My Dexia Not-So-Direct Net

Today I received a package through snailmail about a new version of the ebanking application of Dexia … quickly I opened it, tried it, and … was very disappointed!

// RANT ON!

The good old Net Banking

Before “Dexia Direct Net” there was “Net banking”. A Java applet by which the client could do all his bank-stuff. It was a Java applet that ran in the browser and by using a floppy with some userdata on (it could be saved on the hard disk too) and a very big password (uppercase and lowercase and numbers were required) one could do it all from a handy interface as seen below (not my screenshot though since I can’t launch it anymore after the install of Dexia Direct Net)

Net banking

The interface itself was straightforward and only the first menu item “Uw Rekeningen” (“Your accounts”) was actually needed to wire some money, view the status of your accounts, etc. By clicking it, one could see a nice overview of all his accounts underneath eachother grouped by regular accounts and saving accounts. Next to each account there were some icons to quickly wire some money, view the history, etc.

Whilst viewing the history, one could easily click the wire some money button, enter the amount and the recepient and confirm it by again typing in the password. One could also set up many transfers at once (even from different accounts) and cofirm them all at once. Usability was top-notch : straight forward interface which let the user do what he wanted to do, when he wanted to do it.

Newer isn’t always better!

Now, as mentionned before I got this package from Dexia today. The box contained a letter guiding it all and a Digipass 810 as seen below. The actual thing differs a bit from the screenshot, and Dexia calls it the “Dexia Card Reader”.

Digipass 810 - Dexia Card Reader

The Card Reader itself works on a challenge response system: enter your card, type in the challenge code as seen on the netbanking startup screen, enter your pin and you’ll get a response code in return which you have to enter in the Dexia Direct Net interface. Quite secure indeed, but not that handy because:

  • Everytime you launch DDN, you have to find your wallet, pull out the correct card (I myself have 4 cards), insert it in the thing, go to the DDN interface, type in the 8 digit challenge code, type in your PIN code (4 digits) and then type over the 8 digit code into the DDN interface
  • Everytime I want to confirm a transfer of money, I have to do that all again

Now, this is not user friendly at all!

  • What if I left my wallet in the car (as I usually do)?
  • What if my card is scratched and I urgently have to wire some money?
  • What if the batteries of the darn thing are dead?
  • What if I have big fingers and can’t type in the challenge code on it?
  • Why are there an INFO and M2 button on it, if I have to press M1 all the time to start it up?

Other than that I can think of some more scenarios and questions:

  • My parents have an account which they share. My dad booted up the DDN thing on his PC, but my mum cannot access the account because she has a card for that account herself (different card number). How can she now access the account without using my dad his card?
  • Speaking of my mom who can only e-mail and use net banking : will she ever understand how to do this all herself? Very steep learning curve imo!
  • If the whole login procedure is based on the card and card number, why can I access all my accounts by entering only one card? (though I don’t want that to change, but I wonder why)
  • What if somebody copies my card? Yes, he’d still have to know my PIN, but what if someone cracks open the card reader and isolated the PIN verification thing … can’t he than do a reversal of that and create a pincracker? Keygenerators for programs are created like that, so it is possible. And given that the PIN only ranges from 0000 to 9999 it can be done real quick by bruteforcing…
  • How is this an improvement to the old system where you had a floppy and a secret code? Now you only have your PIN which is really secret…

Interface in my face…

Now, enough ranting on the card reader thing, let’s crack down the user interface itself a bit πŸ˜›

The first screen on gets to see is the loginscreen, where you have to do that thing with that challenge code. Luckely for the user, the card number itself (underneath the example card) is saved so that one does not have to enter that. Something that immediately jumps in is the color palette … hope it gets better after this screen…

DDN : Login

So I do the whole procedure and after 2 tries I’m finally in and … oh my, that ain’t better … and look at that crappy transfer icon! Other than that : were is my savings account? Can’t I access that one?
(And yes, I did actually change the account numbers and amounts in that pic).

