I received an email this morning (see below) from Chase Bank inviting me to participate in a new Business Advisory Board, powered by Lightspeed Research. My colleague also received the same invite for his separate account, so it doesn't appear to have been a particularly selective emailing. Both accounts were acquired by Chase in the 2008 WaMu debacle.

To sign up, users simply complete a 10-question one-page online form (first part shown below in screenshot 2) which took just under six minutes (note 1).

After completing the registration, I expected to be ushered into some type of special club, but all I received was a 15-word paragraph telling me to confirm my email address (screenshot #3). That's a bit of a letdown after giving the bank nearly 10 minutes of my day. I surmised the big payoff would come after confirming and logging back in. 

I was wrong. After logging in, I was greeted with a short thank-you statement and an invitation to take the "welcome survey," which turned out to be three questions about the 2010 economic outlook (screenshot #4). And that was it. Nothing more to see or do. No blog. No "online community" (promised in email). No special offers (note 2). They didn't even have the courtesy to share the results from the survey I just took (note 3). I began to wonder if I'd been scammed.

Analysis: On the surface I love this idea: inviting customers to participate in an online advisory board. Customers like to be noticed and heard, and a chance to win $100 is icing on the cake. But if you intend to ask business customers to take 15 minutes out of their day, it better be for something real. So far, I just feel stupid for signing up and thinking that I was actually going to make a difference at the bank.

Hopefully, they'll make up for the bad start with interesting opportunities down the road. But the bank will have to work doubly hard to get my attention after this wasted effort. 

Email from Chase Business Banking (received 19 Jan. 2010, 1:55 PM Pacific)
Note: Highlighting mine

1. Landing page from email (link, 19 Jan. 2010)

2. Registration page (click to enlarge; link)
Note: Registrants are entered into a sweepstakes to win one of ten $100 prizes.

3. Registration thank-you screen

4. Three-question welcome survey is available after confirming your email address

Notes:
1. Although the site says it's for business-banking customers of Chase and WaMu, it appears that anyone that finds the website can join.
2. Under the "Rewards" tab, information tantalizes regarding earning "cash, prizes, sweepstakes entries" for survey-respondents. But there are no examples or surveys available, so it's one more small letdown.
3. Business owners that read through the online FAQs will find out that they may be contacted one or two times per month with "research opportunities," but Chase shouldn't bury this key info in the FAQs where only a small percentage of users will find it.
4. See our recent Online Banking Report for more ideas on how to serve small- and micro-businesses through the online and mobile channels.

A few days ago, we predicted there would be tens of thousands of financial institution iPhone apps as the big banks released dozens to support their major business lines. PNC Bank and Wells Fargo were the two examples we cited.

There's another multi-app bank: Chase. In our search for an iPhone gift planner to replace the web-based Zions Bank service, we ran discovered the bank's Gift Planner (iTunes link).

Version 1.0 was released in time for the holidays last year (3 Dec. 2008), but it looks like Chase didn't take over ownership/sponsorship until release 2.0 in August. The app is supported by an excellent small website at yourgiftplanner.com that displays the app and solicits feedback.

The app and website are 100% Chase branded. The only indication that a third party is involved is a notation in the iTunes store that the app is sold by The Archer Group (inset), a Wilmington, DE-based digital agency.

Evidently, the app didn't show up on our radar because it's placed in the App Store Productivity category instead of Financial. The app doesn't appear to be mentioned on the Chase main website. A site search there came up blank.

Review: It's great looking app that can be used for any holiday. The app supports "shake for help," an advanced feature. The integration with your contact list makes it easy to add new contacts without typing, although you must wade through your entire list. And, the process of adding gifts is a bit tedious. You have to add a gift to the master gift list, then go to each person and add the gift to their profile. It would be better if you could simply type a gift on the fly.

iPhone users have been relatively unimpressed, giving the latest version a 2-star rating out of five; pretty low for a professional app (see inset).

It's a good branding tool for Chase, but it the app itself could use retooling.

Gift Planner iPhone screenshots (24 Nov 2009)

Gift Planner website (link)

Note: For more info on mobile banking on the iPhone see our March Online Banking Report.

One of my least favorite tasks as a business owner is filling out forms, and tax forms are the worst of the lot. Thankfully, Washington state has a relatively simple online form that I can complete at literally the last minute of the quarterly filing period.

So last week, with the midnight deadline looming, I went to download the previous quarter's transactions into our accounting software. After doing so, I noticed a six-week gap in the data. Because of timing issues, it had been 130 days since I'd last downloaded. Guess what? My bank archives only 90 days of data for Microsoft Money users (note 1).

So, I went online and figured I'd retrieve the older transaction there. No luck. Again, only 90 days of past data are visible in online banking. Next, I tried the data-download function. Nope, same 90-day limit. Now realizing that I'd have to hand-key the data, I was getting frustrated, but I figured I could at least view my April and May statements online. Strike 4. My bank doesn't post any estatements online UNLESS you've previously given up your paper statement.

So I had to paw through my paper piles to find the missing statements, then spend a half-hour hand-entering business transactions. Boy, did I feel like a fool. Luckily, I'd started the process earlier than usual and made the midnight deadline; otherwise, the lack of data archives would have cost me more than $300 in city and state penalties.

Fee opportunity for banks
Had I been a perfect customer and remembered to download my data within the 90-day window, this wouldn't have happened. But really, now that you can buy a 1TB (1000MB) hard drive for $79, how can a bank justify a measly 3-month archive, especially for business clients? Even factoring in security costs, backup sites and other expenses, what is the marginal cost to store 18 months of transaction data? A buck per year? Probably more like a dime or less (note 2).

It no longer makes sense to arbitrarily limit online data archives. Put a price on it and let your customers decide how long they want to store their data. Many small business customers would pay $1 to $2 per month per year of back archives. Interested consumers might pay half that, e.g., $3 to $5 per month for a 7-year archive.

It can also be used a perk for going paperless. For example, Chase Bank offers seven years of online statements for its customers (see screenshot below); otherwise, users can access only the last 18 months online.

Finally, it's one of the most cost-effective retention tools imaginable (note 3).

Chase Bank promotes the benefits of going paperless to its online banking users (1 Sep 2009)

Notes:
1. The lack of past data is especially annoying since I pay $5.95/mo for the data download service.
2. I do understand that increasing online archives is not a simple project. And even though storage costs are relatively minimal, the PROJECT costs, are certainly not. I'm sure it's a multi-million effort that's difficult to justify in an era where regulatory mandates eat up IT budgets like a power surge gobbling data. 
3. For more info on estatements, refer to our Online Banking Report on Lifetime Statement Archives (June 2005) and Electronic Messaging & Statements (Feb 2003).

I've written plenty about the importance of the iPhone App Store, both here and in Online Banking Report (note 1). But there's one subtle side benefit I hadn't thought too much about previously. 

Every time a new version of a native app is released, users must take action to download it if they want the new features. While this process used to be a nightmare in the desktop software days where users had to use floppy disks, CDs or large downloads to reinstall the software, it's an absolute breeze on the iPhone and usually takes less than a minute from start to finish. And there's no restarting the iPhone or choosing installation options. It's just a one-click process plus the input of your iTunes password if you weren't already logged in.

