First, I use a computer all the time. I’m usually never more than 24 hours away from one, and I can usually get online in half an hour or less if needed. So doing everything on the internet seems quite sensible. Well, it only seems.
I understand that in the eyes of script kiddies, crackers, scammers and the usual digital scum, internet banking websites are very appealing. Getting ahold of login information from any Joe Sixpack means cash in their pockets, what else on the internet could be better than that?
It’s nice that banks are worried about security, and conceptually, some of them have done a good job. Most of the problems lie in the implementations.
I’d be damned if I had visual or motor disability and had to use any internet banking I’ve tried so far, so that’s not only Citibank’s fault (which I happen to use as well), it’s something every net bank I’ve tried so far has, and it’s directly related to “making the user experience more secure”, which rings all sorts of bells - it’s the same argument used by airport security in the US after all, isn’t it?
Also, note that using a non-IE browser also counts as a disability for some banks, suspicious behaviour for others, and don’t even get me started on using mobile phones.
Why can’t banks offer decent, simple, secure access to customer’s accounts on the web? Would it be so difficult to keep things secure without compromising usability and interoperability? Why can’t I have a secure RSS/Atom feed for my bank transactions, one that I can read using my phone? Where are banks that offer safe, useful web service APIs, the ones applications could use to let you buy stuff even from the most dodgy-looking online shops without fear?