DDN : Logged in

When clicking on an account number (063-…) one goes to the history part for that account. The left menu folds open and highlights that one is located there. In that left menu one can also see the option to wire some money on the same level of the history item. When clicking that, DDN seems to forget which account you were checking and you have to manually select your account again. The interface to wire some money doens’t look appealing to me … mainly again the colors, the icons and buttons.

DDN : Wire some money

However, it ain’t all bad : take the structured comment whilst wiring some money for example. In the old netbanking you had 3 fields to each hold a part of it’s form xxx/xxxx/xxxxx. Whenever a field reached its number of required characters, it would jump to the next field : handy indeed. Now one can still do the same. Thanks to some javascript it will automatically add the slashed and even color the comment red when it’s not correct (some modulo calculations are used for that).

Yet still, I find the interface confusing. I found myself clicking around way too much to actually do something.
Anywho, enough ranting since I’ve actually merely touched DDN. Though, first impressions are hard to erase out of the memory.

Hoping that Dexia does something about the ugly UI and the complicated loginprocedure.

// RANT OFF!

B!

Published by Bramus!

Bramus is a Freelance Web Developer from Belgium. From the moment he discovered view-source at the age of 14 (way back in 1997), he fell in love with the web and has been tinkering with it ever since (more …)

Join the Conversation

11 Comments

  1. wow. when i saw that cardreader i thought: what a crap. seems that all banks are stepping back from the floppy/password thing- i hear that all the time.

    i recently switched from one bank to another and never used web banking before, but the hypo vereinsbank made it fairly simple for me when they gave me the contract papers. i go to their website, enter my directbanking accountnumber, my directbanking password (not my bankacount number and card-pin) and i am in. thats all i have to do as long as i only want to check my balance. if i want to wire some money or set up scheduled wireing (i.e. monthly rent or quarterly insurance payments) i have to enter a special code called TAN. you get 100 TAN numbers at once in an envelope. if they are used up, you can order them online at their web banking interface, but you have to go to the bank to pick. thats ok. concidering how many transactions i do (paypal is your friend: most of my web-orders go thru them), i only have to do that once every few month.

    hope you can work it out to use the old system again πŸ™‚

  2. Yeah!
    we also got the new Ò€œDexia Direct NetÒ€ thingy a couple of weeks ago. Still haven’t figured it out completely… πŸ˜›

    @manual: Thanks for the props on my alfa7 simpla mod. Much appreciated! πŸ˜‰

  3. What if I left my wallet in the car (as I usually do)?
    -> that’s stupid & every bank will tell you so! You won’t get any compensation if your wallet + cards get stolen this way…
    What if my card is scratched and I urgently have to wire some money?
    -> use one of your 3 other cards
    What if the batteries of the darn thing are dead?
    -> unlikely, they’re good for 10 years or so
    What if I have big fingers and canÒ€ℒt type in the challenge code on it?
    -> then you have really BIG fingers and would not be able to use a cellphone, a TV remote control, …
    Why are there an INFO and M2 button on it, if I have to press M1 all the time to start it up?
    -> try them: with INFO you can see details about your use of Proton f.i.

  4. What if I left my wallet in the car (as I usually do)?

    -> that’s stupid & every bank will tell you so! You won’t get any compensation if your wallet + cards get stolen this way…

    Not that stupid imo … didn’t know one won’t get compensated in this situation. Tnx for mentionning.

    Yet still, I don’t find it very usable that one always has to get his card when logging in, and confirming some stuff.

    What if my card is scratched and I urgently have to wire some money?

    -> use one of your 3 other cards

    I can’t. The DDN system is cardbased (every card has a unique number). Otherwise I would have bypassed the whole “get your card from your wallet”-part by:

    -going to the bank and stating that I’ve lost my card (of course I wouldn’t have)
    – get a new card from Dexia and use that as my main card to use at the ATM’s.
    – leave my “lost” card at home, near my PC to use with DDN.

