Saturday, 7 March 2009

Enough! No more Secret Squirrel!

I am so impressed. My credit union is so concerned about the security of my account that they've made it almost impossible for me to get to it!

This is technology gone berserk, all in the name of security. I'm sick sick sick of it!

To be environmentally friendly they introduced a paperless account statement – easy to view online - wheeeeeee! And then to be extra security-conscious they replaced their Factor 2 tokens with SMS verification. Boo hiss – what a clunky and stupid system that is.

Here's how it works (or not!) (cue sound - cone of silence descending)

You log in to your account, using your password. To view your statement you click to 'request SMS code'. A little window tells you it has been sent to you, and you are supposed to get a unique single-use code via SMS to your mobile phone immediately, (if you have one, if it's with you, if it's switched on, if you have reception, (which would cut out about 80% of Australia outside big cities!) and if your service provider doesn't suffer from delays.) That's far too many 'ifs' for my liking. You with me so far?

Well, I don't get my code. It doesn't arrive, for some reason known only to the telephone and internet gods. A distress email to the help desk gets this automated response: Thank you for your email. Your request will receive attention within 24 hours. 24 hours!

Feeling a bit hot under the collar by this time, I punch in the number for the “if your request is urgent, please call”.

The help desk officer can't help - can't give me the code that has allegedly been SMSed to me unless I can tell her my Personal Phone Banking Identification Number (I have one of those too? Let me see, which of the forty thousand passwords and codes in my head would that one be?)

The hot under the collar feeling is creeping up my neck and into my cheeks. It's like a massive menopausal hot flush (but I think it's probably rising blood pressure). My God, I'm going to have a stroke in a minute because I can't get my bloody account statement because of the stupid stupid STUPID new security system. I'm ready to throw the phone and the computer out the window, and follow them out.

“What on earth possessed you lot to introduce this ridiculous, unreliable, clunky, STUPID system?” I gasp, eyeballs bulging. “What on earth was wrong with the Factor 2 tokens?”

In case you're wondering, Factor 2 token verification (old technology, therefore crap?) involves selecting your previously agreed-upon unique sequence of 3 icons from a set of 9. Tsk tsk, it just had to go, because, according to the help desk person, it wasn't secure enough, and the credit union is serious about the security of customers' accounts, oh yes. Somebody might be looking over your shoulder when you're entering your code. I'm serious – that's what she tells me!

I'm not sure how this differs from the possibility that someone could be watching over your shoulder when you type in your password – or, for God's sake, when you enter your PIN at the ATM!

The blood pressure goes up another couple of notches. There's a vein throbbing in my neck.

Apparently I can opt out of this SMS technology (after all, there are so many 'ifs' – mobile phone reception and the reliability of my service provider being the biggest) – but it will cost me $20 to purchase a “token” (more crap to remember to carry around, and heaven help me if I should lose it!)

That's the point at which I face the choice – laugh or have my head explode. Some things are just too effing ridiculous. I make my point about money-grubbing institutions, lodge a formal complaint about the stupid new security system and log in all over again. This time the SMS code does appear on my mobile phone.

20 minutes, it's taken – 20 minutes and a near-stroke, to finally be able to view my account statement. A process which used to be as simple as opening an envelope. Stop the world, I want to get off.

*sigh* I'm suffering from security fatigue. I have to remember so many bloody passwords and Personal Identification Numbers to stop bad people stealing my identity or my money or accessing my personal information or my email or ... I'm over it! I give up. Microchip me, somebody, and free up that massive section of my brain that has had to be set aside for remembering all the passwords and PINs. I'm sure I can find a better use for it.

1 comment:

lemmiwinks said...

That really is stupid! I get crappy enough that we have to change passwords every now and then, I'd give serious consideration to changing my financial institution if I was in your situation.

Seriously, if they force you to have a good password (alpha numeric with upper and lower case) then that's all the damn security (apart from an encrypted connection) you need!