Online Balance Poaching: E*Trade’s Mileage Maximizer

Credit card companies have been poaching revolving balances from each other for years primarily through direct mail. It helped boost the share of early movers, such as Capital One. But once the tactic was widely copied, it dragged margins down for all.

The same technique has been used online with dedicated balance-transfer microsites posted by Bank of America and others beginning in 2003. The online balance transfer is better than paper because it can be interactive, prompting the user to make additional transfers, or to correct errors in the information input. However, it still requires the user to make a trip to the website to make the transfer.

Etrade_mileagemaximizerEnter E*Trade’s new Mileage Maximizer program, launched with a page-dominating color ad in Tuesday’s Wall Street Journal. With the Mileage Maximizer, the bank encourages users to make purchases on their existing non-E*Trade rewards card, then have the balances AUTOMATICALLY swept to an E*Trade 8.9% APR line of credit each month. The bank’s website is used to initiate and maintain the transfer process. But like recurring bill payments, once the sweep is established, it will occur each month with no interaction by the user.

E*Trade may well be the most innovative online financial services company. Here are some of the industry firsts they’ve logged over the years:

  • 2001: MyLoanTeam from E*Trade Mortgage (OBR 73)
  • 2003: Real-time funds transfers (OBR 96/97)
  • 2005: 7-year online transacation archives (OBR 118)
  • 2005 (March): First U.S. bank offering security tokens for online access (NetBanker 2 March 2005)
  • 2005 (December): First virtual rewards card, Mileage Maximizer


Editor’s Note: Mileage Mazimizer was awarded an "OBR Best of the Web" in our report on online lending published Jan. 31, 2006 (OBR 126).

Citibank Fights Fraud with Personalized Emails

Citi_secure_email_closeupIt’s fitting that the financial company most targeted in phishing attacks, Citibank, would be the first to introduce a new email format that goes a long way towards helping users identify legitimate email messages.

Citi_secure_email_message The personalized emails (click on inset to enlarge) include not only the name of the recipient, but also the last 4 digits of the user’s ATM card. While simple personalization with the customer name would help many users identify legitimate emails, it’s far from fool-proof.

First, there’s the relatively common practice of including first name and/or last names in email addresses. Also, some phishers are using direct marketing tactics and first running email addresses through various databases to append actual names and other info to the email record in order to develop a personalized pitch (see ZD-Net article).

Citibank’s new email format was announced to customers through a short message on the top of the online banking screen in early May. It is also now mentioned in the bank’s main FAQ page.

This is a great first step in winning back the confidence of users. Eventually email standards will evolve so that the email client will be able to readily identify legitimate emails, but that could be years in the future.

If you are considering a similar approach, you might want to let users choose the name and identifying information that appears in the personalization box. In February, we reported on a UK security initiative that took that approach.

For more information:


Editor’s Note: Citibank received an OBR Best of the Web award for this and other security features in Online Banking Report #119, "Marketing Security."

Bank of America Unveils Multi-Factor Security for Consumer Accounts

Obr_bestofwebBank of America wins the race to be the first with a viable plan to secure consumer online banking accounts. In an announcement today, it becomes the first major U.S. bank to endorse multi-factor authentication for consumers at login.*

The system, already in use at Stanford Federal Credit Union, is called SiteKey. The clever approach from Bill Harris’s PassMark Security provides several layers of security to defeat phishing and keylogging attacks. The company calls it two-way two-factor authentication because not only does the end-user authenticate themselves to the bank, the bank authenticates itself to the user to defeat phishing schemes.

Here’s how it works (click on inset below for BofA page):

  1. User provides username
  2. BofA verifies that the login request is coming from the user’s previously registered computer; if NOT, user must successfully answer a challenge question based on previously registered shared secrets
  3. After passing steps 1 and 2, the user is shown their previously selected image, so they know they are logging into the true BofA server
  4. User enters their password

The service launches in mid-June in Tennessee with full roll-out by the end of the year.

Even though it’s long overdue, we applaud Bank of America for moving the industry forward. While the program won’t be available system-wide until year-end, we’re giving it an Online Banking Report "Best of the Web" now because it’s the biggest development in U.S. online banking for several years.

The BofA/Passmark system is ingenious for several reasons:

  • Unless a user logs in from a new computer, there is little extra work involved; just a two-step login with username, followed by the password
  • Requires no hardware or out-of-channel coordination by the end-user; shouldn’t cause a major increase in customer service expense
  • Defeats phishing by displaying a personal image prior to asking for password
  • Defeats keylogging with the rotating challenge question

If you are at one of the other 15,000 financial institutions in the United States, the clock is now ticking. As your customers find out they are not among the 13+ million consumers (BofA’s current online base) receiving extra protection, they will be demanding the same from you. And if you thought BofA was aggressive in its free bill pay promotion, wait until you see the marketing blitz on this one. Extra authentication simply MUST BE in your 2006 plans.


