Security & Privacy Archives - Page 2 of 11

Capital One Launches SureSwipe for Gesture-Based Mobile Login

By Jim Bruene Posted on November 11, 2013
Categories: Best of the Web, Capital One, Security & Privacy

One of my pet peeves is mobile banking login. Entering an 8-character alpha-numeric password is clumsy and security overkill for 99% of mobile sessions. Four-digit passcodes used at Simple, Mint and others is a good compromise, but then you have yet another password to remember.

I’ve been especially envious of the no-login, read-only services from Southern Bancorp, Commonwealth Bank (Australia), Bank of the West, Westpac (NZ), City Bank of Texas, Barclaycard and others.

While none of my financial providers has done away with the password entirely, Capital One just rolled out something pretty close, a password substitute that uses a pre-set gesture on the touchscreen to log in (see screenshots below).

I updated my Capital One app (v4.3) over the weekend and am happy to report that it worked as promised. It takes less than a second, and due to its uniqueness, it’s incredibly easy to remember (that probably changes if everyone started using various gesture systems). It’s currently available only on the iPhone, but it’s going Android in 2014.

Bottom line: While I think the bank needs to expand its explanation of the new feature (see note 2), it’s a fantastic development for the mobile experience. And we hope it spurs more innovation on the login front. As a result, SureSwipe is receiving our OBR Best of the Web award, the third for Capital One (archives; note 3).
______________________________________________

How it works
______________________________________________

1. At login, users are asked if they want to start using SureSwipe. If so, they press the “Create Your Pattern” button.

2. Users create their login pattern by running their finger between the nine dots. A minimum of four must be used and a few simple patterns are not allowed.

3. The gesture is verified by repeating it, then confirmed by the bank.

4. Users have the option of turning it off or resetting the pattern. To change the gesture, users must enter their existing alpha-numeric password.

5. At login, users are presented with this screen.
Note: There is an option for alpha-numeric login (bottom left) and pattern help (bottom left).

————————–
Notes:
1. Capital One SureSwipe landing page (at top of post)
2. I’m a little surprised the bank didn’t address security concerns on its landing page or within its app. There is no “learn more” when the option is first presented to users. I was super excited to see it, but I’m not sure normal users will be so understanding. I think many will have questions about how secure a pattern is compared to a normal password.
3. This is the third OBR Best of the Web for Capital One, all since 2010, when the card issuer began to really push digital distribution. Since 1997, our Online Banking Report industry newsletter has been periodically giving OBR Best of the Web awards to companies that pioneer new online- or mobile-banking features. It is not an endorsement of the company or product, just recognition for what we believe is an important industry development. In total, 90 companies have won the award. Recent winners are profiled in the Netbanker archives.

Share this:

Send Post Twitter LinkedIn Facebook

Digital Banking’s Nine Circles of Security

By Jim Bruene Posted on August 22, 2013
Categories: Security & Privacy

Yesterday, I was chatting with Jelmer de Jong and Jouk Pleiter from Backbase about their three levels of website security (see note 1). But since I just finished Dan Brown’s latest book, Inferno, which uses symbolism from Dante’s Inferno, I couldn’t resist expanding from three levels to the nine used by Dante Alighieri (circa 1320).

So with apologies to Dante, I bring you digital banking’s Nine Circles of Security. The layers are built around the idea that various digital activities require increasing levels of privacy and security. They start with the least secure info, and go from there.

Level 1
Cookies: Although cookies have a bad rap, they are extremely useful and most users would be quite unhappy if they went away. Use cookies to direct users to their preferred content, e.g. small businesses are shown the Small Biz page first.

Level 2
Social login: You want to know who’s visiting your site so you can cross sell and consumers benefit from identifying themselves so they get more personalized info. Banks can utilize social login (Facebook, Google, Twitter, Linkedin) to make the initial login process even quicker. Use social login to provide more personalization, friends lists, like buttons and so on.

Level 3
Automatic login to very basic info (read only): Many users would prefer ultra-quick access to their basic banking info such as account balance and recent transactions. Allow users to keep their session open for days or weeks at a time, but only show basic info that would be unlikely to lead to any fraud problems if accessed by unauthorized parties.

