Online banking may be the wave of the future, but our company banker, Silicon Valley Bank, hasn't figured out which side of the surfboard goes up yet. Here's my story:
I'd not bothered to sign up for online banking for a long time, mostly because we don't have a high volume of checking account transactions and I didn't want to pay the fees. A couple months ago I decided to take the plunge, mostly because I thought it would be useful to have faster access to our account statement.
Silicon Valley Bank has been pushing its online banking service, eConnect, for several years. I've had good experiences with online banking for my personal accounts, and figured SVB's service would be comparable.
My troubles started with the signup process. I couldn't just call customer service and get hooked up: I had to fax documents, sign papers, and wait days. No problem, I figured, it's important to (especially on a business account) to be extra careful about enabling online account access. Even if all it lets me do is check the balance.
Then I tried to log in. SVB (like most places) requires a username and password for security, but for extra super-duper security they require you to enter your password by clicking on a virtual keyboard on the screen. It takes about 30 seconds to enter an 8 character password, which is frustrating enough in itself.
The first time you sign in, however, you have to create a new password and enter it twice (for verification) along with the temporary password they created when setting up the account. So far that's about a minute and a half of clicking on a dorky little virtual keyboard (with the password blocked out, of course, so you can't see if you really hit the right button).
Then I got an error on my new password: "Passwords must be 8 characters in length and contain at least one number and at least one symbol." D'oh!
So I made up a new password safely longer than 8 characters with the required numbers and symbols, and spent another couple minutes re-entering my old password and blindly entering the new one (twice).
Just to get a repeat of the same error: "Passwords must be 8 characters blah blah blah."
Okay, that's weird, I thought it was. So I made up a third password and went through the laborious process again.
And got rejected again. I don't frustrate easily, but by this time I was about ready to throw my keyboard through the window. Finally I figured out that they wanted a password exactly 8 characters long, not 8 characters or longer (which is the more common requirement).
So finally I managed to log in--after about a half-hour of struggling with my password--and was able to read our account balance. Whoop-de-do.
That wasn't the end of the fun, though: a few weeks later I lost my password. I don't normally lose passwords, but the bizarre exactly-8-characters-plus-number-plus-symbol requirement forced me to create something utterly unmemorable, so I had to write it down (normally I never write down passwords, so there's a security problem right there) and--you guessed it--I lost the paper I'd written it down on.
That sent me on the adventure of the password recovery process. When you lose your password, SVB changes it to a new temporary password and e-mails the temporary password to you (by the way, this e-mail recovery process almost completely negates whatever security value they may have had with the strict password requirements and virtual keyboard).
But by that time, I'd forgotten the exactly-8-character requirement so painfully learned the last time, so I wound up going through the whole painful process again. When I finally figured out how to reset my password, it was an emotion-laden epithet directed at the evil genius who designed this unique implement of torture.
Now, how much would you pay for the pleasure of using this oh-so-effective online banking system? $19.95? $29.95? How about $50/month? Yes, SVB wanted to charge us six hundred dollars a year so we could go through an hour of frustration every time we want to check our account balance.
Amazingly, when I called to cancel our online banking, the agent said, "gosh, nobody's ever asked to cancel online banking before!"
P.S. In case you think this insane process is somehow required for security, that's not so. in my experience, both PayPal and Salesforce.com have implemented much more secure login processes which are far simpler and less obtrusive than this one. PayPal provided us with a physical "security key," and we have to enter a six-digit code from the key to log in. Salesforce.com just implemented a system which requires a user to log in from a trusted IP address or web browser, effectively locking a given user to a specific physical location or computer.