Everything is an Emergency
Much like the Turkish police who drive around with their flashing lights and sometimes sirens on all the time (the cars are equipped with a loudspeaker that they talk through when it’s actually an emergency), Fidelity’s MySmart cash management features include an ingenious little “alerts” system.
They treat this like they just invented select-a-size sliced bread, but of course it’s the exact same thing all the other banks are doing. Except that there is no way to clear the alerts. So, every time you log in you get a big exclamation mark, par exemple:
Something like that says to me “you’re overdrawn” or “identity theft.” In fact, that just tells me that I’ve had deposits into the account on September 22 and 30.
If you make a steady income, this means you will never not have alerts. Meaning if there were to be a real cash emergency, I wouldn’t even pay attention because the actual alerts are listed at the bottom of the page just above the copyright and disclaimers.
Your ATM transactions are also marked CASH ADVANCE, which caused me to excrete a very large chunk of masonry (we miss you, Kurt Vonnegut) as I looked to see if I had just turned a debit card into a very costly credit card. Nope, that’s just how it’s written (according to a SlickDeals.net bulletin board posting, at least).
Of course, I can turn them off, so then I don’t get an e-mail when I get my paycheck. Which is such a serendipitous event at this point I kind of prefer the heartwarming reminder that something works.
I can actually say that my Turkish banking experience is rock solid compared to this mess between Europe and the US. The three factor authentication is a little nutty:
You type in your username and password. But wait, you aren’t allowed to type your password because of the risk of keystroke logging. So you on-screen-keyboard in your password on a scrambled-order keyboard (even the number pad is out of order so people can’t look over your shoulder and see the pattern).
There is an even more secure option that types the keys into the password blank when you hover over a letter long enough, as this would prevent mouse-logging to some extent, I think. You can also name the keyboard and attach a picture to it, which is basically a SiteKey a la Bank of America.
Once you’ve gotten past the easy part, you’re taken to a page with another password entry. You get out your celly and open up the special application that was loaded when you registered for the bank. It then requests a PIN on your phone, which is different from your on-screen-keyboard password. You key that into the cell and are issued a one-time PIN code that you then hand-transfer to the blank on the screen.
If you get past that bad boy, you’re actually in your account. I’m not making this up. I get a bit of an exciting secret agent vibe when I log in.
Surprisingly given all this, your user ID must be your bank user number. This is a long enough number that I have to get out my ATM card and copy from the card when I type my user name. This means I’m exposing my 16 digit Visa card code and accompanying name and expiration to anyone around, which would probably be more useful than a lot of this information I’m obscuring.