Having experience of banking systems outside the U.K. I am surprised at the way banks here still work. Some will comment on the outdated nature of cheques, although I think they have their uses, but what concerns me more is lack of control and security. Whilst other industries are innovating, banks are very slow to make changes. Whilst this is to a degree understandable on the basis that traditionally such industries are “stable” and cannot risk extensive problems, many of these issues are quite important. It should be noted that these may not apply to coporate customers of banks however consumers and small businesses are certainly being let down.

Innovation

Many small businesses process tranasactions manually or in some cases with limited support from accounting packages to ‘import’ data from online banking interfaces. Although banks are nowadays offering text messages you can request for different transaction types, I have yet to find a bank that has designed an open XML interface for customers to integrate into their own systems. This probably due to the fear of security breaches within customer systems. They should also allow customers to pre-define notifications of particular events to be sent by encrypted e-mail. We shouldn’t have to login to a bank’s website to communicate with them, especially on matters which are not sensitive or confidential. Credit Card payment processors such as Worldpay have been based on providing the ability to integrate into existing business systems from the beginning to process transactions. Having a quick and easy way for a company to request recent transaction information from the bank could dramatically reduce the administrative burden of bookkeeping for smaller businesses.

Recurring Payments

There are three key methods of making recurring payments automatically: Credit Card Continuous Authority, Standing Order and Direct Debit. Continuous Authority on Credit Cards seems to be a significant problem as it’s not always easy to cancel this other than by getting a new card issued with a new number, a major inconvenience to anyone who has provided companies with their credit card details to hold on file for this purpose as each one needs to be notified of the new details.

Standing Orders give you full control over the process as the amount is fixed, but this is also the problem as is makes it unsuitable as a method of paying any bills which vary in amount. Direct Debits cover this by allowing the supplier to vary the amount once an authority has been established, whilst giving consumers the protection of getting a transaction reversed immediately without question by their bank. This is an important safeguard.

The problem with Direct Debits is that whilst my bank may well refund me immediately if I report a problem, by the time I realise such an error has taken place, other transactions could possibly have bounced for lack of funds. It is clearly documented that billing mistakes happen and no matter how much reserve you can keep in an account, this problem remains.

The solution? Direct Debit Transaction Pre-Notification. Anyone who has worked in larger commercial buildings will be aware of fire alarm systems with the notion of a ‘pre-alarm’ which allows on-site staff to investigate any fire alarm incidents within a specified time period of a minute or two and if it is found to be a false alarm, it is possible to cancel the call prior to the fire brigade being requested to attend. The same system would work well with Direct Debits allowing users for example two working days to issue a ’stop’ on a requested payment. Some credit card companies are starting to implement something similar to this by calling or sending a text message when a card is being used under certain conditions.
An even simpler solution that would be easy to implement would be the concept of setting variables within Direct Debit mandates limiting the amounts that can be debited from an account. If your average monthly mobile bill is £40, then setting the mobile phone company’s authority to a maximum of £120 would significantly reduce the risk of any over-debiting to have negative effects on other payments. The exact figures of course will depend on everyone’s individual circumstances. Companies would need to bear these limits in mind when considering credit limits, etc. but as long as they are known by all the parties, it would be a significant improvement to the current system. If such schemes also enabled more smaller companies to use Direct Debits, I would be inclined to switch to using Direct Debits.

Invoice Payment Standard

Many companies now send invoices out electronically, and there are are various payment methods offered. It would be very useful to be able to have a standard template which is used to describe a transaction and the payment required such that those involved in paying many invoices (in businesses) can simply click “pay bill” and the bank is sent the instructions provided in the electronic document. There are electronic billing standards already, used more widely within specific professions but these are not in widescale and general use.

Authentication & Security

I am sometimes astounded by the lack of security options offered by banks for online banking customers. The practise of phishing is so prevalent and the security awareness of the average user to social engineering techniques is very weak.

The first issue is the use of passwords for authentication. This is a major security loophole. Corporate customers of banks and some share dealing systems use one-time password tokens such as SecurID for security, whilst other banks are using smartcard authentication, although this has been targetted at medium/large businesses only thus far. Barclays have announced recently they will be rolling this out to all customers which is welcome. One-time passwords do not in themselves stop fraud, although they make detection slightly easier as the window for fraud is reduced. We shall have to see if the widescale implementation of smart-card authentication is an improvement in security for users or a digital signature banks will rely on to refuse to take responsibility for fraud. Implementation is key here.

The banking industry has far to progress to catch up on the flow of information that is resulting in new ways of working.

This entry was posted on Friday, September 1st, 2006 at 9:31 am and is filed under general.blog, security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.