Turn Left - A weblog by InetSolution

Subscribe to our feed

Tough Security vs. Good Usability on Chase Bank Website

By Jason Sherrill
Posted on Jan 4, 2008

Comments (0)

Last week I got a new computer (IBM ThinkPad T60p), which means I retired my old ThinkPad T41. Today is the first time that I've tried to logon to my Chase online account to pay my credit card bill, which is due today. I've never had a problem logging on, but today the Chase online banking site has recognized that my computer fingerprint has changed. The hair-pulling experience I'm in the middle of right now has reminded me that it's a fine line we as software developers walk between creating tough-to-crack security while continuing to make sure our software is user friendly.

Since my computer fingerprint has changed, the Chase site requires that I enter an activation code before I can access my account. I have two choices for receiving this activation code:

  1. Receive via text message
  2. Receive via email

Text message delivery would be ideal, except that the phone number they have on file is my home phone, which does not support text messages, so instead I chose email delivery.

The site said to wait for two minutes to receive my emailed activation code. No problem, I've got work to do. It's been 10 minutes, but still no email. I just checked my spam folders - nothing. So now I'm using the "Resend activation code" option on the activation code request page. I've just waited another 15 minutes, but still no email.

chase-waiting.png

It's been another 12 minutes, but still no email. I'm getting frustrated because I just want to pay my bill and get on with my day.

I just checked again (4 minutes later), but still no activation code in my email.

I'm calling the Chase Internet Service Center now. I'm punching my way through the phone maze, 2, 3, 1...ugh.

Finally, the call center rep gives me an activation code to use. Now I can pay my bill.

Security and usability do not have to be mutually exclusive

Since we create banking websites and applications for a living, I naturally appreciate strong web security. But I believe it's also important that we make sure that our security doesn't create hurdles so high that our customers will abandon the web service channels in favorite of the telephone, in-person or other means of doing business with their banks and credit unions.

So when evaluating your planned security upgrades, such as multi-factor or risk-based authentication, make sure that you not only test them for security, but also spend some time assessing the usability of your methods.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Who is InetSolution?

Jason - Project Director
Justin - Lead Architect & ASP.Net Developer
Donovan - Creative Director
Mac - ASP.Net Programmer
Larry - ASP Programmer/Requirements Guru
Mosh - ASP.Net Programmer
Paul - Software Architect & DBA
Jay - Weekend & Holidays Sys Admin
Karen - Business Development & Client Care

Our Services

Web Design/Development
We practice a user-centered development philosophy. We work with clients who place their customer's needs first. We need to know who will use your site and why.
Secure File Exchange
Turn your website into a state-of-the-art file exchange system, requiring only a web browser, username and a password.
eCommerce Web Development
We have experience, know-how and superior customer support to ensure that your store is profitable and that your investment with InetSolution earns a high return.
Disaster Recovery Hosting
We provide fully-managed SQL server database hosting for companies seeking a warm disaster recovery site.
Looking for more?

Browse our archives

By Date

Complete archive

Category Archives

Complete archive

About InetSolution

We make business websites profitable. We do it with usable design, solid programming and unique, methodical marketing.