So why is this process a benefit? Because each time a new release is available a little icon shows on top of the App Store icon (see screenshot 1 below). Users then press the App Store icon, choose update, and they see a list of applications with updates available (screenshot 2). At that point users choose to update them all or look at them individually.

We believe most users are interested enough in their financial apps to take a look at the update, at least until the novelty of the mobile app wears off some years in the future. This provides financial institutions a free marketing opportunity to not only explain the new features of the app, but also deliver other marketing messages. You are much more likely to make an impression with your customers during the update process, compared to sending out a random marketing email.

In the three bank examples below, only USAA (screenshot 3) uses the opportunity to further cement its relationship with mobile customers, touting its new remote deposit capabilities along with several other enhancements. Wells Fargo (screenshot 4) takes a matter-of-fact, "we're fixing bugs" approach that is OK, but still misses the chance to communicate with users. But Chase (screenshot 5) completely annoys users with two sentences of marketing speak that says nothing about the update. 

Lessons for financial & mobile marketers: Whenever you release an update for your mobile app (note 2), take the opportunity to communicate with your customers as follows:

• Clearly explain the benefits of the changes to the app
• Highlight one or two related benefits of the app
• Mention any related news or promotions
• Strike a good balance between disseminating technical info and marketing new benefits

Screenshots

1. Main iPhone screen shows                        2. The Updates page shows the 4 apps
    that 4 app updates are                                       that have new versions available.
    available (right side halfway down).

3. USAA's latest update explains the specific changes made and provides several new benefits to using the app.

4 & 5. On the other hand, the Wells Fargo and Chase update messages are sparse. The Wells Fargo update appears to be a minor bug fix, so we'll cut them some slack for the terse message. However, Chase, with a minor update (2.0.1 update) to its major 2.0 release (released Aug 25), says absolutely nothing in 24 words of marketing-speak: 

We're listening -- You asked for a fully native iPhone banking application. This Chase iPhone app is built exclusively for iPhone and iPod touch users.

Seriously Chase, this is the best you could come up for the tens of thousands, if not hundreds of thousands, of iPhone users waiting for your updated app? At least the bank gets points for brevity.

                   Screenshot 4                                                             Screenshot 5

Note:
1. For more info on the importance of a native iPhone app see Online Banking Report: Mobile Banking via iPhone.
2. The same advice holds true for communicating online banking improvements as well, although the communication methods are different (email, newsletter, statement insert, blog, interstitials, log-off messages, etc.).

Someone's getting creative on Chase's search-engine marketing team. Look at the ad they placed on the RSS feed of a recent Payments News article (see first screenshot below, note 1). Using Google AdSense, the bank cleverly placed an ad against a story about Wells Fargo's same-day bill pay service.

Chase probably figures consumers reading about same-day payment capabilities might also have experienced problems with overdrafts in the past. But, I'm not sure why Chase used a call-to-action aimed at driving prospects to a branch:

Wamu Overdraft Forgiveness 
Help Take Control of your Finances. Find a Chase Branch Near You Today! (emphasis added)

Prospects that clicked through on the first ad landed on a microsite with a large branch finder at the bottom. This is a good microsite, although it doesn't directly mention taking control of your finances (see second screenshot).

Over at the main Google site, Chase used a pitch that seemed more likely to induce clicks (see third screenshot): 

Welcome to Chase
Chase Checking Alerts Help You Avoid Fees. Learn More Today!

These search ads were not displayed in searches today, so perhaps they were pulled after performing poorly.

Lesson: There's a lot of attention in the press these days about overdraft fees (see NY Times editorial today). If you have good tools to avoid them, especially mobile alerts, it might be an effective way to attract new customers.

And even though these particular ads may not have worked, it demonstrates that Chase is being creative in its search engine marketing efforts. The only way you can find what works in your market is by continuous trials (note 2).

Google ad on Payments News RSS feed (29 July 2009)

Chase landing page from ad shown above (link, 29 July 2009)

Google AdWords ad for "Wamu overdraft forgiveness" (29 July, 12 PM Pacific, from Seattle IP address)

Notes:
1. Viewed in a soon-to-be-defunct NewsGator reader.
2. For more info on search engine marketing, see Online Banking Report: Searching for Customers 3.0 (March 2008).

We just completed our latest Online Banking Report. It will be mailed to subscribers this week.
It's also available online here. There's no charge for current subscribers; others may access it immediately
for US$495.

---------------------------------------------------------

Improving Online Account Opening ROI
Ten strategies to increase online application conversion rates

102 pages (published 21 June 2009)

In this report (abstract PDF), we focus on ways to increase conversions and improve your results when opening financial accounts online or over a mobile phone.

The online application is the new branch new-accounts desk. And, just as you provide ongoing support, training and incentives to branch-based sales staff, you must continually fine-tune your online sales process.

In our experience, this is an area that needs attention at most financial institutions. Things have greatly improved during the 10+ years we've been tracking online applications. However, during the research for this report, we reached dead-ends at three of the 10 applications tested (note 1). That just can't happen.

The report outlines a 10-step approach to improving the process: 

• Direct users to the application
• Set expectations
• First things first
• Guide customers
• Bundle mobile access & alerts
• Upsell
• Fund
• Ask for referrals
• Stay in touch
• Humanize the process

We reviewed the online applications of the following companies:

• Bank of America
• BECU (powered by uMonitor)
• Capital One
• Chase Bank
• First Arkansas Bank & Trust (powered by FirstROI)
• Flagstar Bank (powered by uMonitor)
• HSBC Direct
• Huntington Direct (powered by CashEdge)
• M&I Bank
• National City
• Verity Credit Union (powered by Andera)
• Wells Fargo
• Zions Bank

Finally, a 10-year forecast for online account-opening volumes in the United States is presented.

M&I Bank has an attractive and informative application start page (9 June 2009)
Note: The online banking guarantee at the bottom is a good way to improve user trust.

Note:
1. Granted, user error was the problem in two of the three failed apps; however, we weren't purposely trying to make mistakes. The online application should have provided assistance in correcting them, rather than leaving us hanging.

Chase has great graphic design panache (see previous post here and here). As I was logging in to my account last week to see what the bank had done with a pesky $2 balance remaining from my payoff a month ago (see note 1), I was presented with an eye-catching offer to transfer a balance (see first screenshot below). 

The balance-transfer options weren't quite as enticing as they've been in the past:

• 0.99% for six months plus 3% balance-transfer fee
• 5.99% for a year plus 3% balance-transfer fee

This time last year, the 5.99% offer would have likely been for the life of the balance. However, under new regulations approved by Congress, where monthly payments must be allocated to the highest rates first, it no longer makes financial sense to offer a low rate for the life of the balance.

Note: Chase provided real-time chat support as I considered their balance-transfer offer (see second screenshot below).

Chase Bank's login interstitial (16 June 2009)

Chase offered online chat via a popup window

Notes:
1. Kudos to the bank for automatically eliminating the $2 in extra interest accrued between the day I paid my balance in full online (at the Chase site) and when the payment posted. When I logged in I was afraid I might see a $39 late fee on the $2 remnant balance. 