*For several years, ING Direct has asked for a third bit of info at login, but the necessary info is relatively easy to obtain (for example, zip code). Also, earlier this year, E*Trade launched security tokens for its high-rollers. But BofA is the first with a broad, secure, and non-hardware-based approach.

Bill Payment Toolbar from Billeo

Billeo_click_to_enlarge Just when you thought the banks were gaining an upper hand in the electronic bill payment battle, up pops a newcomer with a fresh approach. Take a moment to check out Billeo. An odd name, but so is iPod, and it seems to be working pretty well.

We haven’t used it yet, so these comments are preliminary, but "on paper" this company and its approach appear to be winners. (One caveat: the business model is unknown, and the privacy policy is a bit ambiguous when it comes to the issue of adware. We’ll keep you posted on what we find out.)

Billeo is a free toolbar-resident application that plays "virtual assistant," enabling more convenient and controlled direct bill payment at vendor sites. The toolbar also serves as an e-wallet simplifying online point-of-sale transactions.

The toolbar contains several unique features, one of which is extremely impressive, the ability to save screen captures of transaction receipts. The application also includes payment reminders, a payment register, and a personal "bill payment" email address for users.

There are several familiar names associated with the startup. Nancy Langer, a former exec at Metavante, is the president. The advisory board includes Eric Dunn, formerly with Intuit, Shankar Srinivasan co-founder of Cyberbills, and Scott Loftesness of Glenbrook Partners.

We’ll dissect the new service in Part 2 of our upcoming Electronic Payments Report in Online Banking Report.


Editor’s Note: Billeo was named "OBR Best of the Web" in the second part of its series on E-Payments (OBR 119) published in June 2005. 

MBNA’s Bill Pay Choice

The credit card giant offers online payment of outside
bills even if the merchant payee does NOT accept credit cards.



MBNA ($142 billion, 40 million cardholders) offers something we’d
been expecting for years, a bill payment program that draws payments from a
credit card. The company even posts the transactions as cash equivalents,
offering the same 15- to 45-day float afforded regular card purchases.
However, bill payments do not earn points in MBNA’s reward programs.
Furthermore, payees are limited to those that can be paid electronically by
CheckFree, although that’s now covers 70% of the processor’s volume.

Consumer Benefits


  •       Added float, as one message board poster said, “why worry
    whether you get a few days float (from your bank), when MBNA provides a
    whole month”
  •       Convenience of tracking more expenditures through the
    card-management system.
  •       Ability to repay over time.
  •       Option of charging bills to an MBNA card or debiting from any
    checking account.
  •       Free, so long as the cardholder initiates at least two payments
    per month from their card account (see fee schedule opposite)


  •       No real drawbacks, except for the confusing price schedule.
    Consumer advocates might argue that it encourages cardholders to take on
    more debt, but they could already do that by paying bills with convenience

Financial Institution Business Case

We’ve long maintained that loan generation is the most important
institutional benefit of online bill payment because. Why? If given the
opportunity, users will likely charge several bills per year to an
integrated credit line .

While you will lose money on convenience users who repay the charges each
month, revolving balances should more than compensate. For example, in our
back-of-the-envelope calculations, we estimate a total net profit of $60 per
year per user of credit card bill-pay, or $600,000 annually across a
10,000-user customer base. 

The Most Confusing Fee Schedule in the World:
MBNA’s Bill Pay Choice may be among the most flexible online, but
its fee schedule is utterly confusing. Perhaps the company should consider
charging a nominal flat fee that’s waived if charging 2 or more bills.


Of course, any new credit card program must be monitored closely for abuse,
both outright fraud, by setting up a phony electronic merchant, and less
sinister gaming of the system where a user becomes an electronic merchant on
CheckFree’s system and pays himself each month to earn the float. However, since
no reward points are awarded, there is far less incentive to play games.

Card issuers could limit their exposure by setting a maximum monthly amount
of bill payments, especially for new cardholders.

How it Works

MBNA cardholders must first register for online access at MBNA’s NetAccess
 After that, they register for Bill Pay Choice. Users can pay bills either by
charging to their MBNA card or debiting any U.S. checking account. MBNA does not
offer its own checking account; however, payments can be drawn from MBNA’s money
market account.

The service is free unless the user pays bills only from their checking
account, in which case the fee is $0.75 per transaction. Users may qualify for
unlimited free checking-account bill payments provided they charge at least two
bills to their card each month.