Level 4
Simple login to basic info (read only): Perhaps you don’t want to keep users logged in for long periods. Instead, make is super simple to get read-only access with by using a 4-digit PIN and/or eventually some simple biometric indicator (typing, voice, facial recognition, etc).

Level 5
Full access (read only): In level 3 and 4, users could login to basic info only (e.g balance and last 5 transactions). Level 5 graduates to full access to all accounts including funds transfers within those accounts. Users would be required to submit full username/password to gain admittance.

Level 6
Transactional authority up to ATM limits: Here users can move money outside of the bank up to the limits they and/or the bank established previously, e.g. $300 per day, no more than $2,500 in 30 days and so on. Users would have to pass “device fingerprint” and/or geo-location checks (e.g., use a pre-existing PC or phone) in order to move money out.

Level 7
Transactional authority up to higher limit: The bank and/or users would establish an intermediate dollar threshold (e.g. $2000/day, $15,000 in 30 days) that required an additional password/PIN to authorize.

Level 8
Account changes (eg password, address, beneficiary, etc.) would require an out-of-band authentication, typically to a pre-existing mobile phone number.

Level 9
Transactional requests above highest threshold: Anything above the higher thresholds in Level 7 would require the same out-of-band authorization, but would require a hold

period of at least 24 hours (set by bank) so the bank could follow up with users through separate channels to confirm.

Summary: If this sounds insanely complicated, it is on the face of it. But for most logins, this scheme would make it EASIER to access account data. Only the riskier maneuvers are guarded with additional security. And most levels of security hell would be transparent to the end user. They would simply need to remember a username/password, a 4-digit PIN, and have a smartphone. You would instruct them about when the various methods were needed.

———————

Notes:
1. For more on its vision, see Backbase’s FinovateFall 2012 demo.
2. Also, see how Backbase puts its famous UI to work for commercial banking at the upcoming FinovateFall.com Sep 10-11 in NYC.
3. Image credits: upper right, lower right
4. For more on security, see our Aug 2012 Online Banking Report, Delivering that Secure Feeling.

Share this:

Send Post Twitter LinkedIn Facebook

Financial Innovation Marches On, Even in July

By Jim Bruene Posted on August 1, 2013
Categories: Credit/Debit Cards, Launches, Prepaid/gift cards, Real Estate, Security & Privacy

I subscribe to about 800 blogs/alerts and usually find one or two new fintech companies, potential Finovate presenters, every single day. But July was slower, with the pace of new companies dropping to a few per week. Even though I know summer tends to be quieter, I always start wondering if we’ve finally invented everything…then I wake up to my RSS feed this morning and find two clever new services launching today:

Crowdsourced home values: Everyone who owns a home wonders how much it’s worth. But unless you have a real estate agent in the family (and even then, they are probably biased to the high side), it’s a time-consuming and not-so-exact science to get a professional appraisal. Enter Redfin’s “home price whisperer” service. Participants simply submit their house address and target price, and the company will have 250 others users give the valuation a thumbs up or thumbs down. While it won’t put realtors out of business, it’s a great way to get a quick handle on where you stand on what can be a key part of your financial security. (Another new startup, Trov, just landed $6.8 mil to help value less liquid assets).
Scam-protection geared to the elderly: Ever since Y-Combinator (YC) spawned a pair of billion-dollar companies during the Great Recession (AirBnB, Dropbox), I’ve been watching closely to see what its graduates will offer up to the financial services world. At FinovateSpring last May, we saw 2012 YC graduate LendUp (watch its Finovate demo here) wow the audience (and win Best of Show) with its service to lift consumers out of the payday lending cycle into less-expensive bank credit products. In a similar vein, 2013 YC graduate True Link Financial just announced a service to protect consumers, especially the elderly, from getting scammed by misleading or downright fraudulent charitable solicitations and other gray charges (it’s like BillGuard, but trying to block the questionable charges first, rather than dispute later). It’s basically a $20/yr prepaid card with customizable spending controls.