2. For more info on post-login marketing, see our recent Online Banking Report on Selling Behind the Login.

Chase Bank is sparing no expense in launching its brand in former WaMu strongholds, particularly Seattle, the previous headquarters of WaMu. The bank is remodeling the branches, hanging new signage, taking full-page ads in the Seattle paper, running radio spots, and bidding for the top spot on Google.

Analysis
The Chase Washington State microsite is gorgeous, really impressive. The graphic design is eye-catching, serene, and uplifting. Chase's logo is superimposed where the sun would be, creating a nice effect and great first impression of the bank, which is new to Washington state (see screenshot 1 below).

While the website designer scores an A+, the online app gets an incomplete (as in, I couldn't get it to work), at least for the checking account I tried to purchase (note 2). 

My first issue with the application, and this is more of a nitpick, is the location of the compare accounts links. Chase lists four main checking choices plus two student-oriented accounts (see screenshot 2 below). Since the account names provide no help in selecting the right one, I looked for a way to compare accounts. But my eyes were drawn to the Get Details and Open now buttons, and I never saw the links in the upper right corner. Since most users will need help selecting the right checking account, the Compare option should be at least as prominent as the Get Details button.

The much bigger issue prompting me to write this article is that online account opening didn't work, at least for the account I selected, Chase Premier Platinum Checking. After completing the first page of the online app (see screenshot 3 below), I was greeted with a cryptic message telling me to visit a branch for help (see note 1). And this is from a bank introducing its name in a new market.

Lessons for financial institutions:

• Make sure you test all the options in your online application (see note 3)
• If there are valid reasons why you cannot open the account online, explain them to your customer in detail (and don't lead them to believe the account can be opened online if it can't)
• Provide more options for help than just "visit your branch;" for example, online chat, telephone numbers, Web-based inquiry form, and a call-me button
• APOLOGIZE and thank the customer for their application attempt. Chase does neither. The bank's entire message (see screenshot 4):

   Unable to Continue: We are unable to open a Premier Checking account
   online. Please visit your local Chase Branch for assistance.

1. Chase Bank's Washington-state transition site main page (1 June 2009)

2. Chase checking account options

3. First page of Chase's online loan application

4. Fail screen displayed after hitting next on previous screen 

Notes:
1. I had selected "not a Chase customer" so I thought perhaps I was having trouble because the bank's cookie's showed me to be a Chase card holder. So I tried it on another machine, with the cookies erased, and the same thing happened.
2. The problem seems to be with Premier Platinum Checking. I was able to start the app process just fine with Chase Checking.
3. Chase isn't the only one with online account-opening problems. I am researching account opening for an upcoming Online Banking Report, and just today I reached a complete dead-end in the online application at a large credit union, and was forced to abandon the app late in the process, after I'd been through credit-bureau validation. 

I spent the past few weeks looking at cross-selling efforts from within the secure online banking zone. But unfortunately, I came across the following example too late to be included in our report (see note 1). 

When I logged in to pay my Chase consumer credit card online (note 2), I was greeted with the following interstitial page (aka "splash screen") inserted before the main account-management area (see first screenshot).

Chase is offering a $125 incentive to open a WaMu-branded free checking account (note 3). This offer may have something to do with the fact that I'm located in Seattle, the former headquarters of WaMu. The same creative was used in a statement insert and a banner ad across the main account-management page (see third screenshot).

Lessons:

1. Serving "more info": In this example, Chase handles the info-serving process a bit differently than others I'd looked at recently. When selecting More Info on the splash screen, the bank opened a new tab (in Firefox 3) for the landing page (see second screenshot below). And while the user read the offer details on that page, the original tab automatically loaded the original destination (account management page), and the interstitial ad disappeared.

On the one hand, it's convenient for the user to be able to look at the offer details and then quickly navigate back to the area they were originally logging in to. However, for more experienced users expecting a pop-up screen that can be quickly closed after reading, it can be momentarily confusing. There's a risk the user will inadvertently close the entire browser session by clicking the upper-right "x," necessitating an annoying restart and re-login.  

I'm not sure there's a single right answer, but another variable worth testing - something I'd prefer - is a popup running in a smaller window in front of the original Chase page.

2. Branch-only fulfillment: I was surprised to see the offer can be redeemed only in branch. There is no way to sign up online. The landing page is actually actually a coupon users are encouraged to print with the page-dominating blue "print" button (see second screenshot below).

I can understand the rationale for pushing people into branches where they can be upsold other services. But in this quick-start age, I'm surprised there isn't at least an option to apply online. Perhaps this is a test to see how a branch-only offer compares to online-only ones.

Chase Bank splash screen (interstitial) immediately after login
(30 April 2009, 1:40 PM Pacific)

Landing page/coupon (opens in second tab in Firefox 3)

My Accounts page

Notes:
1. The results are compiled in our latest Online Banking Report: Selling Behind the Password. 
2. Tiny rant: I owed $2.45 left over from some extra finance charge even though I paid my bill in full online last month. It's not so much that Chase didn't earn the $2, that's fine. What's irritating is that they made me pay it right away by setting my min payment to $2.45. Come on Chase, I've had this account since the 1990s, you can float me the $2 until the next time I have a charge.
3. Interestingly, I already have a small business checking account at WaMu. Either the bank's householding algorithm missed it, or Chase is making the offer to everyone in my Zip, or it still wants me to open a personal account to go with my biz one.

No one knows for sure how Apple compiles the list of its top-selling iPhone apps, but it's related to how many are sold during the past few hours. I've seen speculation that the measurement period is 2 hours (see note 1).

But there is no doubt about the benefits of rising to the top. The winner receives prime exposure in the iTunes Store and on the iPhone itself (see screenshots below).

I've checked the Finance category rankings dozens of times since the store opened in July, and the top app had always been Bloomberg with Bank of America usually the runnerup.

But Friday, a new top seller emerged in the Free list in the Finance category (note 2), Chase Mobile  while Bloomberg and BofA were each knocked down a spot to numbers 2 and 3. The Chase app was released just one week ago (12 Dec). But by Saturday morning (20 Dec), Chase had already been replaced at the top by online personal finance startup Mint, which released its iPhone app Monday (15 Dec), but it didn't show up in the iTunes store until 1 AM Friday.  Mint stayed at the top all weekend and is still number one now (10 AM Pacific, 22 Dec).

In the screenshot below and right, you can see the free publicity derived from holding the top spot. Also, note that you should put your name into the application. Bank of America, ranked number 3, neglected to include its name in the title, so it loses some branding value. Although, they would have to use BofA to fit into the space.  

Chase App (link to iphone App)
The Chase app itself is attractive and is similar to Bank of America's with a login button to the website and an ATM/branch-finder utility. As of this evening, 64 reviews have been posted with an average 3.5-star rating out of five, slightly better than the 3-star rating of Bank of America's iPhone app with similar features.

Mint App (link to iPhone app)
As expected from a company that is carefully using design to help distinguish it from the pack, Mint's new app is great looking. Across all aggregated accounts, the mobile app shows account balances, transactions, and progress towards budget goals. A nifty alerts icon on the bottom provides a convenient way for users to keep tabs on important info on the go.

