Banking Innovation

Well, sort of. The recent sale loss of my data by the Revenue prompted me to change my bank account this weekend. Not that I think I really needed to after the fiasco at HMRC, but I thought some rate tarting was in order.

Alliance & Leicester have two interesting things in their online banking interface: a “unique image and phrase combination” and a fake logout (no, really).

The former is quite interesting. You are given a picture to which you attach some phrase known only to you. When you’re shown that picture, you give them the phrase as part of the login process. I’m not sure how secure or otherwise this is, since the temptation to simply describe the image is very strong. However, as long as it’s used as an anti-phishing method (which it appears to be) then it’s rather nice. Would have preferred to have been given their public key for some 256-bit blowfish goodness, but hey. Who wants PKI when they can have a sand dune to look at?

The latter is a somewhat surprising bit of UI design. I finish my session and log out… but what’s this? I’m not logged out – I’m being sold to! Good job I wasn’t in an Internet cafe, because the first time this happened, I didn’t notice the message. I was so surprised, I’ve shot a video of it (1.1Mb ogg).