No this isn’t a rant about service providers, or UK ones anyway. Imagining life without broadband these days is very difficult as most airports, hotels and cities have widespread wireless access points and the few instances they don’t work my 3G card is not far away, at least until I travel further away. I’m sitting writing this on the end of a GPRS connection that took a long time to get sorted, but let’s start from the beginning.

Arriving at Jyväskylä Airport on Wednesday afternoon I logged into the wireless at 8 euros for an hour’s surfing to catch up on my e-mail knowing that after this I would incur a £10/MB fee for international data roaming, a ridiculous charge which makes Internet use more expensive than a premium rate phone line. I have never seen an airport so deserted but when my flight landed and took off with a new load of passengers, the entire hall was empty and I had to wait at the cafe till to pay for my drink and sandwich. Apparently this wasn’t very unusual which doesn’t surprise me.

Jyväskylä Airport – Deserted

The following day I pop into a shop to buy a pre-pay SIM card. When I tried this just over a year ago there was no data/GPRS service on pre-pay cards but this time the pricing is printed on the back of the pack at 1.50 euros/MB which is more in line with the not-so-bulk packages available in the UK. I spent the best part of two hours trying to configure it both on my phone and using my data card. On my phone I needed to send a text message “GPRS TILAA” to a short code number to activate GPRS services on the card but I wasn’t able to send any SMS messages. In the end I found that this was related to the configuration options on the phone relating to using GPRS to send the SMS messages in the first place rather than a GSM link. The DNA (the phone company) helpline was friendly but didn’t really help me fix this problem so I was left to my own resources. The error messages given out are just about useless in diagnosing the problem.

I also tried to get the SIM working on my Vodafone 3G Broadband Data card, but it wouldn’t even show me the network list. After spending a long time on this, I called Vodafone customer services back in the UK and I was informed by a helpful chap that the card was network locked and couldn’t be unlocked. I then had to use Bluetooth to my Nokia 9300. I finally managed to get the instructions on how to configure GPRS Internet access on my laptop from a 1MB PDF file which I had to download on my 9300.. and then I was online.. for about an hour at which point my 10 euros of call credit ran out and the connection began disconnecitng intermittently.. When on GPRS – do not browse normal websites.. you’ll eat up funds double quick time.

Finally today I recharged the pre-pay SIM (conveniently done electronically at a shop just by handing them a credit card and the phone number) with 100 euros which should cover me for quite some time.. as long as I make sure to avoid browsing the web like I am used to doing on my 3G card in the UK.

Fortunately as of tomorrow I will have broadband or wireless of some sort (I hope) so I don’t have to count the bytes

I’ve written about bank security before (see Innovation in banking) with concerns over password authentication generally in banking transactions. This evening, I received a phone call from the fraud departments of one of the financial institutions I have a credit card with wanting to discuss my account. I immediately asked for their details and called back on a known number and was put through to the person in question.

At the end of the call this individual advised me that I could always identify them as a legitimate caller by having them provide me with some personal information about me. Although they have called me on a known number they have listed for me, if for example I had my wallet and mobile phone stolen, then calling me on my mobile phone would alert thieves that the bank fraud department was onto them.

Although banks are getting a lot better (certainly with respect to having no objection to a request for a customer to call them back), some more thought needs to be put into this process in the world where identity theft is becoming increasingly common.

Having experience of banking systems outside the U.K. I am surprised at the way banks here still work. Some will comment on the outdated nature of cheques, although I think they have their uses, but what concerns me more is lack of control and security. Whilst other industries are innovating, banks are very slow to make changes. Whilst this is to a degree understandable on the basis that traditionally such industries are “stable” and cannot risk extensive problems, many of these issues are quite important. It should be noted that these may not apply to coporate customers of banks however consumers and small businesses are certainly being let down.