Another difference from most banking apps: Mint lets users choose whether they want password protection enabled after their initial login. If you choose to log out, then the app erases all data in memory, and you must log back in next time. If you choose not to log out, then your data remains visible until the next visit with no login required (note 4). This is a great convenience, but something that may not be allowed at regulated financial institutions.

Some users have reported trouble with the app on older phones. On my first-generation iPhone running version 2.1 software, the Mint app wouldn't download. But once I upgraded the iPhone software to version 2.2, it downloaded flawlessly and all functions worked perfectly. In Mint's forum, some users were reporting problems with the Budget feature, but it seems to work fine for me (forum thread) (note 3).

Top Apps in the finance category of iTunes' App Store
(7 PM Pacific, 19 Dec 2008) 

 Top free finance apps list displayed on iPhone:
          at 7 PM Pacific, Fri. Dec. 19                               at  2 PM Pacific, Sat. Dec. 20         

Chase Mobile iPhone app                    Mint iPhone app main screen
main screen (19 Dec 2009)                          (19 Dec 2009)

Notes:
1. That 2-hour window could be about right. When I made this screenshot, the new Mint app was at number 10; two hours later (9 PM) it had risen to number 5 (see screenshot above). By 9 AM Saturday morning (20 Dec) it had risen to number 1.

2. The App Store divides the top apps into two categories, free and paid. The top 20 free apps are listed on the right side and the top 20 paid apps are listed on the left. The apps in the middle are listed by newest first.

3. These operating system incompatibilities, a real problem in pre-1995 online banking services, had largely been left behind when banks embraced the Web in the mid-1990s. Unfortunately, mobile banking will add to your tech-support costs. 

4. Mint also reminds users that they can choose to lock their entire iPhone for extra security.

5. For more info on the market, see our Online Banking Report on Mobile Banking. 

It's a sign of the times. Instead of creating interest in auto loans by showing a sexy new convertible on a windy seaside road, Chase offers to help customers stay in their same vehicle with a lower monthly payment (see today's homepage below).

Interestingly, the $44 number in the headline is the actual average savings to Chase auto loan refinance customers in August (see note 1 for how Chase calculated the savings). That makes the whole ad much more believable than the usual what-if scenario.

Instead of burying that key fact in the fine print on the bottom of the landing page (second screenshot), Chase should make it the main headline of the landing page. The bank could go "social" with it by adding testimonials, a blog or forum, calculators (how about one for the iPhone?), a Facebook page, sweepstakes and even a scrolling activity ticker showing actual refinance savings as they happen, much like the Progressive auto insurance quotes (see note 2).

It's not going to help Detroit much, but it's smart marketing for the pre-holiday period. A $44 lower monthly payment translates into $500 in annual savings, enough to put a little something extra under the tree this year.

Chase Bank homepage (13 Nov 2008)

Landing page pop-up (13 Nov 2008)

Notes:

1. Derivation of the $44 savings:

Monthly savings figure is for illustration purposes only. $44.43 is the average monthly amount saved by customers who lowered their rate by refinancing their auto loans with Chase during the period from 7/25/08 to 8/21/08 on which we have the information to determine savings. These customers started with an average balance of $17,500, with an average remaining term of 49 months at an average Annual Percentage Rate (APR) of 10.50% and refinanced on average for 53 months at an average new APR of 7.31%.

2. An activity ticker is one of our top-rated projects for next year as published last week in our Online Banking Report 2009 Planning Guide.

Visa today put a stake in the ground to be viewed as the innovation leader, a position that American Express has claimed for some time with its chip cards, social media efforts, and even an online lab site. At today's "innovation briefing" in NYC, Visa announced several pilots and upcoming initiatives.

Mobile person-to-person transfers
The most far-reaching announcement was the ability for Visa cardholders to transfer funds from one card to another via mobile device. So far, just one bank is participating in the pilot. US Bank says it will make the service available to a few thousand cardholders as a test later this year. PaymentsNews has more details here.

It sounds good, but as always the devil is in the details. For instance:

• Through what hoops will cardholders have to jump to enable their card and phone for the service?
• Will the transfers be treated as cash advances triggering fees and finance charges?
• Will it be available to all cardholders using any mobile phones? 

Visa jumps on the android bandwagon
A more immediate innovation is a location-and-alert-based service built for Google's android platform, a new mobile system launching in late October. Visa's new service, to be rolled out initially by Chase Bank (no time frame given), promises some important new developments:

• "Near real-time" purchase alerts (see note 1) so you can see immediately whether your server added an extra digit in front of your tip on that bar tab. The real-time alert pilot was announced a month ago (here) involving several thousand accounts at PNC Bank, SunTrust Bank, US Bank, Wachovia, Wells Fargo, Royal Bank of Canada, TD Bank, and Vancity.
• Visa merchant finder based on your location-based/GPS technology  (nice!) with targeted marketing offers (hmmm??). The merchant locations will be integrated with Google Maps.

Again, PaymentsNews has the entire press release here.

Notes:
1. Visa says that the alerts will arrive "typically before (the consumer) leaves the store."

2. For more information, see our Online Banking Report on Mobile Money & Payments.

In its latest quarterly financial results (here), Bank of America said it signed up 224,000 new users during the quarter to bring its active mobile banking base to 840,000. Assuming the 75,000/mo pace continues through second quarter, the bank should be over 900,000 now and will surpass 1 million in the next few weeks.

Although it's a nice milestone, it's only 4% of the bank's 23+million active online banking users (here). Given that mobile is pushed frequently in the bank's online banking area, one could argue that 4% adoption is pretty anemic. But according to M:Metrics, less than 14% of U.S. mobile phone users accessed info via the mobile Web in February. So 4% of a 14% universe is much more impressive, indicating the bank has tapped almost 1/3 of the short-term potential for mobile Web-based services, a good start.

To really goose adoption, text-based solutions may need more emphasis (see Chase screenshot below). According to M:Metrics, U.S. text users outnumbered mobile Web users almost 4 to 1 in February, 110 million to 30 million.

Industry forecast update
These adoption rates are about what we expected. In the forecast published a year ago in our Online Banking Report on Mobile Banking, we were relatively bearish short term, projecting 900,000 mobile users by year-end 2007 growing to 2.5 million by the end of 2008.

With BofA reporting 840,000 and assuming they have about half of all users, the U.S. market has likely already passed the 1.5 million mark and will end the year at more than 3 million.

The adoption rate depends on how hard banks push mobile options. Along with BofA, Chase has been one of the most aggressive, showing mobile use in its advertising for several years now (previous coverage here). I love its "Text your account. It texts you back." Just seven words conveying more than most 3-minute demos.

The virtual-ink had barely dried on our substantially lowered forecast for SMS banking adoption in the U.S. (here; check out the comments as well), than the ever-aware Brandon McGee had the scoop that Chase, the third-largest U.S. bank, had quietly made SMS banking available to its customers.

We still don't know if it's a market test, or a full-blown launch, but we do know that this puts SMS back on the table again in the United States. Here's the bank's clever tagline:

Text Your Account. It Texts You Back.

Although Chase hasn't yet linked its SMS banking to the home page, it's not too hard to find at <chase.com/mobile>.

Note: For more on SMS and other types of mobile banking, see our full Online Banking Report on the subject here.

