Click here to close now.

Welcome!

AJAX & REA Authors: Jon McNeill, Clinton Wolfe, Carmen Gonzalez, Lori MacVittie, Elizabeth White

Related Topics: Web 2.0, Search, AJAX & REA, Security

Web 2.0: Article

Retail Banks - Dinosaurs in an Online World

We have a recurring issue with our bank - they regularly flag transactions as fraudulent even though the transactions are fine

I had some interesting (sic) experiences with two separate banks with regards to two business accounts that we keep with each recently. The problem highlighted two issues that were both in some ways intertwined:

  1. False positive flagging of online transactions
  2. Identity Management between bank departments

First let me set the scenario. I am CEO of Storage Made Easy, a business that can be categorized (in bank speak) as an online internet business. We are a business that spends a fair amount on online advertising through various different channels and who also uses best of breed online services to make our life easier. Therefore we spend money with other online based internet companies including companies like Google, Amazon etc and we pay certain providers through merchant gateways such as Paypal. I suspect we are not that different to other similar companies in this regards.

We have  a recurring issue with our bank in which they regularly flag transactions as fraudulent even though the transactions are fine. These are what are referred to in the industry as 'false positives'. A false positive is a result that indicates a given condition has been fulfilled, in this case a transaction being flagged as fraudulent, when the condition was not or should have been fulfilled, and in this case the result is that the transaction should not have been flagged. The end result is that the credit card used to pay for such services is suspended until the end user (us) has negotiated with the fraud department of the bank to lift the ban and transactions that are flagged have to be re-submitted, a time consuming and costly process as it means all adverts stop running, payments are not made and someone within the business has to take time out of their day to sort the whole mess out.

You would think it would be fairly straightforward problem to fix. After all the transactions in question have a regular history of being paid each month, in most cases going back over 2 years. Unfortunately this is not the case, the bank merely says "our fraud detection system highlights these transactions as possibly being fraudulent and there is nothing that can be done". My ongoing question is why ? Why are you flagging transactions as being fraudulent that have a historic basis for payment in which the amount in most cases are identical to what was previously being paid over the past two years. This is largely a rhetorical question as no-one in the bank can answer it or even seems to care that it is a perfectly valid question that should be investigated.

The second issue involves getting in touch with the banks fraud department to arrange to have the block lifted. Normally when we speak with the bank we go through a telephone banking authentication process. The bank set this up with us and we have a pin and other personal and password details we have to give. The PIN relates to a challenge / response two factor authentication process. As a company we have a good knowledge of Identity Management, from Active Directory / SAML / Kerberos / LDAP through to OAuth OpenID etc and we also understand the challenges of integrating between the various identity management systems.

When we contact the fraud department they do not use our pre-defined identity management process at all. In fact they ask obscure questions about the account, such as "What was the debit amount for a transaction on 2nd January "etc. These are almost impossible to answer as a by-product of the fraud block is that online banking is also blocked and as we have paperless statements, there is no way to check or validate any of the questions being asked (which in any case are not in anyway related to the identity management process we have in place with the bank). When challenged as to why the fraud department is not using the existing identity management that we have in place the response is "We do not have access to that system". My guess is that as the fraud department seems to be outsourced to Mumbai, this is why, but this is not something we should care about or be impacted by.

My conclusion is that retail banking is akin to web 1.0 companies in a web 2.0 world. They have not changed their processes to work within the dynamics of the internet world, which is driven by online transactions, and their outsourcing exposes the lack of cohesion within their internal systems in which the customer suffers the consequences. There is also a certain type of arrogance within the culture of the bank that leaves me a little cold. There is a real "don't care' "can't do" type attitude.

It seems the option we have is to change banks but I really have little confidence this will solve the underlying issues as we already similar behaviour from the two banks we already use.

