Update 28 September 2012: This post was written before I started working for a bank (who I love dearly), and at least some views expressed in this post have changed since then (eg. case-insensitive passwords (and ASB isn’t the only bank that does this) are irrelevant when users are locked out after three incorrect login attempts–Facebook does something similar to this, accepting the actual password, the password with the first letter capitalized (to account for automatic capitalization on mobile devices), and the password with the case of letters reversed (to account for the caps lock key being on), and that a charge for a bank cheque is not so unreasonable in the context of a lot of bank cheques being for a large amount). Also some bank policies have changed since this post was published (eg. ASB no longer charges $2 for automatic payments added/amended online–progress!) There is, however, no way of getting around ASB’s $0.20 fee for a Netcode over-$500-transfer-authorization if you don’t have a token–it is charged even if you call the 0800 number and ask them to release the payment. Except for a note regarding the previous sentence, this post hasn’t been edited from the original form.
And useful (see: next day bank transfers).
I’m with ASB and they are great, however no one is perfect. Here’s some things that I hate about banks in New Zealand. Many of these problems are shared by the entire industry.
Tertiary accounts
Update: Here’s some clarity around ASB’s tertiary accounts.
Or the fact that ASB keeps trying to convert me to one even though I’m not allowed one.
Here’s mailer number one, received the week of my 17th birthday:
And mailer two, from today:
Irrelevant: check. Impersonal: check. You know how to make a guy feel special ASB. (Case in point: I’m not 18 so they couldn’t give me my own credit card even if they really really wanted to).
This is upsetting because I have a feeling tertiary accounts have less fees than youth accounts. At least, it isn’t emphasized that service fees apply to tertiary accounts like it is for youth accounts on ASB’s fee exemption page. Service fees apply for everyone, see comment from ASB below.
Stupid bank fees
ASB isn’t the only bank that charges stupid fees, but here are some examples of theirs:
- $2 to set up or amend an automatic payment or add a person you might want to transfer money to again (like the power company, or mum). Online. On the internet. Changing an entry in a database. By yourself.
- 20 cents for each time you use Netcode, ASB’s text verification service, which you can choose to happen on login. Google, who isn’t even in New Zealand doesn’t charge for this (see below). Probably get charged 20 cents again by your mobile service provider for receiving the text. Some sort of verification is required for some transactions that take you over a $500 daily transfer limit, or if you’re sending money overseas.
Alternatively, you can ring their call center to get transactions verified for free11@!! I wonder if the time of the person you speak to on the phone is worth less than 20 cents?See update at top of post–20 cents is charged even if you call the 0800 number. - Alternatively you can pay $12 a year for a physical Netcode token, which you’d need if you are regularly out of cellphone reception and probably if you travel overseas. RaboDirect provides these for free. BNZ provides the NetGuard card for free.
- 5 cents for each email alert. For the virtual stamp. Or the person who licks it. Or something.
- 20 cents for text alerts and text banking. I think they charge you when they receive a text banking message from you. Plus you probably get charged to send texts to them by your service provider. In contrast, Westpac provides a certain number of text alerts free per month as long as you log in to online banking that month.
- $5 for bank cheques. Plus because you probably have an “electronic” account, and if you’re not a youth/student, a fee of $3 because that’s a manual transaction.
Password policies
“Please note, your password must be eight characters long, and contain at least two letters (a-z) and at least two numbers (0-9). For example, redbus73 and 8cube224 are valid passwords.”
This is ASB’s. I assume other banks are as ridiculous. Would you like a nine character password? YOU CAN’T. MUST BE EIGHT.
Microsoft’s (now defunct) password checker says both of their examples are weak. ASB lets you use both of their examples as real passwords, because security.
@MothershipNZ and @FromAQuasar point out that ASB passwords aren’t case sensitive and also that some symbols aren’t allowed.
Stupid marketing policies
Here’s an entry form I picked up from BNZ’s tent at The Show:
Note the classy clause at the bottom: “By providing your details, you consent to use contacting you about our products, services and promotions, from time to time (including via text message without an unsubscribe facility).”
Once you’re in, they have you.
I guess if you rang them they’d remove you from their text messaging scheme, but really, why not let people unsubscribe via text using common keywords like stop, or unsubscribe?
Visa Debit cards
And their annual fees. $10 a year for having the card. National Bank got half of the memo and isn’t charging the annual fee if you have their Freedom account. But you have to be earning $30k+ a year and pumping it into that account. Anyway, I like the image they’re using in their ads for it (see top image).
