Online banking
October 13, 2006 8:38 PM Subscribe
I've had it with NetBank. What online banking system would you recommend?
I've been putting up with this company's limitations for a few years. But now they have added a new security system, under which the user has to choose one of about 15 dumbass questions (Who is your favorite musician? Who is your favorite actor?) and enter the answer. They demanded five questions and five answers, with no opt-out allowed. Then they will periodically serve up one of these questions and expect me to remember the answer, precisely as I entered it. (I'm sure that they wouldn't accept "clapton" if I had entered "eric clapton" when I started.)
This is, in a word, stupid, and I don't have the patience for this shit. So I want to find a more reasonably accessible provider. Which alternative would you recommend?
I've been putting up with this company's limitations for a few years. But now they have added a new security system, under which the user has to choose one of about 15 dumbass questions (Who is your favorite musician? Who is your favorite actor?) and enter the answer. They demanded five questions and five answers, with no opt-out allowed. Then they will periodically serve up one of these questions and expect me to remember the answer, precisely as I entered it. (I'm sure that they wouldn't accept "clapton" if I had entered "eric clapton" when I started.)
This is, in a word, stupid, and I don't have the patience for this shit. So I want to find a more reasonably accessible provider. Which alternative would you recommend?
You don't have to give themn an answer that is logical. Give them the same answer to whatever question they asked. Use "EC is God" for every answer and then you don't have to remember much of anything.
Otherwise, I would use your local bank's online system.
posted by JohnnyGunn at 9:37 PM on October 13, 2006
Otherwise, I would use your local bank's online system.
posted by JohnnyGunn at 9:37 PM on October 13, 2006
Virtualbank has been superb to me, and none of the goofy nonsense you've been putting up with.
posted by mcstayinskool at 9:48 PM on October 13, 2006
posted by mcstayinskool at 9:48 PM on October 13, 2006
I love the sites that differentiate 'Clapton' from 'clapton' personally.
Why not find a local bank that offers online banking, or BOA, ING, etc? Not just a name and a cubicle farm in idaho.
posted by SirStan at 10:06 PM on October 13, 2006
Why not find a local bank that offers online banking, or BOA, ING, etc? Not just a name and a cubicle farm in idaho.
posted by SirStan at 10:06 PM on October 13, 2006
I use Bank of America online for checking and bill-pay (both free with auto deposit). And ING for short term savings.
posted by LadyBonita at 10:43 PM on October 13, 2006
posted by LadyBonita at 10:43 PM on October 13, 2006
I've been very happy with Citizen's Bank. Branch offices all around so you can easily get cold, hard cash when you need it.
posted by ifranzen at 12:15 AM on October 14, 2006
posted by ifranzen at 12:15 AM on October 14, 2006
Best answer: Essentially every bank will be making tweaks to its login scheme, if they haven't already, given a federal mandate on Multi-Factor Authentication (specifically, this document from the FFIEC). Basically, a login and password will not be sufficient.
Lots of banks are going with the PassMark solution, which I think Bank of America went with early on, which involves (1.) additional challenge questions like those you cite that are presented if (2.) real-time risk analysis shows higher probability of fraud -- perhaps a new or foreign IP address or a large transaction, and/or (3.) mutual authentication via verifying an icon or image you'd preselected -- if you don't see the puppy you picked earlier, you're not looking at your bank's Internet Banking site (to prevent man-in-the-middle attacks).
Other solutions include one-time password tokens (those RSA gadgets with changing numbers), "bingo cards" (you're presented with coordinates on a printed table and asked to enter what's in row three, column two), out-of-band authentication (replying to a text message on your cell phone or a voice-response system)... all kinds of stuff.
Basically, logging into an Internet Banking system will get a little more complicated for everyone... eventually. The deadline is actually year-end 2006, and financial institutions are scrambling.
I manage the Internet Banking system for a very, very small community bank, and this is probably one of the biggest projects on my plate right now.
posted by pzarquon at 12:24 AM on October 14, 2006
Lots of banks are going with the PassMark solution, which I think Bank of America went with early on, which involves (1.) additional challenge questions like those you cite that are presented if (2.) real-time risk analysis shows higher probability of fraud -- perhaps a new or foreign IP address or a large transaction, and/or (3.) mutual authentication via verifying an icon or image you'd preselected -- if you don't see the puppy you picked earlier, you're not looking at your bank's Internet Banking site (to prevent man-in-the-middle attacks).
Other solutions include one-time password tokens (those RSA gadgets with changing numbers), "bingo cards" (you're presented with coordinates on a printed table and asked to enter what's in row three, column two), out-of-band authentication (replying to a text message on your cell phone or a voice-response system)... all kinds of stuff.