Banks now fail in the most fundamental thing you want them to be good at ie. lending money, storing your money and providing transparent secure access to it. They retain their position purely through lack of choice but it has often crossed my mind that a much better solution would be a consortium of similar minded tech companies who function as their own club that administer and provide their own financial services to each other.

More Stories By Jim Liddle

Jim is CEO of Storage Made Easy. Jim is a regular blogger at SYS-CON.com since 2004, covering mobile, Grid, and Cloud Computing Topics.

@CloudExpo Stories
Are your applications getting in the way of your business strategy? It’s time to rethink your IT approach. In his session at 16th Cloud Expo, Madhukar Kumar, Vice President, Product Management at Liaison Technologies, will discuss a new data-centric approach to IT that allows your data, not applications, to inform business strategy. By moving away from an application-centric IT model where data integration and analysis are subservient to the constraints of applications, your organization will b...
As organizations shift toward IT-as-a-service models, the need for managing and protecting data residing across physical, virtual, and now cloud environments grows with it. CommVault can ensure protection &E-Discovery of your data – whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise. In his session at 16th Cloud Expo, Randy De Meno, Chief Technologist - Windows Products and Microsoft Partnerships, will disc...
It’s been proven time and time again that in tech, diversity drives greater innovation, better team productivity and greater profits and market share. So what can we do in our DevOps teams to embrace diversity and help transform the culture of development and operations into a true “DevOps” team? In her session at DevOps Summit, Stefana Muller, Director, Product Management – Continuous Delivery at CA Technologies, will answer that question citing examples, showing how to create opportunities f...
Analytics is the foundation of smart data and now, with the ability to run Hadoop directly on smart storage systems like Cloudian HyperStore, enterprises will gain huge business advantages in terms of scalability, efficiency and cost savings as they move closer to realizing the potential of the Internet of Things. In his session at 16th Cloud Expo, Paul Turner, technology evangelist and CMO at Cloudian, Inc., will discuss the revolutionary notion that the storage world is transitioning from me...
VictorOps is making on-call suck less with the only collaborative alert management platform on the market. With easy on-call scheduling management, a real-time incident timeline that gives you contextual relevance around your alerts and powerful reporting features that make post-mortems more effective, VictorOps helps your IT/DevOps team solve problems faster.
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin,...
The essence of cloud computing is that all consumable IT resources are delivered as services. In his session at 15th Cloud Expo, Yung Chou, Technology Evangelist at Microsoft, will demonstrate the concepts and implementations of two important cloud computing deliveries: Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). He will discuss from business and technical viewpoints what exactly they are, why we care, how they are different and in what ways, and the strategies for IT ...
Cloud data governance was previously an avoided function when cloud deployments were relatively small. With the rapid adoption in public cloud – both rogue and sanctioned, it’s not uncommon to find regulated data dumped into public cloud and unprotected. This is why enterprises and cloud providers alike need to embrace a cloud data governance function and map policies, processes and technology controls accordingly. In her session at 15th Cloud Expo, Evelyn de Souza, Data Privacy and Compliance...
Red Hat has launched the Red Hat Cloud Innovation Practice, a new global team of experts that will assist companies with more quickly on-ramping to the cloud. They will do this by providing solutions and services such as validated designs with reference architectures and agile methodology consulting, training, and support. The Red Hat Cloud Innovation Practice is born out of the integration of technology and engineering expertise gained through the company’s 2014 acquisitions of leading Ceph s...
The free version of KEMP Technologies' LoadMaster™ application load balancer is now available for unlimited use, making it easy for IT developers and open source technology users to benefit from all the features of a full commercial-grade product at no cost. It can be downloaded at FreeLoadBalancer.com. Load balancing, security and traffic optimization are all key enablers for application performance and functionality. Without these, application services will not perform as expected or have the...
