Don't you know who I am?!

Interesting post. I actually believe the Facebook login API is more secure than any bank login.  I would rather rely on the development of a login from one of the most talented technology businesses in the world than a bank. When I travel overseas and try to log into Facebook, it recognises that this might be dodgy and in some cases even blocks access.  Most banks could only dream of doing this. 

Seriously? A quick round robin here (UK) produced about a third had had their facebook hacked, but not one their online bank accounts - and most people had more than one bank's account.

Great blog. Almost a rant, but with a purpose.  I also counted 4 direct quotes, unless they were there for artistic licence.  No organisation wants to trust identification to a third party which is why we all have so many passwords.  But Utility Bills are third party orgs, and they are no longer government ones either.  If you were to choose a third party to validate address - why not the Post Office.  Surely these days they could almost digitally know every name at every address for the past 5 years?  If they can scan post codes on every letter, why not the name.  Link it with some agreements with Billing organisations like your utilities, and it would be a great Trusted Third Party.

You would be surprised how many online banking accounts get hacked. That is why there is a multi-billion dollar industry around reducing it. UK bank fraud losses continue to rise so whatever they are doing now isn’t working.

The other interesting component is the number of people who contact the bank due to a forgotten passcode incident. This costs money and is frustrating for the user. Most banks have in excess of 50,000 requests a month. Re-setting a passcode is also one of the more prevalent ways for a fraudster to hack an account. It’s a vicious cycle.

I would not propose a Facebook login as the sole means of authentication. Just as a part of it. It should obviously be combined with some other factors.  I think it is worth going for and will be interesting to see how Movenbank go with it in the US.

Just a couple of thoughts.  What about those of us who care not a jot about Facebook or Paypal and can live happily without them?  Will we be forced to join these schemes?  Not likely.  I'd sooner revert to branch banking.   Now there's a thought, face to face banking with someone you know and trust.  Or isn't that the 21st century way of doing things?

That assumes you 'trust' your bank, which increasingly these days people do not.  And that's not just populist anti-bank sentiment - its based on getting screwed over by 'faceless' bank organisations who do not want, and think they cannot afford, for you to talk to real people.

Thanks for these reflections Liz. Just for clarification, the Chatham House rule is that you can say what as said, but not who said it. It's perfectly OK to say that someone said "X Y Z" at the meeting.

Look forward to seeing you at the final meeting in the series which will be on February 21st.

Perhaps it's just UK banks?

Personally I've never had a problem is opening accounts in Germany, France or Switzerland a couple of weeks after arriving.

Someone else posted about using Facebook for authentication with the aim of doing online banking.  Interesting post, and interesting comments.

Personally I would not 'trust' Facebook, and in any case I do not have a FB login...

Wow, look at all the comments! I guess I was right, this topic can stir up a pasionate response. 

To be clear I not specifcally arguing *for* social sign in. But it instead it seems strange that so many within the banking world (OK, it may be UK only) who freak out when someone says 'Facebook sign in'. Especially since, 'produce two envolopes with someone's name and address' was a perfectly acceptable (and not very efficient for people in my sitiuation) form of identification. 

I've also never heard anyone in the 'pro-social sign in camp' argue that signing in to a bank via a third party site should be the only form of identification required. No one is arguing that.

And thanks Dave B for the clarification. Yes, I can use quotes from the CSFI/Visa Europe roundtable-I just can't attribute them to a specific person. See you on the 21st!  

The point is that you can get a facebook identity with no requirements for any proof of ID at all. Using that to prove or log into anything is akin to writing on a piece of paper "my name is John Fraud at xxx address" and expecting the bank to accept it. With utility bills, you have actually to pay something to set them up, and this will be checked by the utility company who will know if an address is already using the utility - a disincentive for fraud - especially if you have to set up two of them.

Great blog Elizabeth, and yes a lively CSFI Round Table- and in its own way definitely about "Innovation". Hopefully in the final RT we can move the debate on from the pure Identity /Utiltiy Bills aspects blah blah blah (which can get quite torrid) toward some real world liability aspects- and maybe focus a bit on the corporate/business/public sector aspects of assurance- specifically what happens when it all goes wrong, what if one relies upon a credential which it turns out was wrongly issued, it was bogus,it had expired or been revoked- where does the buck stop, how is liability managed ? If we can crack the interplay between the technical and legal, the operational and the "policy" dimensions of trusted electronic credentials, then (albeit maybe with some kickin'and screamin' from a few quarters), we can actually make progress along the road.

Following up on the commentator who would be happy to go to his bank branch - I'm afraid that doesn't work in the 21st century - the staff in my branch change so often that they have no idea who I am. So when I go into my own branch to do something other than pay money in I still have to produce identification - passport or driving license, or - in the absence of those - the inevitable utility bill.

Is this just because the UK doesn't require identity cards? Do those European countries with ID cards (Germany, Portugal for example) avoid this problem?