    This won’t work (I think) since DDN will most likely know that “that card has been reported stolen, and the user has a new card”. (At least that’s I hope they implemented this aspect of security).

    What if the batteries of the darn thing are dead?

    -> unlikely, they’re good for 10 years or so

    Read that at the Dexia site indeed. Better should have updated my post to rule that one out.

    On the other hand, “what if the thing goes dead/missing”. Read on the Dexia site that one has to pay 25 Euro to replace the existing one. Yes, I do understand the nice gesture of giving the cardreaders out for free at the start, yet 25 euro is a lot of money to get one replaced.

    But then on the otherhand I understand why … not everybody is honest.

    What if I have big fingers and can’t type in the challenge code on it?

    -> then you have really BIG fingers and would not be able to use a cellphone, a TV remote control, …

    I was only kidding about that one, actually I was referring to an ep “The Simpsons” named “King-Size Homer” where Homer dials a number and gets a “The fingers you have used to dial are too fat“-error πŸ˜€

    Yes, I’m a geek.

    Why are there an INFO and M2 button on it, if I have to press M1 all the time to start it up?

    -> try them: with INFO you can see details about your use of Proton f.i.

    Don’t use Proton. No seriously, mostly one would use it for DDN, so it would have been handy that it automatically goes to the "enter challenge code" – part, and that one then can press INFO if he needs to view his Proton info.

  5. Bram, you’re a dickhead. When I got my card reader (for free indeed!) I tried it immediately. I was surprised beyond belief. See, I just bought a new computer and this one hasn’t got an old floppy disk. Only problem was my old personal key was in fact on… a floppy disk. So I was happy with this (again – free) gift. You only have to type in a few numbers and there you go. I don’t know how old you are exactly but the interface wouldn’t fool noone. The fact you can do it on any computer, only adds to the pros in my mind.

  6. Dickhead or not, one is able to save his personal key on the hard disk instead of that floppy. Heck, don’t even have a fdd since Windows2000 got released. So that’s no real problem …

    On the interface aspect: it still could be way more better. Some handy clicks have disappeared. For example: you’re looking at the history of your account. When you then want to enter a new wiretransfer you still have to select your account from the dropdown, although you were just looking that the account!

    When looking at the interface on a design aspect … well … it’s ugly.

    Above that the HTML and Javascript could improve in many ways (I’m a webdeveloper, so I do look at sourcecodes of sites): XHTML, div-based, css, JavaScript Literal Notation, …

  7. Hmm! I have been using a card reader access to my account down here in Slovenia for a lot longer and certainly find it helpful to be able to access my account from any computer as I travel a lot for business and do not always have my own computer to hand.
    While I did find it slightly easier to use the old system, I am getting used to the new one with its slight differences. And I discovered that the card reader issued by Dexia also works with my Axa card for access to that account! But at least Dexia works with Mozilla, which Axa doesn’t, and as I find that most internet points work with Mozilla, that is a limiting factor with Axa. So if you really want something to gripe about, get an Axa account. You won’t be able to see what is happening on your credit card then either……

  8. to Kristof: ways enough to transport that little file to your new computer: usb-stick, cd, dvd, e-mail, ftp,…

    I really dont like the new system of dexia: very user unfriendly…

    I would like to know how much security problems they had with the old system and if they have less now, cause this would be the only good reason for this step back.

  9. Hi man,

    just was gonna post some post from tweakers.net (got it from a colleague at work today) about some flaw that had happened but can’t find the link anymore (a search on tweakers.net doesn’t give any results).

    The flaw was that a user got access to someone else his account. Yet, it wasn’t a software error, but a human error where they tagged the wrong person to have access to the account.

    Yet still, this is a great issue … good thing it happens only once in a blue moon.

    B!

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.