Archive | July, 2016

Password expires if Net Banking not used in 180 days

10 Jul

Some bank accounts will always be dormant

India has more than 60 well-known banks – some in public sector and some in private sector.  A middle-class person could have 2 or 3 bank accounts due to his career shift from one job to another.  Unless it really pinches his pocket, a person tends to retain the relationship with the bank in which he has opened an account once.    However, his main account will be the one where his salary or business income gets credited.  The Net Banking transactions in this primary account will be very frequent, whereas the Net Banking transactions in all his other accounts will be rare – may be once a year.   So, if there are 50% dormant bank accounts in this country, it is not surprising at all.  This is by design and by will.  They are meant to be dormant and to be used occasionally.

Password expires if Net Banking not used in 180 days

Some banks have very stringent Password Expiry policies. If you do not login to your account in a span of 180 days,  even if you input the correct password you will not be allowed entry into Net Banking.  ie. the bank does not allow entry if you are not a frequent user.  This policy appears quite harsh to the infrequent visitor.  The consumer has not done any mistake.  He has by choice decided to use this account once a year – maybe for an Insurance Premium payment or Renewal of Membership Fees or Muncipal Tax Payment.   But every time, you login after 6 months, the bank throws you out, almost insulting you in the process.   This can be extremely frustrating for the diligent user who has carefully remembered his password and is 100% sure that he is using the correct password.

Why should the Bank force a Login every 6 months ?

  1. What is the basis for the above rule ? Is it stipulated by RBI or Info Security Act ?
  2. What is the additional security that one gets by logging into the account every 6 months ?
  3. Why are you forcing a dummy transaction just to preserve the credentials that you have so carefully chosen ?
  4. Why don’t you let the customer decide when to change the password or when to login ?

Making it Difficult means More Security ?-  A Myth

There is a certain myth in the Net Banking guidelines followed by many banks.  Making a process more difficult means that you are adding more Security.  This may not be true in all cases.  Having special characters, numbers, upper case, lower case etc is an old style of password management. To search for a $ (US dollar) symbol in some mobile handsets could be a nightmare especially when you are in a hurry.  Instead, we can have a very long password such as “The peacock looks beautiful when it is dancing in the rain”.  However the password policy restricts this because they want us to keep a cryptic password within 15 characters only.

Do not re-use last 3 passwords – Why ?

My first two passwords were

  1. M@keItEasy4Me
  2. G0dHelpmeL0g1n

Suppose I like these passwords and I want to re-use them during my third cycle, the bank prohibits me from doing the same. These passwords are extremely personal, well-researched and have a basis.  The bank cannot decide on my passwords.  If there is a strong reason, we would like to know.

Jan Dhan Customers need Simpler Net Banking Please!

Customers who are familiar with IT concepts and computers struggle with Passwords.  It is very difficult for farmers, daily labourers, housemaids, security guards and such customers to use our current Net Banking.  Its far too complex.   We need to Simplify, Simplify, Simplify.   The value of transactions is extremely low – most of them below Rs 5000 (Rs Five Thousand only).  Hence the risk is also low.  So, we need to have a graded approach to Net Banking.   For example, the Authentication parameters could be

  1. Transaction Value Rs 10 –   Mobile Number only
  2. Transaction Value Rs 100 –  Mobile Number + MPIN
  3. Transaction Value Rs 1000 – Mobile Number + MPIN + Aadhaar OTP
  4. Transaction Value Rs 10,000 – UserId + Password + OTP
  5. Transaction Value Rs 100,000 – User Id + Password + OTP + Biometric

Amount based Authentication can protect Users and Banks

If you ask a pensioner to use Net Banking, he might hesitate in the fear that all his savings could get depleted in one stroke due to his ignorance or lack of knowledge on Net Banking and Security Practices.   However, if his Net Banking Registration comes with a Transaction Limit, he might be willing.   ie.  the Bank guarantees that the maximum value of Net Banking through this Registration is only Rs 5000.   Irrespective of the channel, irrespective of the device, irrespective of whose mistake it is, the maximum fraud possible on that account is only Rs 5000 per day.  This is a great insurance for beginners.   After using Net Banking for 6 months, he may get emboldened to move to the next level where his transaction limit can move to say Rs 50,000 per day.

Net Banking Registration – Different Flavours

  1. Instant Net Banking –  Zero Charges – Rs 1,000 limit
  2. Quick Net Banking –  Rs 100 p.a –   Rs 10,000 limit
  3. Standard Net Banking – Rs 1000 p.a – Rs 1,00,000 limit
  4. Prime Net Banking –  Rs 2000 p.a –  Rs 5,00, 000 limit

Net Banking – time to charge Annual Fees

Banks could consider charging an Annual Fees for use of different flavours of Net Banking. They need to create a Budget for introducing modern Biometric Authentication systems such as Face Recognition, Voice Recognition, Fingerprint Recognition, Cardiac Pattern Authentication, Palm Vein Authentication etc along with other parameters such as MPIN, Password, OTP, Hardware Token, Mobile Number etc.   These technologies will take 3 to 5 years to stabilize and take shape.  There is significant investment required in time and resources to deploy such systems.

Simplify, Simplify, Simpify

We need to introduce complex technology so as to simplify our lives.   All technology should be hidden under the hood, so that the outside is simple and usable.  When any product or process is simple, adoption is quick and effortless.  The marketing expense for such a product would be much less and the return of investment is faster.  Engineering students need to be taught the power of Simplicity so that they can build great products for the future.