So, it looks like we have officially moved into the second half of the year and all the fintech excitement that will bring. I’d be remiss if I didn’t put in a plug for the upcoming FinovateFall, where we’ll have 72 demos (full list here) offering up a plethora of new ideas. The early-bird deadline is Aug 2. So register now and save.

Share this:

Send Post Twitter LinkedIn Facebook

New Online Banking Report Published: Finovate Quarterly

By Jim Bruene Posted on July 8, 2013
Categories: Online Banking Report, Security & Privacy

We’ve just published our latest report, Finovate Quarterly: Q2 2103. It focuses on the latest fintech developments, especially the innovations presented at FinovateSpring and the Best of Show winners.

We also look deeper at several recent industry developments including:

Bitcoin & Digital Currencies
The Authenticators (digital security)

The report contains a rundown of the quarterly highlights and milestones of Finovate alums and other fintech companies.

The Finovate Quarterly is complimentary for our Online Banking Report subscribers and is automatically delivered to them via mail. Anyone else can purchase here.

________________________________________________________

About the report
________________________________________________________

Finovate Quarterly (link)
Highlights of Q2 2013, including a look at the best new products from FinovateSpring

Author: Julie Schicktanz & David Penn, Finovate Group Research Analysts
Editor: Jim Bruene, Finovate Group Founder

Published: 30 June 2013

Length: 75 pages; 16,000 words

Cost: No extra charge to OBR subscribers, US$175 for others here
The printed version will be mailed to subscribers this week.

Share this:

Send Post Twitter LinkedIn Facebook

Mobile: Malauzai powers auto-login option at 90 community banks and credit unions

By Jim Bruene Posted on April 9, 2013
Categories: Mobile Banking, Security & Privacy

I keep running across Malauzai Software as I research mobile innovations. They have developed some of the cool stuff at City Bank of Texas (previous post) along with photo billpay at First Financial (previous post).

The software developer has also been pioneering mobile auto-login, a feature I’ve written about a number of times (see note 1). In fact, Malauzai has been offering a no-login option, called SmarText, for almost a year. In terms of installed clients, they are clearly the market leader.

With this optional feature, users that have enabled Auto Login are shown their balance and recent transactions as soon as the native app loads. No login required (see screenshots below). However, to do anything transactional, users must conduct a full username/password log in (see last screenshot).

Malauzai’s SmarText passed compliance/security scrutiny at its clients since the system is no less secure that text banking. The system takes the balance/transaction info that would normally arrive via text message and displays it within the native app.

City Bank of Texas was the first Malauzai client to adopt the technology in May 2012. Since then another 125 banks and credit unions signed up for the option, and 90 are live. Here are some stats across all the FIs:

107,000 registered users
145,000 downloads
15% of users are opting for Auto-login
Auto-login accounts for 20% of total logins
Best of class clients have a 25% opt-in rate

————-

When Auto Login option is selected (left), balance and recent transactions are be displayed immediately

However, full login required for transactions

—————————–

Note (Who’s on first?):

1. I get pretty excited when reporting new fintech bells and/or whistles. And I like to reward those pushing the envelope by anointing them first. But that can be risky. There can be a number of parties pushing it forward, making the claim of first murky at best.

That goes with the concept of no-login mobile balance lookup. Here’s a timeline of the various firsts in the United States for this technology:

April 2011 >>> First bank savings account: Southern Bancorp "Shake & Bank" youth savings account post
July 2012 >>> First PFM (with aggregated bank data): Mint Quickview (Mac only)
Feb 2013 >>> First major bank (checking): Bank of the West post (powered by Fiserv)
March 2013 >>> First card issuer: Barclayscard post

Then there are a couple other "firsts" that I missed at the time:

Jan 2013 >>> First bank (prepaid card): Green Dot’s GoBank
May 2012 >>> First bank (checking): City Bank of Texas (powered by Malauzai, see above)

OK, I think that sets the record straight. Thanks everyone for innovating past the pesky mobile login problem.

