Security is a theme that will preoccupy us for ever. It is the answer to the most important enabler for doing business on the net: TRUST. And banks are (or should be) one of the key suppliers of trust. How the various banks in different countries are dealing with this topic reflect some of the culture behind internet.
A recent incident showed me some striking difference. This is about a bank in the south of Spain, one of the most prominent in the area. And the case is this: For transferring money through the internet the initial amount is set to only 600 euros. Transferring an amount higher than 600 euros is not accepted through the internet application. Obviously this is done to protect the clients. (I thought initially)
So I went to the (Bank) office and they were willing to change this limit for different type of operations: the maximum amount per transaction, the maximum per day and the maximum per month. These kinds of measures are added to the internet application of the bank with the goal to protect the client. It is not hard to think of an example where someone (a hacker) gets access to the banking application and is then able to transfer only 600 euros per transaction.
If I compare this to a number of banks I use in the Netherlands, none of these have a limit to the amount to transfer (not per transaction, per day nor per month). A possible conclusion could be that (assuming that more banks in Spain will use the same mechanism) Spanish clients are less comfortable with internet and require higher security standards.
But there is another difference.
This particular bank (like many others in Spain) uses the best practice security token which is the coordinate card; this is a card with different numbers that are identified by a coordinate - like a cell in spreadsheet (A1, B4) - and the banking application prompts for a random coordinate at the moment of preparing for a transaction.
The best practice in the Netherlands is not this coordinate card but a hardware calculator. This token operates only with your bank pass and your pin code. Obviously this is much safer, but also much more expensive.
In this light it seems more logical that this Spanish bank adds an additional security measure (like the one of limiting the amount to transfer). But this measure is most likely not only for protecting the client, but rather for protecting the banks insufficient security level.
I had to go to the office to fix this problem and this took including waiting time more than half an hour; fifteen minutes for the configuration.
A calculator costs around 70 euros. The distribution will cost twice as much as the distribution of a paper coordinate card. But in the end, these costs are probably lower than attending a client at a desk for changing limits. On an overall productivity level, this will mean a lost of productivity that exceeds the costs of the token and the interaction with the banking agent. Internet is supposed to make life flexible and faster; in both cases the Spanish situation is lagging behind.
To my opinion (and experience)
© 2006 Hans Bool
Hans Bool is the founder of Astor White a traditional management consulting company that offers online management tools. Have a look at some of our free management tools