Bank of America and Chase, two of the three largest U.S. banks, are putting an online spin on free checking offers using online banking, security, and other benefits to encourage applications. On the surface, Bank of America's approach appears much more effective. And with no direct-deposit requirement, it surely generates more new accounts. However, without knowing how the free accounts convert to profitable relationships, it's impossible for an outsider to recommend one approach over another.    

Bank of America
Bank of America's free checking offer (see note 1) is difficult to overlook (screenshot below).  The top-of-the-page banner has animations that showcase the major benefits:

• online banking
• bill payment
• "Keep the Change" debit card savings program
• SiteKey security

The teaser "We're redefining Free Checking" creates interest while the bright blue "open an account" and "special online-only offer" further entice prospect to click through the banner.

The landing page (screenshot below) reiterates the online benefits and features a large laptop to reinforce the high-tech nature of the account. Two additional benefits are added to the list:

• Free debit card with security protections
• Free ATM access at 17,000 BofA machines 

Notes:

1. The free checking banner appeared in a visit to the homepage from a Seattle IP address at 10 AM Pacific time today. It did not appear on afternoon searches from several computers.

2. The bank uses a live chat popup after lingering on the application for a short time (click on image right for closeup).

Chase Bank
Chase's homepage banner uses the "kitchen sink" approach with an image of an ATM machine, debit card, paper checkbook, laptop, and PDA along the top. The mobile phone is a good addition, but the ATM machine and laptop are so small, they aren't easily recognizable in a quick scan (see screenshot below).

Another problem: the paper checkbook, which is centered and slightly larger than the others, seems to get an inordinate amount of attention. I'm not sure that the checkbook or the debit card add much value. U.S. consumers pretty much realize those are included in a checking account.

Chase's landing page leaves a lot to be desired. The benefits are listed in small, gray type that is relatively hard to read. And the only call to action, if you can describe it as one, is the last line in small blue type, with an underlined "apply online." No buttons + no color + no large font + no offer = no interest.  

The folks at Chase Bank were on the ball today. Less than an hour after I wrote about Whitney Bank joining the long-term statement archive club (here), I received an email from a subscriber* at Chase letting me know they offer six years of online statements for credit cards. 

Below is the bank's announcement to cardholders. It's nicely designed with a green touch. And it reminds cardholders they will receive an email both when the statement is ready and when payment is due. And note the call to action: "TRY" paperless. That lets customers know they can always go back. Now that's the way to get fired up about saving trees, and the bank's cash. The only thing missing: a simple guarantee.

Grade: We score it an "A" 

Chase has been working hard to move customers out of paper. So far this year, the bank has run a $35,000 sweeps to go paperless (see post here) and they currently have a popup on the credit card homepage pitching estatements (see screenshot below).

January 2007 email to Chase credit card customers

Popup at credit card site

*He earns a Starbucks card for his responsiveness. Anyone else have five or more years of statements online? Add your comments or email me.

Once again (previous post here), Chase used a three-quarter page color ad in the front section of the New York Times (p. 17, National Edition) to showcase its alert services (see partial screenshot right). The ad shows a man relaxing in the stands at some type of sporting event, Yankee Stadium perhaps.

The camera looks over his shoulder, focusing in on the image displayed on his Treo smartphone, which says "SECURITY ALERT" in large white letters on a light-blue background.

You had to feel for this poor guy, jarred from his leisure time with an urgent missive from the bank. Within a few seconds, three things likely crossed his mind: 

1. What the (expletive deleted)? Pretty poor timing to be interrupted at a baseball game with a security alert from the bank (which, these days is 99.9% likely to be a false positive, or a phishing attempt, see number 2).

2. Is this even from Chase? How do I know it's not a new kind of mobile phishing attach (mishing?). Should I ignore it? Does my liability go up if I don't respond immediately?

3. Now what? Can I click the message and find out if this was just a notification that I'd used my debit card to buy beer at a Yankees game, something I'd never done before, or has someone just transferred my 401k to a numbered account in the Jersey Islands? Or will I have to excuse myself and make a voice call, spending the 6th and even part of the 7th inning, talking to a Chase CSR, who may not even have enough info to explain why I got the alert? 

Analysis 
The ad demonstrates the pitfalls of using a very negative attribute, security breaches, in marketing your brand. But despite the uncomfortable thoughts that come to mind, we think it's an effective ad because it grabs attention and positions Chase as caring for the financial security of its customers. However, given that Chase's actual alerts look nothing like this, it's a bit of a stretch. I suppose they're allowed a bit of creative license; it's advertising after all. 

We'll give it an A-

Advertising-monitoring firm, Mintel Comperemedia reported last week that nearly 9 out of 10 credit card solicitations in 2006 directed recipients to the Web, up sharply from 56% in 2003 (see note 1, 2). Several big mailers, namely American Express, still seem reluctant to use website response as an option, at least in the mailers we see at our house.

American Express tests must show a drop in response by offering too many choices. But if you don't have the budget of American Express, which can afford to drop a mail piece in every credit-worthy household every two or three weeks, you should add website options to your direct mail creative. That way, you can at least capture a lead at your website, even if they don't ultimately accept your credit offer. 

Total mailing volume for 2006 was 9.2 billion pieces (see note 1), or about 3 per week per credit-worthy household. Two of those were from the five largest mailers listed below which accounted for more than 60% of the volume, according to Comperemedia. JPMorgan Chase accounted for 18% on its own. 

In another data slice from Comperemedia, cited by Capital One in a Feb. 2006 investor presentation (PDF here), response rates have fallen from 1.4% in 1995 to 0.3% in 2004 (see note 3).

Here's a breakdown of the billion-piece club, and their percent change compared to 2005:  

1. Chase >>> 1.7 billion (down 4%)

2. Capital One >>> 1.2 billion (up 13%)

3. American Express >>> 1 billion

4. Citibank >>> 980 million (down 2%)

5. Bank of America/MBNA >>> 920 million (down 17%)

Other top-10 mailers: HSBC (up 25%); Discover (up 29%); Barclays Bank (190 million, up 70%)

Note:

1. Comperemedia tracks mailing volume for more than 150 large financial institutions. So the figures here do not include mailings from thousands of smaller banks and credit unions. In total, those probably account for less than 5% of the total from the top-150. 

2. Comperemedia press release is here. Interview of Comperemedia director Jenny Roock by MediaPost is here.

3. Credit card response rate slide from Capital One's investor presentation (PDF) at the Debt & Equity Conference, Feb. 2006; data from Comperemedia.

Habits are hard to break. After 5, 10, 20 or more years of receiving paper statements, most mainstream banking and credit card users are reluctant to give them up.

Long-term online statement and transaction archives are key to creating paperless customers. But you'll still need an incentive to get most customers to move their mouse over to the "go paperless" button.

Chase Bank devotes prime homepage real estate, and $35,000 in prize money, to the effort today in a sweepstakes aimed at convincing customers to shut off their paper statements (see screenshot below). Every customer enrolled in electronic statements receives one entry per month through April in the contest which pays a $25,000 grand prize plus ten $1,000 runner-up prizes. 

Analysis
It's a good effort, but with $100 million or more in annual savings at stake, why stop the sweepstakes after just three months. A $1,000 prize should be awarded each month, or each week, for many years as the banking giant weans its customer base off paper.