Sure, debit cards are great if you are under 18 or don’t trust yourself with a credit card. But really, if you can, you should just get a credit card.
Banks (looking at you Westpac and BNZ) seem to love converting people to these debit cards, even if the person already has a credit card with the bank. I don’t understand. Family members have received Visa Debit cards in the mail from Westpac, even though they have a credit card with Westpac. If you already have a Visa or credit card, why would you want a Visa Debit?
It’s a bit of a have, because people naturally think this is their replacement EFTPOS card and start using it, probably not realizing that once they start using it they’re going to be charged an annual fee. If they’re lucky, maybe the fee will be waived for a year or two!
When you go into BNZ to request an EFTPOS card, the tellers like to order you in a Visa Debit card instead*, because, you know, they know best.
*May have happened just once.
Lack of security
That’s Google’s 2-step verification programme.
There’s a number of ways to use it. I have the Google Authenticator application on a couple of devices (it works without needing an internet connection), I can get a code sent to me by text (for free!!@@) if the application isn’t working, I can use the backup codes if I have to, and I can tell Google that it doesn’t need to ask me for a verification code on the computer I’m using for another 30 days if I trust it.
It works, it’s good, it’s free. And it’s not even protecting my money.
Side note: security has to actually be built-in by design and be compulsory for it to be useful. Kerry Thompson points out that security conscious people probably have limited use for 2-factor authentication systems, because they already take precautions. The people who aren’t security conscious are also the people who don’t think they need 2-factor authentication, they think they’ll be covered by the bank, or won’t use it because of the cost (hi ASB’s 20 cent per text charge).
See also: Google doesn’t have an eight character password policy and Google gives a detailed account of recent account activity (ASB shows the last time I logged in, but I rarely look at it, and out of context it’s kind of useless).
Gimmicky campaigns for savings
Read: ASB’s Save the Change and Westpac’s Impulse Saver iPhone application.
How about encouraging people to set up an automatic payment to a savings account every pay period and sign up for Kiwisaver?
Also, you would think an application that consists of one button would be easy to set up, but Westpac’s Impulse Saver requires you to apply to use it, and makes you wait for a callback from a customer service person.
Phone banking on mobiles
Westpac and BNZ seem to be the only two banks who try to ban calls from mobile phones to their phone banking numbers. It’s trivial to get around this with Westpac, just call their main 0800 number and press one to get to phone banking. On BNZ it seems like that works too, at least after their call center hours.
Visa and MasterCard undermining credit card PINs
Visa and MasterCard aren’t banks, but whatever.
McDonald’s, in association with Visa and MasterCard has the policy of not requiring a PIN or signature for credit card transactions under $35.
How they can guarantee security, I’m not sure, because they just took away the only security of a PIN or signature. I’m not sure why Visa and MasterCard don’t make this opt-in or opt-out.
Zero liability can’t apply if you don’t realize there’s a fraudulent charge on your statement, so good luck everyone.
Next day bank transfers
Or please stop relying on a cron job for transfers.
10 years after one-off payments were introduced, they still take up to the next business day to go through to accounts at other banks. I realize this might require some consultation with the People In Charge Of The Money, but can we please get rid of this? Thanks. Also, could we please do transfers on non-business days to accounts at other banks and get rid of the 10pm cut off for not-my-bank transfers?
Excellent.
After so many years with the silly Netcode charge of 25 cents (when it started so long ago)/20 cents, ASB finally removed it July this year https://www.asb.co.nz/personal/asb-notification-17.
They still charge for a token but hey at least you have an option for two factor authentication without having to pay unreasonable fees. I never really understood why ASB would want to effectively discourage their customers from doing something will protect them and therefore reduce costs for ASB. Yes, the fee may not have been large in the grand scheme of things but for many customers it’s the principle of the thing. I’m sure I wasn’t the only one who never even consider two factor authentication either for all logins or for all transfers (ASB allows you to adjust the Netcode limit) as long as it meant a silly fee instead opting to avoid Netcode as much as possible. With the ComCom mandated changes to the MTR SMS rate meaning it’s impossible to imagine ASB was paying more then 0.1c per SMS the charge got even more untenable (although I find it hard to imagine ASB was paying much more even before unless the NZ mobile scene is much worse then I thought or ASB was simply incompetent.) In fact, I was annoyed enough by the fee that last time I tried to activate my credit card I attempted to call ASB to avoid the Netcode fee. (Except I found out since I didn’t have a password set up I couldn’t do this, although they didn’t mention this in the set-up info, despite mentioning the requirement for Netcode. This suggests if your overseas and never set up a password and don’t have Netcode or access to your Netcode you could be SOL although I presume they will probably try to help in special cases like this.)
