Messente avatar logo

An open letter to financial institutions from Yuriy

- 5 MIN READ - 09 Jun 2017

To the bank, credit card company, and investment firm I work with: I trust you. I really do.

If I didn’t, I wouldn’t put my hard-earned money in your hands. While I’m not a Certified Financial Analyst, I am financially savvy, so I understand that we have a mutually beneficial relationship. From a high-level, banks use the money I deposit to sell loans and invest in other financial instruments. Credit card companies make money on interest charges, other fees, and transaction fees from merchants. The brokerage firm makes money through fees on my account. On the other hand, all I expect is that you are honest about your services, provide returns, and keep my money safe.

Here’s the key: If you can’t keep my money safe, nothing else matters (of course, there’s a level of risk with investment accounts, so let’s focus on the deposit factor here.) And on the internet, I am my own worst enemy when it comes to security, as are most users of online services. I log into at least one of my online financial accounts every day, and visit all of them at least once a week. With over 3 billion usernames and passwords floating around the internet, and the fact that most people reuse their simple passwords, how are you protecting my money by protecting me from me?

Please, tell me what I should do. If you know that over 80% of people reuse their passwords, how are you educating me and influencing my behavior? Yes, you keep your servers safe, have a high-level of security, you monitor IPs and devices, so you tell me that if there’s any fraudulent activity, my money will be protected, so I should chill out. Okay, great, thank you, but define fraudulent activity? If I lose $10,000 and you must “investigate” what happened, that hurts –I’m not broke, but I’m not a millionaire, so that amount of money is important. It is easy for someone to mimic me online and I’ll have no idea what’s going on until it’s too late. You will think it was me until we find a way to figure out what happened. And then you’ll indemnify my account.

Apple recently emailed their users stating that they are requiring two-factor authentication once the user upgrades to iOS 11 or macOS High Sierra. Apple has had its fair share of hacks, but they don’t (directly) manage my money. If Apple is requiring two-factor authentication, why aren’t my financial institutions at least encouraging it?

I set out to find out if my financial services firms even provide an option for 2FA. I didn’t have to check with my brokerage account, Wealthfront, because they had encouraged it from the start of enrollment, so I simply turned it on. My primary bank account and credit card company? Not even an option. I checked everywhere in my account settings and didn’t find anything.

On to Twitter. I asked both companies what their deal was with two-factor authentication and why they didn’t have it. My bank is working on it –great, I am looking forward to it. My credit card company told me to chill out. The same company that makes you fax documents when disputing a claim (I wish American Express was more accepted globally.) Getting into both accounts after I moved overseas only required an answer to one security question. Funny, my power company wouldn’t even let me access their site until I used VPN to get back into the US.

I’m not asking my financial institutions to buy a third-party solution for two-factor authentication. Large financial firms are risk-averse and aren’t keen on betting completely on third-party solutions. Fine. Build a 2FA API for your online services. You have the financial means to do it.

Lastly, two-factor authentication isn’t the end-all, be-all solution to online security. But it is a low-cost, high-impact solution, part of the entire security picture. So please, protect me from me and give me two-factor authentication.

Yuriy Mikitchenko

Yuriy Mikitchenko - Head of Marketing

A transplant from the United States, Yuriy brings his marketing know-how to Messente. His background is in B2B marketing and sales, working with tech corporations and startups in the Portland, Ore. and Seattle, Wash. area. Now he's giving Estonia a fresh perspective on overall marketing.

5 Fundamentals to selecting an A2P provider

18 Jul 2017

Making an informed and educated decision when choosing a messaging partner requires navigation in the application-to-person (A2P) ecosystem. Asking the right questions early is the basis for avoiding costly mistakes and having a strong partnership. These five fundamental features will help you build a framework for asking questions and guide a structured conversation when shopping for an A2P vendor

Joosep Merelaht

Joosep Merelaht

Yet another hack that 2FA could have prevented: 8tracks

11 Jul 2017

The irony here is uncanny.

8tracks, a social internet radio service, recently announced a data breach, losing a copy of their user database, which includes email addresses and passwords. While 8tracks ensures their users that passwords are encrypted, hashed, and salted, they still recommend that users change their passwords with their service. Their CEO also moved on to explaining that their (over) 18 million users “refrain from using the same password across multiple sites,” use a password manager, and user two-factor authentication.

Yuriy Mikitchenko

Yuriy Mikitchenko

Preventing fraud in online brokerage accounts

10 Jul 2017

Who do you trust with your money?

Unauthorized access to accounts in the online trading industry should never be taken lightly and definitely leads to malicious or criminal activity, which not only concerns personal user data, but also financial transactions and the safekeeping clients’ money.  

Raili Liiva

Raili Liiva

Start sending messages to

for € N/A

Contact us