Netbank Plays The Dating Game

Mike’s bank is asking inappropriately personal security questions, and Mike doesn’t feel that he will be able to remember the answers 12 months down the line.

We think Mike should consider the fact that Netbank is actually playing, “The Dating Game.”

“By the time I came up with 5 good questions and their answers,” writes Mike, “my session had expired and I needed to login again. And also, I was fucking pissed.”

Maybe Netbank just wants to know more about Mike before taking their banking relationship to the next level.

The rest of Mike’s spleen, inside.

This annoyed the shit out of me this morning. My bank wouldn’t let me login to check my account balance until I played their game of “25 questions”.

Review the attached list of questions. Choose five, and produce answers you are confident you can recite when prompted in, say, 12 months. For added fun, do this while fuming about how you don’t have time right now, and you just wanted to check your account balance before you left for work.

About 6 years ago, I moved my checking account to Netbank (www.netbank.com) because they offered higher interest rates and free bill payment service. It was a huge improvement over my local bank, and I’m still mostly happy with them. I’m writing this because they’re starting to act stupid and they need a kick in the pants.

Some time ago, Netbank updated their web interface. After the change, when those of us running something other than Internet Exploder on a Windows PC tried to access our accounts, we found certain critical services were non-functional. It took several days for them to straighten it out, and even now the service is slightly degraded on non-majority platforms (read: Mac).

If you’re in the Online Banking business and your customers depend on your web site for access to their money, you might want to become familiar with concepts such as Standards Compliance and Cross-Platform Compatibility. And you should consider testing your updates before you release them.

I had all but forgiven them for the browser compatibility debacle when they dumped a new turd on us. They’re calling it a state-of-the-art security upgrade, but so far, all I’m seeing is a poorly-designed challenge-response system. It’s a nuisance to users, and the benefits seem negligible. This morning, when I wanted to log into my account to quickly review recent activity and check my account balances, I was confronted with a setup procedure for their new security feature. There was no option to postpone it until I had more time. I would not be allowed access to my accounts until I completed this step.

They gave me 25 questions to choose from. I was required to select 5, and then provide answers I could reliably recall when prompted in the future. Normally, systems like this will ask questions that have static answers, such as the name of your first grade teacher or the city in which you were born. Netbank’s questions are more abstract, and have responses one would expect to change with time.

Examples:
- What is your biggest pet peeve?
- What is your dream job?
- What is your favorite quote?

It took me awhile to pick the questions and responses I felt I could answer most reliably a year or two from now. I don’t have a favorite candy, and I don’t think I could tell you what my favorite song or movie was 12 months ago. In fact, I don’t think I could answer any of the “favorite” or “dream” questions consistently over time. By the time I came up with 5 good questions and their answers, my session had expired and I needed to login again. And also, I was fucking pissed.

– Like I said, I’m still mostly happy with Netbank. I know they’ve got good intentions. I just wish they’d spend more time on quality assurance. It’s not hard to sanity check something like this before you unleash it on your customers. There are ways to implement this kind of functionality without infuriating your user base. I’ve communicated this sort of concern to Netbank before. I’m not sure how attentively they’re listening, though. They still seem to be lacking a meaningful process for ensuring their updates are reasonable and consumer-friendly. So, what brand of shampoo were you using when I opened my Netbank account 6 years ago? (Answer: Stop acting stupid, Netbank.)

Full list:

netbank_25_questions.gif

Comments

Edit Your Comment

  1. kerry says:

    The only one on there that anyone could remember in 5 years (or be able to look up if they don’t) is “where was your wedding rehearsal dinner held.” Of course, totally useless to unmarried folks and those who didn’t bother with a rehearsal dinner. Is it really so difficult to come up with questions that a background check wouldn’t answer, but also aren’t so abstract as to be nearly guaranteed to change eventually?

  2. magic8ball says:

    Mike says, “I’ve communicated this sort of concern to Netbank before. I’m not sure how attentively they’re listening, though.”

    I believe I can clear that up for you: they are not listening attentively. In fact, they’re not listening at all. Glad I could help.

  3. Kangarara says:

    That’s the kind of thing where I’ll pick any five and make the answer to each “Fuck you”.

    When they ask me the question, I’ll remember how pissed I was and that’ll trigger the appropriate response.

  4. kerry says:

    Great idea Kangarara! I just hope it’s not one of those godawful situations where you’re required to remember both the answer *and* the question.

  5. tesca says:

    are you kidding? i’d say for most people, a number of those answers would be constant. plus, they gave you 5 out of _25_, so you’d be able to pick the easiest ones for you to remember. i’m sure some people’s wedding rehearsal dinners were very special nights, and as such they’d remember where the dinners were held. hell, i remember where my sister’s rehearsal dinner was and i’ve never beeen much on weddings.

    using myself as a test subject…14 out of 25 of those i wouldn’t be able to remember in a year. about 8 of those 14 only because i have so many favorite movies, directors, books, authors, bands, etc. although to be fair, i also took a number of film courses in high school and college; i’ve been a dj for years; and, my examined doctoral fields included prelims in art history and in renaissance history/literature. so, i’m probably not the norm. i imagine most people do have a single favorite author or band.

    in other words, cut them some slack!