ASB may have been the first to do 2 factor authentication in NZ, but until July, I would say they weren’t doing it well, many banks had surpassed them by realising if you really want people to use 2 factor, don’t charge them for it.
BTW, the fee changes have also ended the email notification fee, text banking fee, and automatic and bill payment setup fees. Some other fees were increased but these perhaps aren’t completely unreasonable.
About the not requiring pins things, was wondering at first but after a small amount of investigation and thought I’ve never really seen it as a big deal, even for those who don’t inspect their statements (which I admit isn’t me). Given the small amounts and the places involved it’s hard to imagine it’s going to be a productive avenue for credit card skimmers or professionals. And remember because the cost of fraudulent or disputed transactions will likely largely fall on the stores involved, there’s a built in disincentive against any store which is such a target using the system. There is a small risk of in-store fraud (i.e. staff or members of the public using your card for purchases without you noticing while it’s out of your hand), but again there is an incentive to a store to prevent this. And I expect with most stores using this, the card isn’t generally going to be handled by staff anyway. That just slows things down which defeats one of the purposes of not requiring a pin. If you lose your credit card, even just temporarily but don’t check your statements carefully for the time it was missing, frankly it’s not surprising if you’re the victim of fraud.
So the biggest risk for fraudulent transactions coming from this would seem to be ‘relative’ or ‘flatmate’ fraud, i.e. where someone borrows your credit card without permission and uses it without you realising so you don’t have a reason to check your statement carefully.
The banking system is a lot more complicated than you think. I have just started studying finance and I tell you we’re actually very lucky we can transfer between banks overnight, it’s a very big process. There are many ins and outs which you are (and I was) unaware of. Just saying
Good point.
Though, no innovation would happen if the status quo wasn’t challenged.
I’ve lived in 4 countries now and having dealt with the various banking systems in each I can say this: nowhere is banking as simple as it should be.
The password situation is stupid. Westpac Australia enforce a 6 character password. That must be entered by clicking a virtual keyboard. My UK bank had an 8 character limit. The only bank that handled this well was RBC (Canada), where I had a 16 character password that only 1Password ever knew.
The fees. Oh the fees. And you don’t need to have a base monthly one to be hit by them. Due to a work fail I got hit with £35 so the bank could not pay my rent, and another £35 so they could pay my £35 phone bill. (work covered those, but still). Westpac.au don’t seem too bad in that regards, but I’ve not yet crossed them so maybe they are.
Visa Debit cards don’t seem to cost extra here, and all “eftpos” cards in the UK were either MasterCard’s (Maestro/Solo when I was there) or Visa Debit. Other than their use online I’m not sure what value proposition is. Mine stays at home (my visa can access my normal account at an ATM anyway).
As to the low-value-no-pin transactions – I actually appreciate that. Not wanting to check your statements is not a good reason to prevent that, there are much easier ways for someone to pretend to be your card (through e-commerce transactions or however they make fake cards these days).
Banking seems to be an industry where a new player could be really successful just by not being as sucky as the competition. I think Simple might be on the right track.
I use KeePass and wish that the banks would let me take full advantage of the generated passwords it offers. I think the purpose of low character limits is to try to stop people from writing down complicated passwords, but a 30 character password of letters is arguably secure and could be easy to memorize too.
My concern with the no PIN transactions is that I don’t think it’s been conveyed by Visa and Mastercard to their customers that this is a new service they’re offering merchants and that this is a good reason to start checking their statements if they aren’t already. I still think an opt-in/opt-out arrangement would be useful.
Hi Patrick and all,
Just check Kiwibank – no fees (even credit cards can be free of fees), variable complexity of passwords and 2-step authentication as well 😉 plus money transferred once per hour to other banks …
Hi Tramp
Thanks for your comment.
I think that most banks offer fee free accounts for everyday banking. Kiwibank’s MasterCard Zero is unique.
Kiwibank still has some interesting fees, like other banks, for things like text alerts, ATM balance enquiries, Visa Debit disputed transactions, Visa Debit transaction declines, bank cheques, copies of statements, abandoned accounts, to set up automatic payments, to skip scheduled payments and to set up direct debits.
Kiwibank transferring money in a few hours (I’ve heard 3-4 hours, but it also depends on the receiving bank) is a good start, but if I transferred money today (Saturday), it wouldn’t get there until Tuesday because it’s the weekend.