Also, Chase should be more specific on the amount of statement storage available online. The landing page is vague, saying one can "gain access to several years of statements." What does "gain access" mean? Do you have to request old statements for future delivery or are they right there so that on April 14th, you can find that final piece of your tax return puzzle. Even checking the online banking area of the website won't answer that question. It merely says you can print 90 days' worth of transactions. This isn't enough reassurance to those reluctant to give up the paper trail.

Chase homepage (14 Feb 2006):

Sweepstakes landing page (14 Feb. 2006):

Over the years, Chase Bank has made impressive design improvements on its homepage (see note 1). One thing they do better than most is attract the attention of their non-online banking customers.

A large blue square surrounding an orange button beckons users to "Get a User ID" (see inset). It's well positioned in the prime upper-left corner, and it has the ubiquitous "Web 2.0" orange working for it.

Unfortunately, after clicking the button you are transported back in time to a page virtually devoid of color and design (see screenshot below). In addition, the form immediately asks for info that many users may not want to reveal (SSN) or may not have access to at the moment (account number). 

Recommendations

1. Redesign the page to make it more appealing.
2. Add prominent links to customer service for help.
3. Ask only easy questions on the first page: name and email address is enough to 
   engage the applicant and provide enough info for followup if the
   application is abandoned. 

Notes:

1. Here's the homepage today (left) vs. the busy look four years ago (20 Nov. 2002) 

More than 70% of business-email users view most or all of their email messages in the preview pane.* Depending on screen size, resolution, and window sizing, the real estate available in the preview pane can be relatively small.

When designing messages, be sure to put the most important information in the upper-left corner to maximize visibility in the preview pane.

Here is a poorly designed email Chase sent to confirm posting of a credit card payment. It requires users to scroll right to view Chase's logo and log-in button. Here's how it looks on my 12-inch laptop screen running at 1024 x 768:

What not to do from Chase:

Better design from Bank of America graphics flush left:

(Note: BofA shows the last four digits of your account number; we changed them to xxxx in the screenshot above.)

Action Items
Even though it's just a routing email message, the poor layout makes it look like a phishing message. Chase could clean this up with just a few minutes of programming work. While they are at it, they should add a personal greeting and additional text disclosures to make it look less phishy. 

*For more information, read our Online Banking Report #129/139, Email Marketing for Financial Services.

In a novel advertising gimmick, Chase Bank affixed two-foot long banners, each pointing to one of 90 electrical outlets in the Indianapolis International Airport. The unique signage, which also includes four months of exposure on in-terminal flight-information monitors, will cost the bank $65,000 for the year, or just under $200 per day.

The signs and slogans are designed to appeal to traveling businesspeople. They include:

This outlet works. Now you can too.

You and your laptop may sigh with relief now.

Congratulations. You found a charge chair.

Analysis
We'll leave the question of cost effectiveness of "outlet advertising" to the outdoor advertising pros. However, similar tactics could be used throughout a community to market online banking and small business services to users of WiFi-equipped cafes and coffee shops. For example, a bank could sponsor a WiFi directory that included names, locations, and hours of WiFi-equipped locations throughout town. For extra credit, include a map of electrical outlets, desired by many laptop owners so they don't have to worry about having to rely on their batteries which are drained relatively quickly when going online.

Most coffee shops aren't going to want a bank slapping advertising stickers on their walls. However, tent cards or brochures carrying the bank's logo could provide WiFi instructions and locations of wall outlets.

With summer just a few months away, this would be a perfect task for a summer intern. Working with existing WiFi directories, the intern could scout out possible locations, map the electrical outlets, document contact information at each location, and post it all to the bank's website. Alternatively, a bank could contract directly with an existing locator service to carry the bank's advertising message.

--JB

Question: What do you call a service that delivers a single consumer payment via fuel-hungry trucks and jets while requiring six or more highly paid technicians and drivers to get the job done?   

Answer: An online banking innovation featured in a page-dominating ad on Chase's homepage today (click to view screenshot, links will not work).

The service, originally launched by Chase's Bank One unit in January, is now available to all Chase online banking customers. Customers initiate payments online and UPS does the heavy-lifting, ensuring they arrive by the end of the following business day. Cost is $14.99 per payment which can be tracked via the UPS tracking number. Cut-off time is a user-friendly 10 pm eastern time.

Analysis
We like the service, even if the delivery mechanism of dead trees and fossil fuels is positively archaic. But given the realities of our complex payment and accounts receivable systems, it's better than the alternative, a $39+ late fee and loads of additional interest. At least this way the user avoids getting in his/her car and spending a half-hour overnighting the payment themselves. And we applaud Chase for making the service available online.

However, despite the clever name and appealing graphic (see inset above); we have to question the homepage ad placement. For a marginally profitable service that appeals to a small niche of the truly disorganized online bankers (I qualify), that's a LOT of screen real estate. One can only hope it's only posted for a short time.

Surprisingly the page that actually explains the service (click on inset for closeup), is sparse and virtually devoid of marketing punch. Anyone clicking on the homepage ad must wonder what the big deal is. If you decide to scream about a new feature on your homepage, make sure you at least spring for a Flash demo and/or thorough documentation of its benefits.

--JB

When natural disasters strike, such as the Southeast Asia tsunamis or Monday's Hurricane Katrina destruction in New Orleans and the Gulf Coast, banks should use their considerable web reach to help their customers make safe and secure donations to sanctioned relief agencies such as the Red Cross.

With all the concern about online phishing and fraud, consumers need a trusted conduit to make donations. And the sooner the link is posted, the better. As bad as it is, for much of the country, it will no longer be top-of-mind in a few days or weeks.

Major banks fail to respond thus far
Granted its only been three days, but we were surprised to find that of the largest 50 U.S financial institutions only three, Chase (Chase.com and BankOne.com), Wachovia (Wachovia.com and Suntrust.com), and Washington Mutual (wamu.com), have posted links to the Red Cross to make online donations (see Wachovia banner above).

Seven others had hurricane-related information, but no links for donations:
- Regions, AmSouth, Navy FCU, Compass Bank, and of course New Orleans-based Hibernia all had information on branch closings
- USAA posted tips for dealing with the aftermath of a hurricane
- Commerce Bank (NJ) ran a headline ticker on the top of the homepage offering to match donations up to a total of $50,000 (which strikes us as bit stingy if you are going to blast it across your homepage)

Action Items
The best response, from a customer service and PR perspective, is to announce a corporate contribution and provide secure links to the Red Cross and other relief agencies. Contributions should also be accepted via mail or in-branch.

Wachovia does it right, with a small, but highly visible homepage link explaining its efforts and providing the important message, You Can Too (see inset above). Clicking on the link leads users to a landing page that explains Wachovia's $250,000 corporate commitment along with two important links (click on inset for a closeup look):
1. Donate Now link to a Red Cross store established on Yahoo handle Katrina donations
2. Email this page to spread the word

Even if your bank is not prepared to make a corporate contribution, it can still support fund-raising efforts with a link to the official donation site.

--JB

Effective Monday, Chase Bank will end its four-year experiment with so-called scan-and-pay bill payment (download the email announcement below). Popularized in 1999-2000 by Cyberbills, PayMyBills.com, and PayTrust, the service allowed users to have their mailed bills redirected to the service provider where they were scanned and posted to a website. Users were alerted to the new bills and could pay them through a variety of methods.

