen before, their bank balance. Maybe it’s just me, but that seems a little too forward for a beta invite page and may dissuade some from leaving their name. Also, it seems just a bit out of step with the bank’s populist message. Not a big deal.
2. And given that this is our third post on BankSimple, I guess we are in that category as well.
3. We’ve written about this theme many times over the years; the last time we published a full report was almost ten years ago: Online Banking Report: Building the Amazon.com of Financial Services.
4. This is a general statement. Until I understand what it’s doing, I’m not predicting anything about BankSimple, other than it will get a lot more press.

Share this:

Send Post Twitter LinkedIn Facebook