Innovation

Many small businesses process tranasactions manually or in some cases with limited support from accounting packages to ‘import’ data from online banking interfaces. Although banks are nowadays offering text messages you can request for different transaction types, I have yet to find a bank that has designed an open XML interface for customers to integrate into their own systems. This probably due to the fear of security breaches within customer systems. They should also allow customers to pre-define notifications of particular events to be sent by encrypted e-mail. We shouldn’t have to login to a bank’s website to communicate with them, especially on matters which are not sensitive or confidential. Credit Card payment processors such as Worldpay have been based on providing the ability to integrate into existing business systems from the beginning to process transactions. Having a quick and easy way for a company to request recent transaction information from the bank could dramatically reduce the administrative burden of bookkeeping for smaller businesses.

Recurring Payments

There are three key methods of making recurring payments automatically: Credit Card Continuous Authority, Standing Order and Direct Debit. Continuous Authority on Credit Cards seems to be a significant problem as it’s not always easy to cancel this other than by getting a new card issued with a new number, a major inconvenience to anyone who has provided companies with their credit card details to hold on file for this purpose as each one needs to be notified of the new details.

Standing Orders give you full control over the process as the amount is fixed, but this is also the problem as is makes it unsuitable as a method of paying any bills which vary in amount. Direct Debits cover this by allowing the supplier to vary the amount once an authority has been established, whilst giving consumers the protection of getting a transaction reversed immediately without question by their bank. This is an important safeguard.

The problem with Direct Debits is that whilst my bank may well refund me immediately if I report a problem, by the time I realise such an error has taken place, other transactions could possibly have bounced for lack of funds. It is clearly documented that billing mistakes happen and no matter how much reserve you can keep in an account, this problem remains.

The solution? Direct Debit Transaction Pre-Notification. Anyone who has worked in larger commercial buildings will be aware of fire alarm systems with the notion of a ‘pre-alarm’ which allows on-site staff to investigate any fire alarm incidents within a specified time period of a minute or two and if it is found to be a false alarm, it is possible to cancel the call prior to the fire brigade being requested to attend. The same system would work well with Direct Debits allowing users for example two working days to issue a ‘stop’ on a requested payment. Some credit card companies are starting to implement something similar to this by calling or sending a text message when a card is being used under certain conditions.
An even simpler solution that would be easy to implement would be the concept of setting variables within Direct Debit mandates limiting the amounts that can be debited from an account. If your average monthly mobile bill is £40, then setting the mobile phone company’s authority to a maximum of £120 would significantly reduce the risk of any over-debiting to have negative effects on other payments. The exact figures of course will depend on everyone’s individual circumstances. Companies would need to bear these limits in mind when considering credit limits, etc. but as long as they are known by all the parties, it would be a significant improvement to the current system. If such schemes also enabled more smaller companies to use Direct Debits, I would be inclined to switch to using Direct Debits.

Invoice Payment Standard

Many companies now send invoices out electronically, and there are are various payment methods offered. It would be very useful to be able to have a standard template which is used to describe a transaction and the payment required such that those involved in paying many invoices (in businesses) can simply click “pay bill” and the bank is sent the instructions provided in the electronic document. There are electronic billing standards already, used more widely within specific professions but these are not in widescale and general use.

Authentication & Security

I am sometimes astounded by the lack of security options offered by banks for online banking customers. The practise of phishing is so prevalent and the security awareness of the average user to social engineering techniques is very weak.

The first issue is the use of passwords for authentication. This is a major security loophole. Corporate customers of banks and some share dealing systems use one-time password tokens such as SecurID for security, whilst other banks are using smartcard authentication, although this has been targetted at medium/large businesses only thus far. Barclays have announced recently they will be rolling this out to all customers which is welcome. One-time passwords do not in themselves stop fraud, although they make detection slightly easier as the window for fraud is reduced. We shall have to see if the widescale implementation of smart-card authentication is an improvement in security for users or a digital signature banks will rely on to refuse to take responsibility for fraud. Implementation is key here.

The banking industry has far to progress to catch up on the flow of information that is resulting in new ways of working.

Welcome to my new blog.

As you will probably know, I’ve written articles on ADSLguide for many years but for some time I have wanted to write about other non-broadband related matters which haven’t really been appropriate for AG. Despite the fact setting up a persona blog has been on my to-do list for a long time, it’s taken me quite a while to get it going.

I do need to integrate this into the style of my personal site, but hopefully this won’t take too long.

seb