My fave BS charge has to be the ones for an AP that doesnt have enough in the account to go out.
They are charging you FOR DOING NOTHING. If I was to log into internet banking at the time and press bill payments and there was no money, it just doesnt happen, but when it is scheduled ahead of time either thru bill payments or an AP, they bill you.
And to make it worse, they dont tell you it failed, thats right, they charge you to not do something and not tell you that they didnt do it.
If you send an email and it fails, you get a report back, yet for money they seem to think that you dont need to know unless you go and check your statement online checking for those charges that occur when something doesnt happen.
Second thing that annoys me is the advertising that debit cards are a good thing because its your own money. Sorry, my money being at risk to the insecure visa/mastercard networks is a _BAD_ thing. its much better for me when it is the banks money at risk. Anyone in banking that claims that visa/mastercard is secure has clearly never had mysterious charges appear on their card, or it get automatically suspended at 8pm on a friday night when out in town and found that the only access to their money has been turned off by an automated system that no human can override till monday, and that the only solution is to get another embossed plastic token from the bank with all the details needed to charge to it printed on the front of it.
Credit cards are a security FAIL in every aspect. Why the hell would I want that same failure applied to my own money in my own account? No thanks banks.
Simple (the “online bank”) has a really excellent policy on fees:
“We believe that sort of business model creates an adversarial relationship between banks and their customers, since the bank benefits when customers make mistakes. That’s not right.”
And they’re exactly right.
Hi Matthew, thanks for taking the time to post this blog, ASB welcomes feedback and this is certainly comprehensive.
We are aware of the points you have raised regrading internet banking security and have a programme commenced to make changes in this area. Due to the nature of the changes and the complex backend systems involved, this takes some time so please bear with us. For added security at login, we encourage you to use Netcode SMS or token which provides 2 factor authentication. If cost is an issue for you, please talk to us about this. ASB was the first NZ bank to offer 2 factor authentication on internet banking and we take security very seriously. Prevention is only one aspect of security, detection is also very important. ASB has a team monitoring fraudulent transactions 24/7 and we have many testimonials from customers where we have detected fraud on their credit cards and called them to check the authenticity of the transaction.
Fees such as the ones you have identified above are reviewed regularly and feedback such as yours is taken into account – thank you for this, we will keep you posted of any changes.
To clarify the question regarding services fees – these apply to both youth and tertiary accounts as stated on our website “Service charges apply to all these exemption packages.” https://www.asb.co.nz/…/interest-rates…/fee-exemptions. We will see if we can make this more prominent on the page so it is clearer.
Our Save the Change service has been hugely popular, with over $18m saved since it was introduced. Here is a link to the feedback we have received, it speaks for itself really https://www.asb.co.nz/…/let-us-know-what-you-think-of….
And lastly you are probably aware that ASB to ASB payments are realtime, 7 days per week, and calls to our Contact Centre and Fastphone banking service are free from mobile phones.
Thanks again for providing your feedback. Also we would like to thank you for your support during #eqnz where you helped by tweeting the ASB Red Cross NZ donation account that had been set up to help those impacted by the Christchurch earthquake.
Kind regards
Simone McCallum
Head of Internet Community.
ASB Bank
http://www.twitter.com/asbbank
How do I get a Netcode token? I couldn’t find any info on your site. It would like to have one of those for sign on, because my Facebook password is significantly more complex than my 8 character ASB Fastnet login.
Hi Harrison Gulliver, to register for Netcode, give us a call on 0800 327 863 and we will post a token out to you. More information about Netcode is on our website here: https://www.asb.co.nz/story993.aspx#netcode. Thanks.
Thanks for your comment Simone.
Just to further explain my problem with Save the Change: I know lots of people love it, but I’m not convinced that the amount being saved per person is significant enough to be that person’s sole savings strategy, and I’m guessing a lot of people think that because they are saving /something/ with Save the Change (which is better than saving nothing), that’s all they need to do. A lot of people should be saving 5-10% of their income, and I don’t see that happening for most people who are just using Save the Change.
Hi Matthew, I’m the Online Community Manager at the BNZ. Firstly this is a really well written and thoughtful piece. Secondly, I will put this in front of a few people on Monday. At the very least you deserve to know it’s been read by us, given you took the time to express your thoughts so articulately. If there’s anything we can come back to you on by way of clarification, explanation or making changes, we will. Thanks, Anna.
Thanks for your comment Anna.
Westpac Charge you $2 to defer a payment for unto 4 weeks. Pretty rude IMO.