Banks, Internet and Security – An Example From Spain

Security measure is a theme that will preoccupy us for ever. It is the step to the most important enabler for doing business on the net: TRUST. And financial institutions are (or should be) one of the key suppliers regarding trust.
How the various banks in different countries are addressing this topic reflect some of the culture behind internet.

The latest incident showed me some striking difference. This is in regards to bank in the south of Spain, one of the most prominent in your neighborhood. And the case is this:
For transferring money through the world-wide-web the initial amount is set to only 600 euros. Transferring an amount higher than 600 euros is not accepted through the internet applying it. Obviously this is done to protect the clients. (I idea initially)

So I went to the (Bank) office and they were definitely willing to change this limit for different type of operations: the maximum amount per transaction, the maximum per day and the maximum per month.
Most of these measures are added to the internet application of the bank with the intention to protect the client. It is not hard to think of an example where another person (a hacker) gets access to the banking application as well as being then able to transfer only 600 euros per exchange.

If I compare this to a number of banks I use during the Netherlands, non-e of these have a limit to the amount to convert (not per transaction, per day nor per month).
A potential conclusion could be that (assuming that more banks in Spain will use the same mechanism) Spanish clients are less comfortable with internet plus require higher STO list standards.

But there is another variance.

This particular bank (like many others in Spain) uses the perfect practice security token which is the coordinate card; this is usually a card with different numbers that are identified by a coordinate aid like a cell in spreadsheet (A1, B4) – as well as the banking application prompts for a random coordinate at the moment involving preparing for a transaction.

The best practice in the Netherlands will not be this coordinate card but a hardware calculator. The following token operates only with your bank pass and your code code. Obviously this is much safer, but also much more highly-priced.

In this light it seems more logical that this Spanish loan company adds an additional security measure (like the one of confining the amount to transfer). But this measure is most likely besides for protecting the client, but rather for protecting the banking companies insufficient security level.

I had to go to the office to fix this trouble and this took including waiting time more than half an hour; quarter-hour for the configuration.

A calculator costs around 70 pounds. The distribution will cost twice as much as the distribution on the paper coordinate card. But in the end, these costs are in all probability lower than attending a client at a desk for changing restraints. On an overall productivity level, this will mean a displaced of productivity that exceeds the costs of the token plus the interaction with the banking agent. Internet is supposed to make daily life flexible and faster; in both cases the Spanish circumstances is lagging behind.