| By Jim Bruene on November 30, 2011 4:30 PM | Comments (3) |
I'm not sure if this is normal or not, but I enjoy the process of updating the 100-some apps on my iPhone. I'm always interested in what's changed and how the company communicates the new info to users. I've noted before that banks aren't good at leveraging this customer touchpoint, but they are getting better.
In the latest round of app updates, I noticed a nice improvement from USAA (see inset; note 1). Instead of automatically logging you off whenever you move out of the app, say to take a call or fire off a text, the bank provides the option of staying logged in for up to 20 minutes.
Sure, there's a tiny risk that if you were to lose your phone or loan it to someone during that time, they could get into your account. But your average smartphone thief is unlikely to click on the USAA button during those first 20 minutes. And even if they did, it's unlikely they could do much with the info.
Bottom line: I want this option on all my banking apps.
---------------------
Notes:
1. This iPhone update (v. 4.0) was pushed out, 8 Nov 2011
2. For more on mobile banking, see our subscription publication, Online Banking Report.
Most Recent Posts:
- Citibank Helps Users Better Understand Prior Payment Activity When Paying Credit Card Bill Online - May 16, 2012
Really!? "Even More Secure" by staying logged in so a user can forget about it? "Tiny" risk or not so tiny, this INCREASES risk. I for one do not know what the "average smartphone thief" is likely to do, but he could very simply choose to TRANSFER FUNDS out of the account. One should prefer the safety of an auto-logoff in the event you allow yourself to be distracted in the middle of a secure banking session... since the distraction may be an attack vector. This should not be a feature on any financial account and should be removed, security beats convenience in this case.
@R.U. Serious
You have to look at the odds here.
The app still auto logs you off after 20 minutes...so risk is only for 20 minutes. And if you have a passcode to your phone, thief would still have to get past that. Even if they did that, setting up a new payee usually requires an authorization through an additional channel. If the thief had your phone and access to your email, they might be able to authorize the new payee. And even if they did, if the transfer looked sketchy, the bank would probably hold it for additional auth. And even if they got through all that, unless you have a business account (which you'd probably NOT choose to keep logged in), the most they could get out of your account is probably $1,000 (daily ACH limit). And even if they did steal cash from you, the bank would probably reimburse your loss if you reported it right away.
So it's not perfect, but that's a lot of steps before you'd actually lose any money. I'd take that bet.
I would say an essential feature for all banking apps. I would like auto log off time(20 mins or 2 mins) should be user configurable in settings section.