Share this:

Send Post Twitter LinkedIn Facebook

Mobile Monday: Bank of the West is First in USA with No-Login Pulldown Balance Lookup

By Jim Bruene Posted on April 1, 2013
Categories: Mobile Banking, Security & Privacy

Two years ago the above headline would have sounded suspiciously like an April Fool’s post. But it’s no joke, we really are seeing banks offering no-login options and I hope it spreads. The latest innovator: Bank of the West.

Last week, the bank’s mobile exec Matt Krogstad gave me a behind-the-scenes look at their new mobile banking service. In February, the bank replaced its previous mobile banking service with a new one powered by Fiserv (formerly M-com, see note 1). In the process, the bank added four important new features:

Mobile remote check deposit: A mobile requirement in 2013.
Bill payment: Another needed feature for users who prefer go mobile only, a number approaching 30% at first movers such as BofA and Chase
Single PIN login option: Users have the option of logging in with their full online banking credentials or selecting a six-digit PIN to replace both the username and password
No-login "pulldown" balance option: Swiping the Bank of the West logo down reveals the account balance of up to two accounts (see next section).

The bank also increased its mobile presence with Android and iPad versions.

The initial results are impressive. In less than two months, Bank of the West has had a 70% increase in active mobile users and a tripling of logins per day. And that was before the bank began pushing it last week (see website screenshots below).

Bank of the West pioneers no-login option in USA
Bank of the West is the first U.S. bank with a no-login mobile balance lookup option (see others who have it here). After it’s been enabled, users can simple pull down the logo at the top of the home screen. Within 1 to 3 seconds (depending on connection speeds), the balance from up to two accounts is revealed at the top of the page.

Requiring users to swipe before showing the balance provides a nice mix between privacy and usability. It is super simple to use, yet it leaves your balance "hidden" if your kids, or friends, pick up your phone.

Since, no-login lookup is basically the same as an SMS balance inquiry (something the bank already offered), the bank’s security folks were able to approve it. Naturally, it’s turned off by default. Users must enable it within mobile banking, something that about 5% of mobile users have done in the first month or so.

————————————

Bank of the West mobile users "pull" the logo down to reveal account balances (1 April 2013)

Bank of the West’s homepage has strong mobile branding (1 April 2013)
Note: Surprisingly few banks or credit unions have elevated mobile banking (or online banking for that matter), to the primary navigation

Bank of the West mobile banking landing page (link )

————————————–

Note:
1. Matt Krogstad was an early employee at M-com, which Fiserv acquired several years ago. He was involved in biz dev at Fiserv until his move to Bank of the West a year ago.

Share this:

Send Post Twitter LinkedIn Facebook

Mobile UX: Barclaycard Adds No-Login Transaction “Peek”

By Jim Bruene Posted on March 26, 2013
Categories: Barclays, Mobile Banking, Security & Privacy

One of my pet peeves is burdensome login procedures on smartphones. There is no rational reason to force cardholders to log in to see basic transaction data (unless they want to). We’ve covered it here, here, and here.

But this is the first time a major U.S. issuer has opened up mobile transactions. Barclaycard’s iPhone app update released today (v. 3.1.4267, see inset), contains the new Peek feature which:

….provides a quick-view of key
account details prior to login
(selected cardholders only)

It’s not discussed on the Barclaycard (U.S.) website, so I don’t have an action screenshot. And the “selected cardholders only” probably means its not available across all of its 35 different portfolios.

Bottom line: No-login transaction history is a good way to improve customer satisfaction, help move your card top of wallet, and possibly reduce costs from fewer password resets, fraud, and customer calls. I hope we see other major issuers follow suit soon.

Share this:

Send Post Twitter LinkedIn Facebook

BillGuard is First Financial Service to Integrate with the New iPhone Passbook Wallet

By Jim Bruene Posted on September 25, 2012
Categories: Credit/Debit Cards, Mobile Banking, Mobile Payments, Security & Privacy

Apple’s Passbook is a massive wildcard in the race for mobile payments, banking and rewards. Will the iPhone’s massive user base take to it like they did iTunes, or will it be one of those ideas that sounded good on the drawing board, but just doesn’t resonate with consumers?

No one knows if it will stick (although I got pretty carried away with the possibilities when it was announced in June), but given the potential upside, it seems a solid bet.