Download final email announcing the termination of Chase Bank's "Premium Plan" total bill management service

As demand failed to materialize, the three service providers all ended up under Metavante ownership. Last year, Metavante sold the remaining PayTrust business to Intuit. Chase was the only major bank to offer the service, using it as the premium option in a three-level product line (see OBR 82, p. 8).

Analysis
This is a service that sounds great on paper, but is too complicated for the benefits provided. Winning electronic bill payment services need to provide quick payback with a minimal learning curve. That's what so nice about CheckFree's new system that allows users to add a new biller by simply entering the biller's phone number.

While the few users who took the trouble to redirect their bills and set-up automated payments were quite satisfied, it was just too much trouble for all but a fringe group of highly-organized computer-savvy types, the kind of person who is a long-term user of Quicken. So it makes a lot of sense that the sole remaining provider of the service is Intuit.

--JB

JP Morgan Chase and Citibank led all banking and lending companies in online ad spending according to the most recent American Banker survey of financial services spending (May 2005).

Chase’s $50 million in online advertising was 21% of its entire advertising expense, the highest among major banks, and considerably above the 11% online share across all financial services companies. In comparison, Citi’s $49 million spent online was only 9% of its total advertising expense, slightly below the industry average.

NetBank, the 16th biggest online advertiser, was the percentage leader, funneling all but $100,000 of its $4.9 million in advertising into online initiatives. Two other major online advertisers spent more than half their money online last year: ING Direct spending 60% of its $40 million total online, and MBNA spending more than half its $14 million online.

Lending Tree, Quicken Loans, HSBC, Sovereign and East-West Mortgage all devoted about one-third of their advertising into the online channel.

Top-20 Financial Institutions Online Advertisers*
2004 Online Advertising (% of total advertising)*
1. JP Morgan Chase  $50 million (21%)
2. Citigroup              $49 million (9%)
3. American Express $28 million (9%)
4. Bank of America    $25 million (9%)
5. ING Direct            $24 million (60%)
6. Lending Tree        $22 million (31%)
7. Ameriquest           $16 million (13%)
8. Quicken Loans       $10 million (33%)
9. Wells Fargo           $9.2 million (14%)
10. HSBC                  $8.3 million (39%)
11. MBNA                  $7.0 million (51%)
12. Wachovia            $6.3 million (7%)
13. E-Loan                $6.1 million (21%)
14. NetBank              $4.8 million (98%)
15. Discover             $4.7 million (6%)
16. GM                     $3.8 million (4%)
17. Royal Bank          $3.2 million (12%)
18. Sovereign           $2.8 million (33%)
19. East-West Mtg.    $2.7 million (32%)
20. WAMU                $1.9 million (2%)

*Banking, Lending, Mortgage, or Credit Card segments only, does not include online brokerage, insurance, or investments.

If you look at the brokerage and mutual fund category, the spending accelerates. Four online brokers Ameritrade ($65 million), Scottrade ($63 million), Schwab ($58 million), and E*Trade $52 million) each outspent even the largest financial institution, and Netstock Direct ($32 million) outspent all but Citi and Chase.

Top-10 Brokerage & Mutual Funds

2004 Online Advertising (% of total advertising)

1. Ameritrade   $65 (64%)

2. Scottrade     $63 (87%)                              

3. Schwab        $58 (35%)                              

4. E*Trade        $52 (77%)                              

5. Netstock       $32 (99%)                              

6. Harrisdirect  $24 (78%)                              

7. Vanguard      $12 (31%)                              

8. TD Bank        $10 (17%)                              

9. Fidelity        $5.3 (4%)                               

10. T.Rowe Price $3.8 (5%)

Download the Excel file with more details.    

--JB                     

Using our live test accounts, we changed passwords then subsequently “forgot” the new one to test how major financial institutions handle the situation. Overall, most received good marks, although everyone has room for improvement.  

Table 1

Password Scorecard

Source: Online Banking Report, 4/03
*We believe users should have at least 5 login attempts, with clear instructions before and after lockout

Testing process

1. Login with existing username and password

2. Change password or username

3. Logout

4. Use online password reset if available

5. Attempt to log back in 10 times with an incorrect password

American Express

Password Scorecard

Grade: Needs improvement

Weaknesses:
(1) Browser AutoComplete function not disabled
(2) No email confirmation of password change
(3) Account lockout too quickly, after third login try

Password structure: User defined, 6 to 8 characters with at least 1 letter and 1 number

Username structure: 5 to 20 characters with
at least 1 letter

Second password/challenge: No

IE 6 AutoComplete disabled: No

Online password change: Yes, with old password

Email confirmation of password change/reset: No

Online password reset: Yes, with card number, 4-digit card ID (on face of card), work phone number, last 4 digits of soc, and 5-digit zip code

Account lockout with excessive login attempts: Yes, after third attempt; red warning issued after attempt two

Online username retrieval: Depends, certain accounts can retrieve their username online, others must call; we were in the latter group so could not test this feature

AutoComplete is not disabled on the login screen.

User friendly: American Express warns users after their second unsuccessful login that they will be locked out after one more attempt.

Password reset, step 1: Enter userid, card number, and 4-digit code from back.

Password reset, step 2:
Enter personal info for authentication.

Bank of America Credit Card

Password Scorecard

Grade: Good

Weakness: No email confirmation of password change

Username structure: User defined, 9 to 20 numbers

Password structure: 4 to 7 characters; cannot repeat 4 or more in same sequence as username; cannot be same character repeated

Second password/challenge: No

IE 6 AutoComplete disabled: Yes

Online password change: Yes, with old password

Online password reset: No, must call

Email confirmation of password change/reset: No

Account lockout with excessive login attempts:
Yes, after 4 attempts; help section carries clear warning

Online username retrieval: No

BofA provides a helpful popup screen with each unsuccessful password attempt.

Centura Bank

Password Scorecard

Grade: Fair

Weaknesses:
(1) No email confirmation of password change
(2) No warning of account lockout
(3) No customer service link or HELP available from login screen

Username structure: Social security number (with dashes)

Password structure: 6 to 15 characters

Second password/challenge: No

IE 6 AutoComplete disabled: Yes

Password change: Online with old password; but neglected to provide an on-screen confirmation that the change occurred, an annoying usability flaw

Online password reset: No, must call; password sent via postal mail

Email confirmation of password change/reset: No

Account lockout with excessive login attempts:
Yes, after sixth unsuccessful attempt; no prior warning

Online username retrieval: Unnecessary (SSN)

Centura had the best login screen “security look and feel.” It also provides a link to disclosures, but not a single mention of customer service or online help, even after making an unsuccessful login attempt. Evidently the bank’s lawyers have been through the site, but where’s customer service?

Charter One Bank

Password Scorecard

Grade: Needs improvement

Weaknesses:

(1) Browser AutoComplete not disabled

(2) No email confirmation of password change
(3) No warning prior to account lockout
(4) No message after account lockout

(5) A bit too easy to gain read-only account access for new users; requires account number and social security number. However there is a crucial safeguard for bill payment which requires mother’s maiden name, date of birth, home phone number, and a 2-day waiting period.

