Skip to main content
No. of Recommendations: 1
Pros:
1) It is an interactive system. FirstIB informs its customers that they are about to be logged out due to inactivity. Customers can then "interact" with the system to continue online session OR ignore the warning and get logged out.

2) It allows customers to choose timeout period for the non-Bill Pay part of the web site up-to 60 min. 1hour of inactivity is more than enough to find most information that might be necessary to continue online banking session (for example, to find a statement or a bill).

Cons:
1) FirstIB has actually two timeout systems: one for CheckFree Bill Pay and the second one for the rest of the web interface. It absolutely does not make sense to create two systems instead of one. It is just simply a result of poor integration among FirstIB, Digital Insight and CheckFree. Two timeout systems just create unnecessary confusion and inconvenience.

2) There is no way to adjust timeout period for CheckFree Bill Pay. You are allowed to have 15 min of inactivity. While 15 min timeout period is not the worst that can happen to you in Online Banking, CheckFree should give customers freedom to set-up inactivity time up-to 60 min like Digital Insight does.

3) When you set-up timeout period in User Options, FirstIB does NOT inform you that

a) there is the second timeout system for CheckFree Bill Pay different from the timeout system you are adjusting

b) the timeout period you set does not affect Bill Pay timeout period

c) timeout period for Bill Pay is 15 min.

FirstIB also does not cover this issue in its FAQs.
----------------------------------
See also poll "What should FirstIB do to make its timeout system better?" at
http://www.ibankdesign.com/forum/viewtopic.php?t=23
and corresponding discussion at the MSN board at:
http://groups.msn.com/OnlineBanking/fibiboard.msnw?action=get_message&mview=1&ID_Message=7054

Print the post Back To Top
No. of Recommendations: 0
It absolutely does not make sense to create two systems instead of one.

As long as companies contract out portions of their website and not the whole thing, there will be two systems. Integrating two dissimilar systems is very hard -- how do you securely communicate information between them?

CheckFree should give customers freedom to set-up inactivity time up-to 60 min like Digital Insight does.
A longer inactivity time means more chance for risk. Checkfree guarantees against unauthorized transactions. The longer the inactivity allowed, the greater chance that a miscreant will be able to game the system and suck money out of Checkfree. They've decided the balance between customer convenience and risk minimization is 15 minutes.
Print the post Back To Top
No. of Recommendations: 0
Integrating two dissimilar systems is very hard -- how do you securely communicate information between them?
-----------------------------------------------------------
You send information about timeout period along with username and password info from FirstIB to CheckFree when a FirstIB customers clicks on Bill Pay link. Then, a script on CheckFree web site takes FirstIB info about timeout period and changes timeout period of CheckFree web site for particular customer. I do not see how this would make comminication between FirstIB and CheckFree web sites less secure.


A longer inactivity time means more chance for risk. Checkfree guarantees against unauthorized transactions.
----------------------------------------------------------------

I can come up with only one situation when the longer inactivity time means less security; it is when a customer logs into CheckFree web site from a public computer and does not log out after finishing online bill payment session. It is the customer, not CheckFree, responsibility to logout. It is the customer, not CheckFree, decision to make inactivity time long. If somebody takes advantage of such situation, why should CheckFree be responsible for the fraudulent activity?
Print the post Back To Top