December 14, 2010

First, it's time to get philosophical. Did the banking industry fall apart just because John Dillinger, Pretty Boy Floyd, Machine Gun Kelly, Willie Sutton, Bonnie and Clyde, and Baby Face Nelson were robbing banks in the thirties? Answer: No. Are bank robberies still a crime du jour? Answer: Yes. Did banks fail during the recent banking crunch? Answer: Yes, 316 in the past three years. Conclusion: I don't believe online interceptors will be the biggest threat in the banking industry, but they certainly cannot be ignored. I do believe that wildcat lending and ego-influenced acquisitions, as demonstrated by the events of the past three years, pose a far greater threat. Since I know nothing about lending to deadbeats and acquiring sick banks, I'll pontificate on the threats facing online banking.

Here's my take on what we can do to protect our own interests regarding our dependency on the internet, and if this sounds like a guy who doesn't trust the institutional protectors, you're starting off with your first right answer. Your own actions as a business and/or consumer will be your best protection against internet abuse.

Leaks -- If you tell, then consider it public. Computer-based privacy disappeared in 1980 when the personal computer was born. Up until that time, getting anything out of a mainframe, centrally-located, enterprise computer was like the roach motel ad, "data check in but they don't check out." The internet continues to destroy any idea of privacy. Add to that the growing feeling that you're nobody unless people know your junk, and you've got a huge natural case of info exposure labeled, "Just look at me now." If the secure agencies of the federal government and the defense department can't protect their information assets, how likely is it that banks will? Score one big threat for online banking.

Freaks -- There was an expression going around a few years back that seemed to explain questionable behavior. "Why do some people climb a mountain?" The answer, "Because it's there." The same kind of thing occurs with many hackers who break into systems just so they can say they did it. The days of innocence ended during the fifties. Now the information intruders could be our next door neighbors, or guys with a laptop in a country whose name we can't even pronounce. We know which government agencies are working to mitigate the operations of al-Qaeda, the Taliban, and nuclear arsenal builders. They appear on our TV screens every night. But which government agency is tracking the transparent weirdo who should be in Bellevue but is holed up in a 42nd Street flop house planning a bomb attack at a pizza joint, or planting a worm at www.anyone'sbank.com? Precautions such as aggressive pat downs at airports, for some reason, don't make me feel any safer after I fasten my seat belt. Likewise, firewalls, two passwords, "secure" sites, and mother's maiden name remind me of the three-dollar padlock I used to lock my bike the last time it was stolen.

Sneaks -- Do you trust your bank? In most cases the answer is yes. Do you trust every employee at every bank? Never. Banks have all the right stuff to take you to the cleaners. You couldn't get a loan or deposit account if you didn't disclose. So what makes you so comfortable that the ever popular advice of not disclosing SSN, account numbers and passwords to strangers on the phone is any kind of protection? An employee at your bank could be that "stranger" who just received her pink slip. When Security Pacific Bank lost $11 million because of fraudulent wire transfers, the perpetrator was a consultant with the Federal Reserve who had access to everything he needed, because he was a "trusted resource." When a mid-size bank in New Orleans lost over $700k from customer withdrawals from a CD account, the bookkeepers said, "Oh, don't pay no mind to them reports. The CD system is in beta test." It wasn't beta, or alpha or gamma; it was real. And the customer thought it was a Mardi Gras gift after multiple withdrawals and no objections from the bank. Even customers can't be trusted.

Tweaks -- Beware of new software releases that are designed to improve "old" systems. For reasons that go back to Day One in the business of software development (think 1958), new releases of software are like a double edge sword. They deliver lots of changes to nearly-satisfied users, but also many changes that destroy previously enjoyed warm and fuzzy good stuff. In other words, users complain about a paltry net gain at the cost of nice things they got accustomed to using. I'm sure that the 28 core system vendors in Automation in Banking - 2010 will accuse me of heresy when I say, "Ease up on change, deliver optimization, but GUARANTEE RELIABILITY." Too much tweaking of online banking systems will have a deleterious effect on consumers, especially those who were reluctant to give up their visits to the branch. Familiarity is one of the strongest attributes of online banking that can secure a consumer for life. Constant change is a destroyer.

Geeks -- By my count as an attendee at internet birthday parties, the internet is 19 years old as a commercially viable service. It is 16 years old as a banking tool. That should have been enough time for the designers and the coders to hug and make up. They haven't. To prove my point with just one tiny recent experience, I'll use the bank that gets more kudos for their Web-based systems than any other bank -- Wells Fargo. I use WF as a merchant, not a consumer. To get my transactions and statement on line I was referred to a website. I entered everything carefully, correctly, and in the spirit of the season, checking it twice. After several pages, I was delighted to see the "submit" button which I clicked and then experienced cyber-orbit, no error message, just orbit. After calling customer service, I was informed I was not using the approved browser, Explorer. Duh, shouldn't that have been declared at the beginning of the process?

We're not out of the woods yet folks, when it comes to protection in the use of online anything. The rush to market got us there only three years after the internet was born. The reach for optimization is still a work in progress, and during that progress, we should exercise a lot more judgment than the use of a "three-dollar padlock."

ABOUT THE AUTHOR