Over time, and helped by the fact that in our household, day-to-day finances are handled by my wife, I no longer have any contact with the traditional banks: weeks or months can go by without having to set foot in my bank or even use its web site or app. If I need money, I use Revolut, easily transferring funds from my bank account. If I want to see how my investments are doing, I use Indexa, which has given me better returns than the traditional banks. I pretty much pay for everything with Apple Pay and carry very little cash, so I don’t even use ATMs much.
As a result, I am amazed when I am obliged to deal with a traditional bank. A few days ago, I had to use my bank’s website. Access wasn’t a problem because I had all the details in LastPass, because both the username and password had been assigned to me automatically and couldn’t be changed. But the problems soon: besides having to orient myself on a page designed in the last century, I found that, in order to make a simple transfer, my bank asked me, after the username and password of access, a very simple numerical additional key that they call “signature key”, a two-digit number that had to be extracted from a coordinate on a plastic card and typed on an unordered virtual keyboard on the screen, along with a five-digit number I had to send via SMS.
What kind of paranoia is this? It turns out these types of cumbersome multi-key systems are normal practice, at least in Spain. Does anybody really believe it’s normal to require not one, but up to four operations followed by a non-intuitive user name and two passwords the client must supposedly remember, together with a coordinate card, an uncomfortably messy virtual keyboard and another password sent by SMS, all taking up to five minutes? Next up my bank will be asking me to do all this while jumping on one leg and balancing a ball on my nose. In all seriousness, where’s the logic in this? Such approaches reflect a paranoia about the internet, as though it were a dangerous place with hackers hiding behind every tree.
Have you ever moved money around using TransferWise, changed money or paid with Revolut or sent money to a friend or settled a dinner bill with Venmo? Probably, the only product the Spanish banking has come up with that works is Bizum. The rest, from what I see, reflect a paranoia and desire to make life difficult for customers rather than improving security and to protect banks’ profitability. When security reaches the point of absurdity, we all lose.
Do you want to check if your bank has minimally modern procedures? Ask for a credit card with only your name and first surname (you’ll thank me when you travel to the United States and some other countries). If you ask for this card directly from MasterCard, Visa or American Express, no problem. But if you ask most Spanish banks, they will insist this is impossible, and will put your full name, with your middle name if you have one, even if you never use it, and both surnames, which if they are long, will be cut at the end. In other words, a piece of plastic that, when you use it in a store, no one will bother to check anyway.
An article in Forbes, “Fintech is putting the bank of mom and dad out of business”, makes it perfectly clear why young people prefer non-traditional banks, and how, although they are still relatively niche, neobanks are beating traditional banking in terms of dynamism, common sense, usability and attractiveness. For a traditional bank, the challenge of creating products for young users is huge, because they still seem to think about when things were done over the counter with a cashier who looked you in the face, asked you to show your ID and sign some paperwork. The internet is seen with a mixture of threat and reverential terror, a place populated by crooks and that can only be managed by imposing every kind of measure possible. Wouldn’t it be easier for banks to offer insurance to cover possible eventualities rather than making their clients’ lives a misery?
In short, can we use a little common sense when designing security systems for transactions that don’t make us feel we’re undertaking the Labors of Hercules while heading into the bowels of Fort Knox backwards on one leg just to make a damn transfer?
(En español, aquí)