Today, after almost a month waiting, I picked up the access details for our company account at Deutsche Bank, which would enable me to manage it through DB’s online banking. After one day of using this thing, I can conclude it’s the biggest [expletive deleted] -ever- in the history of online banking. One would be hard-pressed to think up a more unusable system. Let’s go through the chain of events:
1. Pick up the credentials from the branch, sign a few pages of contracts, receipts and whatnot. I am given a numbered code card, a piece of paper with instructions on accessing and using the system, two papers inside blacked-out ‘secure’ envelopes, and a normal envelope with more papers inside. They tell me I’m good to go.
2. Arrive home, and try the instructions. Load DB’s online banking site in Firefox. Actually, the page doesn’t even load. Try Safari – seems to load a login page. In theory, I must enter my username & password, which is given in one of the ‘secure’ envelopes, and change the password to a new one right away (the system will ask you to do this, it’s mandatory).
4. Load IE inside the VM, and point it to the login screen. This time, after entering my username, which instead of being something easy to remember such as name and surname, or my eight-digit national ID number, it happens to be something like firstname.lastname@example.org, I shit you not. After entering the new password, I am greeted with a red error message: “This user is not authorized”. WTF! Did I not sign all there was to sign at the bank? What else do they want to make this work??
5. Call the online banking hotline, where they tell me I have to fill in a small receipt I should have been given in an envelope, and take it to my branch, so they will then activate my login. I am almost shouting at this guy by now. He tells me this is how DB does things, and they are not going to change, because their system is oh soooo secure.
6. I scan and email the receipt to my branch, and they finally activate my login. I can now login and check transactions, the status of the account, and so on. But I cannot do any operations, such as a transfer.
7. The instructions tell me to insert a 1.44″ floppy disk (in what ***** century do these people live!?!) or a USB memory stick, and follow a convoluted process to generate a public key certificate that will be used to sign all operations. It’s not enough to have a login, password and PIN code card, apparently, I also have to carry around a USB stick and an XP machine if I happen to need to operate with the account.
8. The Java code fails miserably to detect the USB drive the first two tries. And yes, each try means closing IE totally, loading it again, logging in…you get the drift. Finally it manages to detect the drive, and a popup window that looks like it was designed in Windows 3.11 asks me to type randomly on the keyboard, which I do. Eventually, a progress bar reaches 100%, and a key file is written to the USB stick.
9. This should have been the end of it right? I now have a login, password, PIN code card, public key certificate, and a bucket full of hate towards DB’s engineering department. Wrong! There is one more step – I now need to print out the resulting screen, which shows my login, domain (?), the hex digits of the public key, and the hex digits of the hash, plus a signature field. Not a digital signature field, but a “physically sign below” field. The instructions below tell me I need to print this – yes, on actual paper – and fax it, or send it via snail mail to DB’s Corporate Clients Department. Here it is in all its glory (click for a full-size view):
This is as far as I’ve gone, I will update the post once I get past this latest barrier of entry. In comparison, La Caixa offers a very complete, fast and efficient online banking system, with an easy to remember login, and a PIN code card to sign any operations you have to do. They even have an minisite designed specifically for the iPhone, with Safari’s buttons and UI specs! It’s a joy to use on the iPhone. I think my first and only operation once I get this thing working will be to transfer every penny to our account in La Caixa, and kiss DB goodbye. I hope they grow out of 1995 soon…
Edit: cleaned up some of the language, it’s not my usual style, but I was so incensed I could not help it.