Starbucks is about to push its massive mobile base onto Passbook, a pretty strong endorsement. American Express has thrown in its support. No word yet from other financial players.

Except BillGuard, which gets to lay claim to being first. CEO Yaron Samid emailed yesterday announcing beta support for Passbook. The startup built a landing page for the new service at <passbook.billguard.com/> (see first screenshot) and is even testing some Google Adwords spending around the feature.

BillGuard users can now view each of their monitored credit cards within the Apple Passbook application. It’s a two-step process to get the cards added to the Passbook utility.

Users click on “Add to Passbook” at top of BillGuard’s normal online dashboard (see second screenshot)
BillGuard sends an email with a “pass” attached for each card. Users view the email on their iPhone, then click each attachment to add to the iPhone utility (see third screenshot)

Once added, user can view their current card balance and recent transactions from the Passbook card (see last screenshots).

Bottom line: It’s a great move for BillGuard, especially since it does not yet have a native mobile app. Now I can click on the Passbook icon and without logging in, quickly see the activity on all my registered cards, and whether there are any suspicious charges.

Banks could do something similar. Basically, creating a no-login card mini-app that aligns their brand with the iPhone 5. However, one area to consider is security. Anyone who got a hold of the email BillGuard sent me could start monitoring my card(s) through Passbook without my knowledge. For a bit more security, passes can be distributed directly through native apps and websites.

————————————–

BillGuard Passbook landing page (link, 25 Sep 2012)
Note: Example is a Chase card “protected by BillGuard”

Step 1: Click the “Add to Passbook” button on top of BillGuard’s main online dashboard

Step 2: BillGuard emails a “pass” for each card on file. Users open the email from their iPhone and click the attachment(s) to add each card to Passbook

Results: Each pass has its own “virtual card” in Passbook, with a “front” and “back”
Front includes current balance Back includes recent transactions

Note: The placeholder barcode displayed in the BillGuard pass is a customer referral form according to MyBankTracker. When Starbucks unveils its Passbook support next week, I’m sure the barcode will be usable to make a mobile payment at the Starbucks counter.

Share this:

Send Post Twitter LinkedIn Facebook

Launching: EFTGuard Provides $500k in Online Fraud Protection for Business Banking Customers

By Jim Bruene Posted on April 24, 2012
Categories: Deposits, Checking, Savings, CDs, Insurance, Launches, Security, Security & Privacy, Small Business

That was fast. Just two weeks after my latest appeal to the industry to provide small business owners with more security options, a new product launched today aims to do just that. And it’s packaged as a turn-key, fee-based service that could be sold by banks at a $10+ per month profit (MSRP is $25/mo).

That all sounds too good to be true. When I was first contacted by Greenway Solutions last week, I was more than a bit skeptical. But after speaking with CEO Jerry Tylman and Managing Consultant Jon Meyer, I was convinced they had something that as a business owner, I’d definitely buy.

The product, EFTGuard, is a joint venture between Greenway Solutions and Royal Group Services. They say it’s a “win-win-win” for banks:

Helps banks meet “UCC requirement for commercially reasonable security and their FFIEC requirement for customer education and awareness”
Provides peace of mind to bank clients
Protects both the bank and each client up to $500,000 in unauthorized online transfers
Helps differentiate checking and deposit offerings

____________________________________________

How it works
____________________________________________

EFTGuard provides protection against fraudulent online-account withdrawals of $100,000 per account (with no deductible), with a maximum of $500,000 per customer. And because it’s not true “insurance” (it just behaves like it), there is no underwriting hassle and the product can be purchased in just a few minutes via online form (demo here). There is, however, the usual list of coverage exclusions; for example, it doesn’t cover insider theft.

The catch? To qualify, business customers must download and install anti-malware software from Trusteer, Iron Key, or Webroot. And every computer accessing the business account must be running these protective software programs. For the time being, that appears to leave out any mobile access.

Initially, banks looking to offer EFTGuard will need to work with one of these three malware-protection vendors in order to qualify their clients for the fraud protection. Other than that, EFTGuard is turn-key and comes with marketing support, a co-branded signup page, and full claims management.

