Sometimes I wonder…. Have we placed too many security features into our online banking system to a state where it hinders convenience. I know security and convenience doesn’t go hand in hand. But the fundamental principle behind the creation of online banking is convenience. The ability to conduct banking at the comfort of your home or office. Yet with the increase in security features, sometimes you feel that it would be better if you just get your ass out of your house and queue up at the bank.
I wanted to transfer $5000 from one bank to another bank using internet banking last sunday evening. But I discovered that the daily transfer limit between banks is set at $1000. If I want to increase the limit, I will have to download a form, fill it in and mail to the bank. *Horror* Isn’t online banking suppose to do away with all those forms already?
In order to transfer money from one bank account to another, I need to add bank account payee first. The system will send me a SMS with password for me to activate that account payee. Without the activation password from my handphone, the fund transfer cannot take place. So rightfully, all the accounts in my transfer payee should already be authorised by me. Right? Then why still the $1000 limit? And why do I have to submit a form and wait a few working days if I want to increase the transfer limit?
So either I can transfer $1000 everyday for 5 days or I can just go down to the bank on my non-working day (which is Saturday), withdraw $5000 and deposit into the other bank. I choose the latter. Surprisingly, the queue was rather short for both banks.
OK, I know I’ll get flame for this post. I’ve already been flamed for the 2FA post that I did several months back. But seriously, I think we have overly secured our internet banking to a state where it is no longer convenience to use.
Let me walk you thru the steps to make a online banking money transfer:-
Login internet banking with user id and password (Security #1)
Enter 2FA password (Security #2)
Create bank transfer payee.
Authorise transfer payee with SMS password send by system (Security #3)
All IP address are logged (Security #4)
Isn’t there already enough security features to prevent hackers? A hacker needs to know my login id, password, have my 2FA token and my handphone to successfully transfer money from 1 bank to another. All all these while, his IP address will be logged and we will know which account he transfer the money too. Why the need to limit the daily transfer limit when it’s already so secured? And why the need for physcal forms and why need to wait a few working days if I want to change the daily transfer limit? Why can’t I use my 2FA code or SMS password to change the limit?
Is it time for us to rethink about our internet banking security policy and how it hinder convenience? I know internet security is important. But there is a need to balance the security and convenience before everyone find it a hassle to use internet banking and start queuing at the banks again.