When tech people set up online banking, understanding exactly what they’re doing can be hard to understand for the management team. Even so, it’s critical to keep an eye on the work and make sure sufficient attention is paid to security. Lazy customers can invent easy-to-guess passwords, for example, but the best practice in mobile banking is not to let them.
Ask your I.T. team to set you up with a dummy account so you know just what your customers will experience. If it’s confusing for you, it’s not going to work for them. If it lets you set a password like “123” or “password,” some of your customers will do it — and someone may take advantage of their carelessness.
A good online banking system will insist on a password that’s hard to guess: for instance, one with both upper and lower case letters and at least one digit. Yes, these are harder to remember, but a good password saves your institution from the customer service headaches and bad PR that can follow a break-in to an account. At the same time, the software needs to make the requirements clear; you won’t win friends if it rejects a password even though it seems to meet the stated requirements.
Setting automatic passwords is a dangerous business. One bank reset all its customers’ passwords to the last four digits of their Social Security numbers when it upgraded. That allowed only ten thousand possibilities, which is nothing to a computer doing automated login attempts, and a person’s Social Security Number is often a poorly guarded secret. Whoever thought of that idea was inexcusably careless. If it’s necessary to set automatic passwords, make sure they’re hard for anyone but the customer to guess.
It’s annoying to come up with and remember a strong password, but the Internet is full of people hoping to commit bank robberies from the comfort of a computer desktop. Don’t give them the chance.