  6. Mike_ says:

    tesca, you’re out of the norm. These are bad questions. For me, almost all of them have more than one answer, no particular answer, or an answer I can expect to change periodically over time.

    With some effort, I think I could select five for which I could summon correct responses, but to be safe, I would probably write down my answers and file them away somewhere. That defeats the whole purpose of something like this. All 25 of these questions should have one answer that is obvious to you, but somewhat difficult for everyone else.

  7. Mike_ says:

    Also, if it takes longer than 30 seconds or requires any thought or effort, there should be a “remind me later” button, so you can skip it and return at a better time. They shouldn’t be locking you out of your account just because you don’t have time to ponder over their security questionnaire.

    This complaint should have showed up in beta testing, along with some comments about how their questions are truly idiotic.

  8. acambras says:

    If the answer to the shampoo question is “whatever’s on sale,” then I’m all set.

  9. They shouldn’t be locking you out of your account just because you don’t have time to ponder over their security questionnaire.

    They should have informed all of their customers this change was coming and then given them a period of time to make the change before forcing the issue.

    They are doing it, btw, because of guidelines from the FFIEC. If you haven’t seen your bank do this yet, you might soon because they are saying it should be done by the end of the year.

    As for the questions, why don’t they just ask about past events like, “What did your parents/guardians get you for your 16th birthday?”

    Even if it was nothing that’s still an answer and not one that will change in five years.

  10. Josh R. says:

    I just watched an episode of Criminal Minds where a serial rapist used marketing information like this to target his victims.

    Just another reason not to like it.

  11. Tonguetied says:

    I wonder how answers like ‘None’ ‘Never’ and ‘Whatever’ would fly?

  12. byteme3131 says:

    Do like I do, always use the same answer to all those silly questions..regardless. That way you’ll never forget the “answer”.

  13. TheBean says:

    It’s a total mind-fuck to answer these questions, and made that much worse when two people have access to the account. I keep getting emails from my wife asking things like “Do you spell Head and Shoulders with an ampersand?” and “Did you spell MINI” in all caps?” Or “What fucking grade school did you go to?”

    Even if I remember this stuff in five years, she never will.

  14. hardcle says:

    Like others have said, there’s no reason you have to answer these questions “correctly”. Just think of it as a multi-part password and choose your responses accordingly. This will be more secure than correct answers would be as no one will be able to guess what your answers are.

  15. kerry says:

    hardcle –
    Your reasoning is perfect, but why don’t they just make the whole thing one big non sequitur joke?
    Q – What’s the difference between an orange?
    A – Peanut butter, because a motorcycle has no doors.

  16. Your reasoning is perfect, but why don’t they just make the whole thing one big non sequitur joke?

    I think the questions are supposed to help you remember the extra information to get into your account. Otherwise they may as well forgo the questions and just ask for 5 more passwords. Your way sounds more entertaining but I’d be less likely to remember the answer.

  17. GregP says:

    I just signed up for Netbank.com a week ago. I’m already sorry I did it. I agree, the security challenge questions are a little tough to find “rememberable” answers for; althogh I was able to do it.
    I find more serious problems, however, with Netbank.com. In “pre-approval” status, you must use your social security number and mother’s maiden name to access your account status; this, to be, is a playing with fire when needed repeatedly for login access.
    Additionally, despite being a “net” bank; the preference for funding accounts is clearly by mail (UPS). I fought for days with netbank rep’s to find out why I couldn’t transfer initial funds to them; week later I was told they needed a street address (not a po box) inorder to activate the accounts. Everyone kept telling me it was my problem and I should just mail them a deposit. Further, once approved and the account is “active”, it appears you can only transfer funds into accounts if you give them password/username access to your source bank account – like hell I’ll do that. What do you think my local bank will say if that acccount gets hacked because I gave someone else my ID? – “SOL, Buddy!”.
    To top things off, once you start accessing your accounts, there does not seem to be anymore access to “online chat” help (that existed during the pre-approval stage).
    What’s the point of a “net” bank where you a)can’t easily trasfer funds and b)can’t “chat” with a rep? If I have to drive to a UPS store and mail a deposit or get on the phone and wade through touch-tone menus, I might as well go to my local bank; “net” is totally defeated.

  18. cantswim says:

    I’m on hold now waiting for a NetBank CSR to reset my login because I failed to remember my favorite song. Gee, which was it; “Nothin but a G thang” or “99 Luft Balloons”? Crap. So, I did a Google on ‘Nebank security complaints’ and found this site. I’ve been a NetBank customer since 1999 and this new 5 Q-and-A security process is really giving me a good excuse to close my account. Ok, now the CSR reset my login after him giving me a temporary passcode over the phone. It was like 9 characters long! Geez! He was reading them to me like launch codes for ICBMs; “Hotel”…”Queen”…”Bravo”…”X-Ray”. Come on, how about a simple 4 digit passcode? It’s only good once and I have to enter it immediately anyways. Now I get to pick 5 new questions and answers. I’ll be sure not to pick “What sports team do you love to see lose?” because that changes every season. This time I’ll use my password for all answers to any question like one of the previous post suggested. I should have done that in the first place.