Roberto Medrano, Executive Vice President at SOA Software, had reached 30,000 page views on his home page - http://RobertoMedrano.SYS-CON.com/ - on the SYS-CON family of online magazines, which includes Cloud Computing Journal, Internet of Things Journal, Big Data Journal, and SOA World Magazine. He is a recognized executive in the information technology fields of SOA, internet security, governance, and compliance. He has extensive experience with both start-ups and large companies, having been ...
There are many considerations when moving applications from on-premise to cloud. It is critical to understand the benefits and also challenges of this migration. A successful migration will result in lower Total Cost of Ownership, yet offer the same or higher level of robustness. In his session at 15th Cloud Expo, Michael Meiner, an Engineering Director at Oracle, Corporation, will analyze a range of cloud offerings (IaaS, PaaS, SaaS) and discuss the benefits/challenges of migrating to each of...
Platform-as-a-Service (PaaS) is a technology designed to make DevOps easier and allow developers to focus on application development. The PaaS takes care of provisioning, scaling, HA, and other cloud management aspects. Apache Stratos is a PaaS codebase developed in Apache and designed to create a highly productive developer environment while also supporting powerful deployment options. Integration with the Docker platform, CoreOS Linux distribution, and Kubernetes container management system ...
Skeuomorphism usually means retaining existing design cues in something new that doesn’t actually need them. However, the concept of skeuomorphism can be thought of as relating more broadly to applying existing patterns to new technologies that, in fact, cry out for new approaches. In his session at DevOps Summit, Gordon Haff, Senior Cloud Strategy Marketing and Evangelism Manager at Red Hat, will discuss why containers should be paired with new architectural practices such as microservices ra...
The industrial software market has treated data with the mentality of “collect everything now, worry about how to use it later.” We now find ourselves buried in data, with the pervasive connectivity of the (Industrial) Internet of Things only piling on more numbers. There’s too much data and not enough information. In his session at @ThingsExpo, Bob Gates, Global Marketing Director, GE’s Intelligent Platforms business, to discuss how realizing the power of IoT, software developers are now focu...
There are many considerations when moving applications from on-premise to cloud. It is critical to understand the benefits and also challenges of this migration. A successful migration will result in lower Total Cost of Ownership, yet offer the same or higher level of robustness. In his session at 15th Cloud Expo, Michael Meiner, an Engineering Director at Oracle, Corporation, will analyze a range of cloud offerings (IaaS, PaaS, SaaS) and discuss the benefits/challenges of migrating to each of...
Cloud data governance was previously an avoided function when cloud deployments were relatively small. With the rapid adoption in public cloud – both rogue and sanctioned, it’s not uncommon to find regulated data dumped into public cloud and unprotected. This is why enterprises and cloud providers alike need to embrace a cloud data governance function and map policies, processes and technology controls accordingly. In her session at 15th Cloud Expo, Evelyn de Souza, Data Privacy and Compliance...
We certainly live in interesting technological times. And no more interesting than the current competing IoT standards for connectivity. Various standards bodies, approaches, and ecosystems are vying for mindshare and positioning for a competitive edge. It is clear that when the dust settles, we will have new protocols, evolved protocols, that will change the way we interact with devices and infrastructure. We will also have evolved web protocols, like HTTP/2, that will be changing the very core...
Skytap Inc., has appointed David Frost as vice president of professional services. David joins Skytap from Deloitte Consulting where he served as Managing Director leading SAP, Cloud, and Advanced Technology Services. At Skytap, David will head the company's professional services organization, and spearhead a new consulting practice that will guide IT organizations through the adoption of DevOps best practices. David's appointment comes on the heels of Skytap's recent $35 million Series D fundin...
Operational Hadoop and the Lambda Architecture for Streaming Data Apache Hadoop is emerging as a distributed platform for handling large and fast incoming streams of data. Predictive maintenance, supply chain optimization, and Internet-of-Things analysis are examples where Hadoop provides the scalable storage, processing, and analytics platform to gain meaningful insights from granular data that is typically only valuable from a large-scale, aggregate view. One architecture useful for capturing...