The $500,000 coverage is backed by Chartis Specialty Insurance Company.

__________________________________________

Bottom line
__________________________________________

Your business customers are rightly concerned about fraud. Offering them an option to protect themselves is a great way to differentiate your deposit offerings while preventing you from getting bogged down in messy litigation with your customers.

I still have questions about how often the list of exclusions will invalidate claims when actual fraud occurs. But the company assures me that the protections are very real.

Assuming EFTGuard delivers on its protection promise AND creates a small profit center, what’s not to like? I, for one, will be the first business owner in line to buy it.

——————-

EFTGuard homepage (24 April 2012)

———-

Note:
1. I believe insurance is one of the best growth areas in retail banking, especially in niche lines that can be explained and delivered online (see our December Online Banking Report for more about banks delivering insurance online).

Share this:

Send Post Twitter LinkedIn Facebook

Target Fee-Based Security & Control Packages to Small Business Owners

By Jim Bruene Posted on April 10, 2012
Categories: Security & Privacy, Small Business

A few days ago we published a new Online Banking Report: Delivering that Secure Feeling, arguing for the creation of fee-based subscription packages for those that need more security/privacy assurance than the typical consumer.

What we probably should have made clearer is that this is NOT a product strategy for the mass market. It’s geared toward high-end, wealthier customers and/or businesses that have a lot more to lose if their accounts are compromised.

The need for more security is especially acute for the small business owner, especially larger small businesses keeping five- and six-figure balances, sharing account access with accountants, bookkeepers, and partners, while making 100s of transactions per month.

In addition, business accounts generally operate without Federal consumer protections, so fraud losses may have to be absorbed by the business, unless they can prove negligence by financial institution. Litigating a major fraud loss is an ugly situation that should be avoided if at all possible.

That’s why it’s a win-win-win when a biz-banking client pays a fee for extra fraud protection:

Biz customers have fewer worries
Bank profits from the fee-based service
Fewer unreimbursed fraud losses save both parties time, money and potentially massive ill will

Take it from this small-biz owner. For 15+ years I have wished for more security/control and would be more than happy to pay for it, really! (see note 1). Every single day I dread opening the multiple email alerts from my biz bank afraid that one day I will join the the small but growing number of biz owners that have had their accounts looted (note 2).

Commercial customers have sophisticated tools at their disposal, but the smaller biz is often left using consumer-type controls. This is not how it should be.

———————–

Notes:
1. I’ve long said that I’d be willing to pay $500/mo for the perfect package of online business banking, payment, bookkeeping, and customer-management services. I stand by that statement (though I’d probably pay even more now that we have more international issues with the Finovate event). See our Online Bankin Report on micro and small businesses for more info.
2. Here’s one of the paradoxes of more communications, more “worry events.” In the past, I would have only dreaded opening my statement once per month. Now I have that little pit in my stomach several times each day. That doesn’t seem right.
3. Image licensed from Shutterstock.

Share this:

Send Post Twitter LinkedIn Facebook

New Online Banking Report Published: Delivering that Secure Feeling

By Jim Bruene Posted on April 5, 2012
Categories: Fee Income, Online Banking Report, Pricing, Security, Security & Privacy

OK, let’s think this through. Consumers have been concerned about the security of online banking for more than a decade. Technology tools are available to ease their anxiety. So, why aren’t these tools readily available?

The answer is that most security enhancements don’t pay their own way in terms of reduced fraud. Therefore, these “nice to have” features languish in the priority queue with little hope of getting implemented.

So do we just let customers continue to needlessly fret about the security of their financial accounts?

No, that just irritates already fed-up customers and invites more independent competitors to the table to provide the missing benefits (e.g., BillGuard, Credit Karma, Mint).

Instead, why not move to the win-win solution: Charge an optional subscription fee for extra “peace of mind,” but only to customers who want it. Or offer the value-adds free of charge for customers who help you lower costs by using self-service channels and foregoing printed statements.

But wait. Aren’t fees dead after the BofA debacle a few months ago?

