This is an archived version of this page. The current blog is here

September 11, 2005

Smile Banking Site

I've been banking with Smile for a while now, and I recently sent them an email on what I'd like to be able to do with their website. I've had a generic response, but I thought I'd blog it here to see how much of it actually happens:

  • back button - minor thing, but it keeps catching me out: make the back button work. I know there are some security problems to work out, but it's so annoying to be logged out when you inadvertently press it.
  • security - Passwords and security challenge questions are okay, but leave you vulnerable to man-in-the-middle type attacks. Are you thinking about either a second channel for authentication - I've seen sites which send a text message to your phone with some generated key that you have to enter to complete a risky transaction (eg big withdrawal) - or some form of transaction authentication would be good. You could give account holders (optionally perhaps) a hardware or software security app. I seed it with a PIN you send me and then when I want to do a big withdrawal, you send me a challenge code which I enter into the device. It spits out a response based on some well known crypto protocol (which you should ideally make public) which I then put in the site to authenticate that transaction.
  • statements - My immediate gripe is that 50 statements seems ridiculously low (and is it per account, or for all accounts?). The storage is minimal so I'm not sure what the reason is - why can't all statements be online forever (or at least for 7 years, which I seem to remember is the statutory limit). It seems to me that now you're online, you have a great opportunity to improve the functionality here beyond basic statements. I'd love to be able to search transactions, and even better, to tag them with personal categories which I can then use to create ad-hoc statements of some budget category (eg personal spending, household budget etc). At present I do that locally with spreadsheets, but you could add tremendous value to the site by making it possible to do some of this online. Or, with a web services API, I could write a spreadsheet that would pull data live out of the site and let me analyse it locally. I realise that as a slogan, "Smile - now with web services API" probably won't directly appeal to a lot of people. It might create a community that would build services for you though. Plus, get in first and you have the de-facto standard.
  • notification - I don't want email (I have too much already). What I would like is RSS or Atom.
Posted by MFreestone at September 11, 2005 08:43 PM