Basically, logging into an Internet Banking system will get a little more complicated for everyone... eventually. The deadline is actually year-end 2006, and financial institutions are scrambling.
I manage the Internet Banking system for a very, very small community bank, and this is probably one of the biggest projects on my plate right now.
posted by pzarquon at 12:24 AM on October 14, 2006
Response by poster: I do have to say that my biggest beef was not that I was asked to set up a series of Qs and As, but rather that I was held hostage and required to input the Qs and As before I was allowed to get access to my account. I would have preferred a message saying that they will need me to set up the Qs and As sometime in the next two weeks.
posted by megatherium at 8:07 AM on October 14, 2006
posted by megatherium at 8:07 AM on October 14, 2006
I noticed the same thing with NetBank, otherwise I've been extremely happy with them.
posted by JamesMessick at 8:37 AM on October 14, 2006
posted by JamesMessick at 8:37 AM on October 14, 2006
It's security, and yeah, it sucks. I did get a message at some point when I logged in that gave me a warning - I think there is also a link on the log in page that will give you "more information" about the process. Maybe you missed the message? I can't remember if it was an email or a pop-up that I got. I'm surprised I haven't been asked to do it yet, actually.
posted by Medieval Maven at 8:47 AM on October 14, 2006
posted by Medieval Maven at 8:47 AM on October 14, 2006
ING has already gone to multi-factor, and I can confirm that if you put "Columbus"(for example) as an answer to a street address question, the system won't accept "Columbus St.", but it will accept "columbus". I ran into this problem recently.
During the switchover, they reminded me frequently that it was coming and then reminded me to set it up, but didn't force it.
posted by Mr. Gunn at 11:51 AM on October 14, 2006
During the switchover, they reminded me frequently that it was coming and then reminded me to set it up, but didn't force it.
posted by Mr. Gunn at 11:51 AM on October 14, 2006
A year or so ago, I tried to set up an account with Netbank on the advice of people on AskMefi, and it was infuriating. Fuck Netbank and their anti-customer security.
I would think I had everything set up and they sent me deposit envelopes so I could fill the account. Every time I tried to send them checks, they would send them back with a notice to fill out yet another form, get it notarized, and finish the setup process. That happened three times over as many months, with new retarded reasons why it didn't work each time. Eventually I gave up and walked into a Bank of America.
posted by blasdelf at 11:26 PM on October 14, 2006
I would think I had everything set up and they sent me deposit envelopes so I could fill the account. Every time I tried to send them checks, they would send them back with a notice to fill out yet another form, get it notarized, and finish the setup process. That happened three times over as many months, with new retarded reasons why it didn't work each time. Eventually I gave up and walked into a Bank of America.
posted by blasdelf at 11:26 PM on October 14, 2006
USAA is fantastic (and you don't have to have a military connection to bank with them). They have great customer service and a good online interface; they also refund other banks' ATM fees every month, among other lovely little perks. Or you could find a local credit union that has an online presence.
posted by paleography at 10:25 AM on October 15, 2006
posted by paleography at 10:25 AM on October 15, 2006
My worst such experience has been with Lloyds Off-shore. It becomes nearly impossible to deal with, and they lock you out after 3 bad attempts (and getting unlocked requires personal appearence at a branch, with passport/ID).
Best experience is my current one, with one of those number-generator fobs.
From what I've read, good security should include picking characters from a drop-down, to block key-loggers.
posted by Goofyy at 12:18 AM on October 16, 2006
Best experience is my current one, with one of those number-generator fobs.
From what I've read, good security should include picking characters from a drop-down, to block key-loggers.
posted by Goofyy at 12:18 AM on October 16, 2006
Seconds on USAA! Real people answer the phone! And they send you little envelopes in the mail so you can go to the UPS Store and deposit your checks and they show up in your account THE NEXT DAY!
I want to marry this bank.
posted by catesbie at 12:41 PM on October 17, 2006
I want to marry this bank.
posted by catesbie at 12:41 PM on October 17, 2006
USAA may be great, but they don't offer the 4.5% APY account like ING et al.
posted by Mr. Gunn at 2:30 PM on October 17, 2006
posted by Mr. Gunn at 2:30 PM on October 17, 2006
From what I've read, good security should include picking characters from a drop-down, to block key-loggers.
Not anymore, they're writing screen loggers.
posted by MikeKD at 3:21 PM on October 17, 2006
Not anymore, they're writing screen loggers.
posted by MikeKD at 3:21 PM on October 17, 2006
This thread is closed to new comments.
posted by raf at 9:04 PM on October 13, 2006