I spent a couple hours trying to access my bank accounts. You can imagine how I felt after! And since I have a blog, it’s time for constructive criticism that maybe will help somebody improve.
Online banking is frustrating and inconveniently conceived. The home site is crammed with ads and rarely helps you get the information you need.
Sites are focused on selling, not on user experience
Banks assume you’re already a customer and need to use their online banking site, no matter how bad it is. It’s much better than a trip to your local branch, right? There’s no incentive to improve the core features, so instead they try to sell you more of their products.
Take a look at Citibank’s home page, for instance. There are 40 clickable targets on it, and to log in I need to select an option in a 9-item dropdown.
After selecting “Bank Accounts” I’m redirected to another page (adding some seconds to the login process) and I’m asked this:
What is “user id” supposed to mean? Is it my client number? A username? My email? Where can I find it?
Following the “forgot user id” link I’m asked for my credit card number, then for my PIN and account number. Now mine is probably a common case, but I’m trying to log in so find out what my account number is! So the only alternative is taking the phone. Now I’m wasting my time and your customer service person’s time.
Offer an email login option along with other options
Logging in shouldn’t be such a quest! If somebody is using online banking, chances are they have an email. Why not use that? How about an email password retrieval?
I’d propose a simple username/password login form, which is smart enough to recognize email, username, user id or even credit card numbers as your password. This covers every single case, and will save the bank thousands of hours in support calls.
Is that insecure? Well, you can take out money from an ATM with a 4-digit pin code. That’s less secure, and it remains a pretty solid mechanism. If security is really an issue, you could offer users to choose only one allowed authentication method when they log in for the first time.
Password policies are an illusion of security
Some banks will force brainless password policies, like “exactly 8 numbers, non consecutive and no repeated numbers together, changing the passcode every 3 months”. Another one I use asks you to combine lowercase, uppercase, numbers and other characters in a 8-10 character password that (again) you need to change periodically, and you can’t use a previously used one.
This might sound like a great idea on paper, but if you watch real users what happens is that they are completely unable to remember their passwords… and they end up resetting them every time they log in, or writing them in a piece of paper or a TXT file on their desktop. What’s worse, a weak password, or a password that sits on your desk?
In that sense, PIN codes are much safer: a 4 digit code you can actually remember and won’t ever write on paper. If somebody types in the wrong code thrice, they’ll lose their card.
Stronger security for bank credentials could be the same: type it wrong several times, and you will be required to go to an ATM to confirm your identity or make a phone call.
You’re asking for a strong password too early
Have you ever used a valet key? I haven’t, but the premise behind them is pretty smart: It will allow somebody to drive your car only for a short distance, so your valet can’t just run away with your car instead of parking it.
Online banks could use a similar concept. The system will ask you for a strong password regardless of what you want to do. Many times users just want to quickly check how much money they have, or if they received a deposit. Why go into all the trouble of typing my super-secret-and-impossible-to-remember-code just to do that?
Banks should have a password with weak restrictions that allows you to just log in and look around: Review your expenses, take note of your account number, etc. But then transferring money would require a strong password, which I wouldn’t mind since it’s not something I do that often and I’d appreciate the extra security measure.
Wrapping that up: Give me a simple email/password login I can use, and ask me for special codes (phone confirmation, numbers on a card, a stronger passcode) when there’s money involved.
Annoying security restrictions
When you’re about to pay somebody, you open the tab and start filling in the payment details. And then you realize you’re missing something, so you take the phone and call so you can complete your payment. Then open your browser again and… you’re logged out as a security measure because you were away for 10 minutes.
This is incredibly frustrating. I’m not against it if it’s implemented properly, for example, if I could just re-type my password and continue where I was; but the result is invariably that I have to repeat the whole process.
If a site implements this, I would at least give an option to the user so he can disable it. If we’re following my previous advice, I’ll still need a second password to send the payment, so we’re safe from attackers.
The missing dashboard
Facebook and Twitter give you a pretty good overview of what’s new in your environment. Activity streams that paginate automatically as you scroll down, a clear dashboard with stats, alerts of new activity, etc. Hell, even Mint does a great job showing you what happened over the last days and your overall situation.
Your bank, instead, displays a full-page ad about some deposit you don’t need or insurance products.
I believe a quick overview of your financials would add value to users, who learn more their money, and to the bank, who sells more from the increased user activity.
“But if we devote the main page to useful activity, how will we promote our products?”, somebody would ask. Mint and Google are good examples of this:
Contextual advertising
I mean, if you’re my bank you know a lot about me. You know I have excess cash, or maybe I’m in the red. That’s an appropriate moment to sell me deposits or loans. Depending on my charges, you can even try to understand if I own a place or rent it, and which kinds of products I’d be most interested in.
Don’t run an an saying “2% interest on your deposits”. Try something like: “We noticed you’re not doing anything with this money. If you started a deposit you could make $250 a year from it, click here to simulate some scenarios”.
When advertising is highly targeted, it becomes useful information I’m happy to receive.
Data and APIs
Banking sites seem to hate data. Copy and pasting reports is a nightmare, and the most I’ve been able to get is a CSV or Excel report (which some banks charged me for!).
I could do so much more with my stuff if my bank simply exposed an API. It’s my money after all, why don’t you give me ways to know what’s happening with it? I don’t know of any bank offering RSS or APIs where I can easily pull data. A simple webhook for payments and deposits could be leverages in so many ways.
It might be too much to ask for that, since every new feature must go through an expensive security audit, but it would be great if we could someday access our own data in something that’s not HTML.
Conclusions:
- Simplify the home page
- Offer familiar identifiers to log in
- Make logging in easy, and ask for a stronger verification for transactions
- Allow users to disable security restrictions at their own peril
- Provide useful information in a friendly UI
- Don’t advertise: Suggest customized products for users who need them
- Offer data that can be consumed by other apps
Hope?
I’ve been following projects like BankSimple (and tangentially related, Stripe and Square for payments) and I’m pretty excited about the possibilities. These companies understand the value of user experience and design.
However, we’re decades away from moving away completely from old-school banking. Hopefully new players’ approaches will permeate everybody else’s, and someday maybe online banking will be something as joyful as checking your Twitter stream.
Bonus
If you liked the ideas from this post, you should definitely take a look at Teambox, the collaboration software I designed. It’s built to get out of the way and help you get things done.
Pingback: Online banking sucks, but it doesn't have to -