While that was a very real customer backlash, optional fees are still possible. Just keep these rules in mind:

Fees for extra security should NEVER be mandatory; instead, offer a “security bundle” that goes above and beyond the normal state of the art
Do not charge a fee for any security feature you already offer free of charge (the big problem with the ill-fated debit card monthly fee)
Do not charge for a security feature that is typically delivered free of charge by others in the industry
It’s better to bundle a group of extra security features into a relative low-priced subscription bundle

In our new 48-page report we cover:

12 design elements to make your website feel more secure
7 potential positive elements for your business case
5 talking points for staff education before implementing a subscription fee
37 potential security enhancements to bundle into an “extra security” subscription offering
72 additional security features to consider
5 customer segments to target with a fee-based package account
Overview of three promising security services:
— Anti-virus for transactions from BillGuard
— Self-service suspicious activity reporting from Bank of America
— Virtual safe deposit from Northwest FCU, powered by DigitalMailer

__________________________________________________________________

About the report
__________________________________________________________________

Delivering that Secure Feeling (link)
Help consumers reduce perceived risks (for a price)

Author: Jim Bruene, Editor & Founder

Published: 4 April 2012

Length: 48 pages, 8 tables, 12,000 words

Cost: No extra charge to OBR subscribers, US$395 for others here

__________________________________________________________________

Sample screenshot

: Barclays (UK) offers online banking customers free anti-virus software from Kaspersky

Share this:

Send Post Twitter LinkedIn Facebook

Commonwealth Bank’s Kaching App Has No-Login Option, Simple Balance

By Jim Bruene Posted on March 15, 2012
Categories: Best of the Web, Mobile Banking, Security & Privacy

There are two problems with the current state of online/mobile login:

It’s too hard for customers to log in to their own accounts, especially using mobile keyboards
Yet, it’s too easy for crooks to log in to other people’s accounts

Since the dawn of online banking, the industry has struggled to balance user experience with security. And tiny mobile keyboards make the login experience even more frustrating.

But it doesn’t have to be that way.

A number of banks are using 4-digit passcodes making mobile login a breeze. But Commonwealth Bank (Australia) has gone one step further, with no-login pulldown access to account balances in its new Kaching (ka-ching) mobile app (note 2).
(Update 16 Mar: New Zealand’s Westpac also has a no-login mobile option called Cash Tank).

obr_bestofweb Commonwealth calls the no-login option Simple Balance. With a quick swipe users pull down a read-only account balance (see screenshot below). The no-login option must be enabled within the app before the first use. See it in action here (at the 29-second and 54-second marks).

We are awarding Simple Balance our second OBR Best of the Web award for the year (note 3). While it may not be as novel as City Bank’s debit card on/off switch, it’s likely to be used 100x more.

Bottom line: Requiring full username and password to see your account balance is antiquated, or at least it’s rapidly headed that way. The four-digit PIN is a good first step. But ultimately, it needs to get even easier than that for low-risk activities (note 4).

—————————————–

A single swipe on the top of the Kaching app allows users to download their account balance (click to enlarge, see note 2)

———————————-

Notes:
1. Many thanks to Australian reader Saif Hazarika, Innovation Manager at Australia Post, for clueing us in on the Kaching feature and creating the illustration above.
2. The Financial Brand published a good overview of Kaching several weeks ago.
3. Since 1997, our Online Banking Report has periodically given OBR Best of the Web awards to companies that pioneer new online or mobile banking features. It is not an endorsement of the company or product, just recognition for what we believe is an important industry development. If anyone knows of other financial institutions offering a similar feature, let us know and we’ll update the post. Commonwealth Bank is is the 85th company to win the award and the second in 2012. Recent winners are profiled in the Netbanker archives.
4. USAA’s “stay logged in” option is another promising approach, though not quite as user friendly as the Kaching swipe.
5. The Kaching app (inset, click to enlarge) includes integration to the user’s Facebook friends to facilitate P2P payments. A cool feature that I will add to the 50 or so discussed in last month’s Banking on Facebook report (OBR subscription).

Share this:

Send Post Twitter LinkedIn Facebook