uBank, who I have chewed out before, has drawn my ire yet again. After several blissful years of not using any of their software, I found it necessary to do so again because they’ve done something to themselves, like a merger/rebrand/reverse takeover thing. As such, I get an un-requested NFC debit card. They then proceed to migrate all the customers off their existing IT systems – including me, who has no desire to migrate from, or even use said systems.
This causes me to need to log into their system. It won’t let me in, because I have a password that complied with their old requirements — that wouldn’t let you have a special character (*#@% etc) — but that password doesn’t comply with their new requirements — must have a special character (*#@% etc). Presumably, every damn customer has this problem.
No worries says the computer, let’s reset your password. Please confirm your identity by answering your secret question – “What are the last four digits of your private health insurance?” I dutifully type this in, but surprise surprise, this value has changed in the last ten years. At this point the computer suggests maybe I tell it the last four digits, and I scream.
A seventy-plus minute wait on hold (scratchy line, annoying announcements, bad hold music), I speak to the guy. The guy says, “so, what’s the last four digits of your private health insurance?” and I explain that number has changed in the last decade, and perhaps we could use some other technique to identify me. We do all the usual things like name, birthday, address and then my password is reset to a six digit number and SMSed to me. Couldn’t let me into the system with my old, 620-bit strong password that I knew. Now we have an almost 20-bit password that I had to wait 82 minutes for. Couldn’t just SMS me a reset six digits when I say, “dunno, forgot”. No, I had to wait over an hour to sort out this mess of a process. And great, now I have to generate and save a new password.
So I suggest perhaps we should change the secret question now, and get told that “oh, that’s not a thing anymore” and I just facepalm. New system uses 2FA, old system uses it for password resets, old system wouldn’t use for password resets. Morons, the lot of them.
And then I find out that their fabulous new system allows you to see transactions all the way back in the past… all the way back to 364 days ago. Because disk is expensive.
They don’t have a million customers, and they don’t each do a thousand transactions a year. That billion transactions a year they don’t process would require hundreds of gigabytes to store, and last I checked you could pick up a 240Gb SSD for less than $50.
And pagination! Show more than 10 things on a page! This isn’t 1992!
I believe the new system is meant to be an improvement on the old one. Money well spent.