An open letter to financial institutions from Yuriy

Yuriy Mikitchenko

09 Jun 2017 -

5 min read

Yuriy Mikitchenko

09 Jun 2017

-

2 min read

To the bank, credit card company, and investment firm I work with: I trust you. I really do.

If I didn’t, I wouldn’t put my hard-earned money in your hands. While I’m not a Certified Financial Analyst, I am financially savvy, so I understand that we have a mutually beneficial relationship. From a high-level, banks use the money I deposit to sell loans and invest in other financial instruments. Credit card companies make money on interest charges, other fees, and transaction fees from merchants. The brokerage firm makes money through fees on my account. On the other hand, all I expect is that you are honest about your services, provide returns, and keep my money safe.

Here’s the key: If you can’t keep my money safe, nothing else matters (of course, there’s a level of risk with investment accounts, so let’s focus on the deposit factor here.) And on the internet, I am my own worst enemy when it comes to security, as are most users of online services. I log into at least one of my online financial accounts every day, and visit all of them at least once a week. With over 3 billion usernames and passwords floating around the internet, and the fact that most people reuse their simple passwords, how are you protecting my money by protecting me from me?

Please, tell me what I should do. If you know that over 80% of people reuse their passwords, how are you educating me and influencing my behavior? Yes, you keep your servers safe, have a high-level of security, you monitor IPs and devices, so you tell me that if there’s any fraudulent activity, my money will be protected, so I should chill out. Okay, great, thank you, but define fraudulent activity? If I lose $10,000 and you must “investigate” what happened, that hurts –I’m not broke, but I’m not a millionaire, so that amount of money is important. It is easy for someone to mimic me online and I’ll have no idea what’s going on until it’s too late. You will think it was me until we find a way to figure out what happened. And then you’ll indemnify my account.

Apple recently emailed their users stating that they are requiring two-factor authentication once the user upgrades to iOS 11 or macOS High Sierra. Apple has had its fair share of hacks, but they don’t (directly) manage my money. If Apple is requiring two-factor authentication, why aren’t my financial institutions at least encouraging it?

I set out to find out if my financial services firms even provide an option for 2FA. I didn’t have to check with my brokerage account, Wealthfront, because they had encouraged it from the start of enrollment, so I simply turned it on. My primary bank account and credit card company? Not even an option. I checked everywhere in my account settings and didn’t find anything.

On to Twitter. I asked both companies what their deal was with two-factor authentication and why they didn’t have it. My bank is working on it –great, I am looking forward to it. My credit card company told me to chill out. The same company that makes you fax documents when disputing a claim (I wish American Express was more accepted globally.) Getting into both accounts after I moved overseas only required an answer to one security question. Funny, my power company wouldn’t even let me access their site until I used VPN to get back into the US.

I’m not asking my financial institutions to buy a third-party solution for two-factor authentication. Large financial firms are risk-averse and aren’t keen on betting completely on third-party solutions. Fine. Build a 2FA API for your online services. You have the financial means to do it.

Lastly, two-factor authentication isn’t the end-all, be-all solution to online security. But it is a low-cost, high-impact solution, part of the entire security picture. So please, protect me from me and give me two-factor authentication.

What's SMS service quality?


Yuriy Mikitchenko

Head of Marketing

A transplant from the United States, Yuriy brings his marketing know-how to Messente. His background is in B2B marketing and sales, working with tech corporations and startups in the Portland, Ore. and Seattle, Wash. area. Now he's giving Estonia a fresh perspective on overall marketing.




We're here to help you connect with your customers. Let's start talking.

Email again:

Further reading

Have you met 1oT? Mobile data connectivity for IoT companies.

24 Apr 2018

Last week, Lauri wrote a good piece about keeping things real, because businesses have simple business models...

Yuriy Mikitchenko

2 min read

A note on keeping things real

17 Apr 2018

Over the years, I've had the good fortune of talking to and doing business with many entrepreneurs and...

Lauri Kinkar

2 min read

Next-generation Omnichannel API is well underway

10 Apr 2018

Over the last few months we’ve been setting the direction of our Omnichannel messaging API and our development...

Uku Loskit

2 min read

You're protected from the pitfalls of grey routes

03 Apr 2018

“Grey routes” is a loosely used term in the telecommunications industry. Frankly, the industry-specific meaning of grey routes...

Joosep Pintsaar

2 min read