Table 13
Mini Business Case: Card-based bill payment

monthly benefit, assuming 6 payments totaling $1000





Direct Costs  


Cost of float 30 days at 2%


Cost of transactions 6/mo to CheckFree


Cost of service/mo internal


  Total cost/mo  


Direct Revenues  


Increased outstanding balances $167 x 12 months
x 5% spread*


Fees from DDA trans  


  Total revenue/mo  


Net profit/mo  






Extra interchange from increased charge
1% x $300/yr


Increased retention 2% increase x $150/yr


Total per user
   per 10,000 users



Source: Online Banking Report estimates, +/- 33%, 2/04
Revenue assumptions: 1 out of every 10 bills will be revolved (10%); revolving
balances will be repaid in equal installments over 12 months (6 months average
life); interest rate spread = 5% (net of charge-offs)

“Check’s in the Mail” Good Enough For PSECU

Innovative Upost@home provides real-time credit for
mailed deposit items


In a remarkably simple yet highly innovative service Pennsylvania State
Employees Credit Union
(Harrisburg, PA; 290,000 members; 160,000 online
 gives qualified members immediate credit for items “deposited” online.
Users logged into online banking simply choose the Move Money tab and
follow the simple instructions. Members then have 10 days to get the deposit
to the credit union via U.S. mail before the items are backed out. There is
no fee.

To limit fraud and errors, only about 20% of the CU’s member base is
eligible for the program. These 65,000 eligible members start with $1500 in
deposit credit, but it can be increased at the discretion of the credit
union to as much as $8000 based on usage. Deposited funds are immediately
available for use and earn interest from the day of the online deposit


PSECU has long used a similar system for ATM deposits offering credit as
high as $20,000. The online version Upost@home, the brainchild of VP
Tom Ruback, was launched in November 2001. However, until
recently it hadn’t been publicized widely outside its member base. Four
months ago a second CU, Pentagon Federal Credit Union’s
  launched a service modeled on PSECU’s.  Pentagon Federal’s Trust In
program has tighter limits, beginning with only $750, and increasing
to $2500 based on usage.


The CU already had experience with real-time credit of ATM deposits,
suffering minimal losses across its 68,000 users (making about 180,000
deposits/month). So it was confident members would continue to be
trustworthy through a similar online system.

The online version’s volumes are lower, but are building. In December,
nearly 11,000 members made 24,000 deposits, worth $10.5 million. In the
first two years, more than 19,000 members have made deposits of $125
million, $83 million of that in 2003. More importantly for anyone thinking
of recreating the program, the service has lost only $2000 to fraud, while
saving the CU more than $100,000 in interchange.

Active users average two deposit sessions per month, with each session
containing slightly less than two items, for a total of 3.8 items per month.
At an average of $260 per item, total monthly deposits average $1000 per
active user.

Consumer Benefits

Since it’s an unusual benefit, members often need coaxing to try the
feature. PSECU sends online banking users a letter explaining the service.
Follow-ups to non-users contain a $1.37 check that can only be deposited
through the Upost service. Repeat usage is high once members
experience the benefits.


  •       Added convenience of simply dropping deposits in the mail; no trip
    to a branch or ATM, no waiting in line
  •       Peace of mind knowing an image of each item will be available in
    case of dispute
  •       Earns interest immediately
  •       Can immediately withdraw cash or make payments with the virtual
  •       A record of each deposited item is viewable within the check
  •       Preaddressed envelopes are available at no charge (NOT prepaid)


  •       Must order or provide envelopes and locate and pay for stamps
  •       Must remember to mail within a few days
  •       Failure to mail deposit could result in negative balance and
    bounced checks

Business Case

For a credit union serving 290,000 members through two branches (10 total
teller windows) and 20 deposit-taking ATMs, the remote deposit program is a
win-win. Members like it for all the reasons mentioned above, and the CU
saves more than $0.70 per deposit compared to foreign ATM interchange fees.*
The CU can continue to minimize its bricks and mortar costs (90% of its
members have never set foot on PSECU property) while offering an innovative
benefit to online banking users.

*The CU estimates each Upost deposit cost $1.16 to process
including an “inflated” value for lost float. In comparison, it pays
about $2 for each deposit put into a non-PSECU ATM.

Table 19

Deposit Float

calendar days to receive online deposits, 2003

Source: PSECU, 1/04, deposits processed Jan through Nov 2003

How it Works

Initiating a deposit online is a simple process:

1.    Within the CU’s online banking area, members then choose the
Move Money
tab (screenshot 1).

2.    Choose Start to initiate a new deposit

3.    Member enters five fields: check number, date check written,
amount, who wrote it, who it was made out to (screenshot 2):

4.    Repeat 3 for each deposit item, choose Finished

5.    Write the session number in the space provided on pre-printed or
blank envelope

6.    Drop the deposit into the mail

7.    Deposited items are processed and images posted; the deposit line
is reset

Members receive instant credit for the deposit and can view deposit
details either through the Move Money interface, by selecting
Deposit Details, or by clicking on the deposit within their online
check register. Once the paper items have been processed, members can view
images of the deposited items.

The CU contacts the member by phone if the deposit has not been received
by the eighth day. In 2003, 81% of Upost deposits were received by
day four and more than 98% were received by day eight. Just five out of
every 1000 (0.5%) never arrived.         


Table 20

PSECU Online Deposit Activity for 2003

Upost usage by PSECU


Source: PSECU, 1/04


Greg Smith is CEO,

Tom Ruback is VP Card Services,