Jasa Web Design

Deutsche Bank, possibly the worst online banking system ever

Today, after almost a month waiting, I picked up the access details for our company account at Deutsche Bank, which would enable me to manage it through DB’s online banking. After one day of using this thing, I can conclude it’s the biggest [expletive deleted] -ever- in the history of online banking. One would be hard-pressed to think up a more unusable system. Let’s go through the chain of events:

1. Pick up the credentials from the branch, sign a few pages of contracts, receipts and whatnot. I am given a numbered code card, a piece of paper with instructions on accessing and using the system, two papers inside blacked-out ‘secure’ envelopes, and a normal envelope with more papers inside. They tell me I’m good to go.

2. Arrive home, and try the instructions. Load DB’s online banking site in Firefox. Actually, the page doesn’t even load. Try Safari – seems to load a login page. In theory, I must enter my username & password, which is given in one of the ‘secure’ envelopes, and change the password to a new one right away (the system will ask you to do this, it’s mandatory).

3. Safari doesn’t load past the login screen. It seems the system only works with IE7 in Windows XP, thanks to a convoluted set of Java and Javascript, which totally doesn’t work on any other browser (not even IE on the Mac). This means I have to use an XP VM to use this crap.

4. Load IE inside the VM, and point it to the login screen. This time, after entering my username, which instead of being something easy to remember such as name and surname, or my eight-digit national ID number, it happens to be something like a.bbbbbb@cccccccccccc.dddddddd.eu, I shit you not. After entering the new password, I am greeted with a red error message: “This user is not authorized”. WTF! Did I not sign all there was to sign at the bank? What else do they want to make this work??

5. Call the online banking hotline, where they tell me I have to fill in a small receipt I should have been given in an envelope, and take it to my branch, so they will then activate my login. I am almost shouting at this guy by now. He tells me this is how DB does things, and they are not going to change, because their system is oh soooo secure.

6. I scan and email the receipt to my branch, and they finally activate my login. I can now login and check transactions, the status of the account, and so on. But I cannot do any operations, such as a transfer.

7. The instructions tell me to insert a 1.44″ floppy disk (in what ***** century do these people live!?!) or a USB memory stick, and follow a convoluted process to generate a public key certificate that will be used to sign all operations. It’s not enough to have a login, password and PIN code card, apparently, I also have to carry around a USB stick and an XP machine if I happen to need to operate with the account.

8. The Java code fails miserably to detect the USB drive the first two tries. And yes, each try means closing IE totally, loading it again, logging in…you get the drift. Finally it manages to detect the drive, and a popup window that looks like it was designed in Windows 3.11 asks me to type randomly on the keyboard, which I do. Eventually, a progress bar reaches 100%, and a key file is written to the USB stick.

9. This should have been the end of it right? I now have a login, password, PIN code card, public key certificate, and a bucket full of hate towards DB’s engineering department. Wrong! There is one more step – I now need to print out the resulting screen, which shows my login, domain (?), the hex digits of the public key, and the hex digits of the hash, plus a signature field. Not a digital signature field, but a “physically sign below” field. The instructions below tell me I need to print this – yes, on actual paper – and fax it, or send it via snail mail to DB’s Corporate Clients Department. Here it is in all its glory (click for a full-size view):

This is as far as I’ve gone, I will update the post once I get past this latest barrier of entry. In comparison, La Caixa offers a very complete, fast and efficient online banking system, with an easy to remember login, and a PIN code card to sign any operations you have to do. They even have an minisite designed specifically for the iPhone, with Safari’s buttons and UI specs! It’s a joy to use on the iPhone. I think my first and only operation once I get this thing working will be to transfer every penny to our account in La Caixa, and kiss DB goodbye. I hope they grow out of 1995 soon…

Edit: cleaned up some of the language, it’s not my usual style, but I was so incensed I could not help it.

4 Responses to “Deutsche Bank, possibly the worst online banking system ever”

  1. VoltageX January 28, 2009 at 07:41 #

    I guess it’s better than one of the banks here, which just added date of birth verification and a CAPTCHA as additional security…

  2. Vidooshak February 27, 2009 at 23:22 #

    Read this after Part 2. LOL @ the gigantic IQ of the DB personnel that found this post, flagged it as a PR concern and despite the detailed and clear description of the problems, concluded that the BRANCH MANAGER was to blame!!! ROFLMAO

    I am sure the IT vendor is just the VP IT in disguise. There’s no other way to explain this *****. Hehehehehe

  3. Maria Sipka November 8, 2011 at 04:40 #

    I can confirm that they have not resolved this issue 2.5 years later and I feel exactly how you feel! It’s now almost the end of 2011 and have to use a dinosaur PC to access their online banking service. Argh!!!


  1. Deutsche Bank part 2: blame the branch manager - February 4, 2009

    […] Comments Nate on Free WiFi at Fresh&Ready restaurants in BarcelonaVoltageX on Deutsche Bank, possibly the worst online banking system everGATEs on Skype phising attacks, beware of links from your contactsAdrienne A on Boingo abandons own […]

Leave a Reply:

Gravatar Image

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>