Username structure: Social security number

Password structure: Must be at least 6 characters

Second password/challenge: No

IE 6 AutoComplete disabled: No

Online password change: Yes, with old password

Online password reset: No, must call

Email confirmation of password change/reset: No

Account lockout with excessive login attempts:
Yes, not sure when it happens, sometime before the tenth attempt; the bank does not provide a warning of impending lockout, nor does it let you know after you’ve been locked out, you only receive a cryptic
error message.

Online username retrieval: Unnecessary (SSN)

AutoComplete has not been disabled
at account login.

New users enroll with social security number and account number. Note the excellent use of security graphics during enrollment.

Chase Bank

Password Scorecard

Grade: Good

Weaknesses:
(1) No email confirmation of password change
(2) No warning of upcoming account lockout
(3) No message after account lockout

Username structure: User defined, must include one number

Password structure: 6 to 10 characters, 1 of which must be a number

Second password/challenge: No

IE 6 AutoComplete disabled: Yes

Online password change: Yes, with old password

Online password reset: Yes, with name, account type, account number, social security number, and two user selected challenge questions

Email confirmation of password change/reset: No

Account lockout with excessive login attempts:
Yes, sometime during the first 10 attempts; no warning message and no indication when account is lockout out, a “try again” message just keeps repeating

Online username retrieval: Yes, displayed online after entering name, account type, account number, social security number

Chase is one of the few banks offering online retrieval of forgotten usernames. After correctly entering name, account number, and social security number, the username is displayed. At that point you can login if you know your password. If not, you can retrieve your password online by answering two previously selected challenge questions. This is great from a usability standpoint, but the bank should send a confirmation via email and/or snail mail.

To reset the password, users answer two
previously established challenge questions. 

DeepGreen Bank

Password Scorecard

Grade: Needs improvement

Weaknesses:

(1) Browser AutoComplete not disabled

(2) No email confirmation of password change

(3) No minimum password length, can be a single letter or the same as the username
(4) No warning before account lockout
(5) No message after account locked out

Username structure: User defined, can be all alpha

Password structure: 1 to 14 characters, can be the same as the username or a single character

Second password/challenge: No

IE 6 AutoComplete disabled: No

Online password change: Yes, with old password and mother’s maiden name

Online password reset: Yes, with social security number and mother’s maiden name

Email confirmation of password change/reset: No

Account lockout with excessive login attempts:
Yes, but not sure when because the lockout is not disclosed until the user attempts to login with correct username/password.

Online username retrieval: No, must call, then wait
7 to 10 days to receive in the mail

A common security vulnerability: Failure to disable IE 6’s AutoComplete function.

Everbank

Password Scorecard

Grade: Needs improvement

Weaknesses:
(1) AutoComplete not disabled
(2) No email confirmation of password reset, even though it can be reset with info available to an identity thief, SSN and mother’s maiden name
(3) No email or on-screen confirmation of p/w change
(4) No warning before account lockout
(5) No help on login screen for the memory challenged

Username structure: Initially set as social security # (with dashes); can be changed online one time; 8 to 24 characters, not similar to current username, not same as password, not offensive, at least 2 numbers and 2 alphas

Password structure: 8 to 16 characters with at least one number and one letter, not similar to username, not similar to prior password, not the same reading backward and forward

Second password/challenge: No

IE 6 AutoComplete disabled: No

Password change: Online with old password; no confirmation of the change provided on-screen

Email confirmation of password change/reset: No

Online password reset: No, must call; new temp password given over the phone after providing SSN, name, address, date of birth, and mother’s maiden name

Account lockout with excessive login attempts:
Yes, after fifth attempt, must call to reactivate; no warning prior to lockout

Online username retrieval: No, must call

Everbank provides no help at login for users that forget username or password, just a lengthy warning written by the lawyers.

First USA Credit Card (Bank One)

Password Scorecard

Grade: Fair

Weaknesses:
(1) No email confirmation of password/username change or reset; especially important given relative ease of resetting username/password
(2) No warning before account lockout

Username structure: User defined, 7 to 16 characters, case sensitive

Password structure: 7 to 32 characters, case sensitive,  must have at least 1 number, may not use the same letters consecutively, cannot match username or social security number.

Second password/challenge: No

IE 6 AutoComplete disabled: Yes

Online password change: Yes, with old password

Online username change: Yes, with old password

Online password reset: Yes, with credit card #, social security #, signature panel code, and expiration date

Online username reset: Yes, with credit card number, social security number, signature panel code, and expiration date

Email confirmation of password or username change/reset: No

Account lockout with excessive login attempts: Yes, locked out after four attempts, no warning given

First USA is the only financial institution tested which allowed usernames to be reset online; nice for usability but a confirmation of the reset should be emailed and/or mailed to the cardholder.

Harris Direct (brokerage)

Password Scorecard

Grade: Good

Weakness:
(1) No email confirmation of password change (thought there is for password reset)
(2) Only 3 login attempts allowed before lockout (but can reset online relatively painlessly)

Username structure: User defined, 6 to 15 characters

Password structure: 6 to 8 characters

Second password/challenge: No

IE 6 AutoComplete disabled: Yes

Online password change: Yes, with old password

Online password reset: Yes, a new disguised password is emailed after entering username and birth date; the new password is a created from the account holder’s mother maiden name and social security number but is not disclosed in the email, e.g. the first 2 letter of mother’s maiden name plus last 4 digits of social security number.

Email confirmation of password change: No

Email confirmation of password reset: Yes, confirmation also sent via snail mail

Account lockout with excessive login attempts:
Yes, after third attempt, but can be reset online; no warning before lockout

Online username retrieval: No, must call

HarrisDirect allows online reset after your account has been locked out for excessive login attempts. It was the only company which emails a disguised new password when resetting. For good measure, they also mail an identical confirmation.                    

ING Direct

Password Scorecard

Grade: Excellent

Username structure: Account number

Password structure: 4-digit number (called PIN)

Second password/challenge: Yes, one of 5 user-specified questions asked at login (see below)

IE 6 password remember disabled: Yes

Online password change: Yes, with old password

Email confirmation of password change: Yes; confirmation also sent via postal mail

Online password reset: No, must call

Account lockout with excessive login attempts:
No (not in the first 10 attempts)

Online username retrieval: Unnecessary (acct #)

ING Direct is the only bank we know of using a challenge question at login. In addition to account number and password, one of these five rotating questions must be answered correctly:

•  first 4 digits of social security number

•  zip code of mailing address (first 5 digits)

•  birth year (4 digit)

•  last 3 digits of social security number

•  last 4 digits of social security number

We like the concept, but the implementation is weak. By simply refreshing the browser screen, the would-be thief can select which question to answer, one of which is zip code, which is trivial to ascertain. 

PayPal

Password Scorecard

Grade: Fair

Weakness:
(1) AutoComplete not disabled on the password reset screen (it is disabled on login page)
(2) Username (email address) known to others

Username structure: Email address

Password structure: 8 to 24 characters case sensitive; recommended, but not required that it include upper and lowercase and at least one number or special character

Second password/challenge: No

IE 6 AutoComplete disabled: Varies; yes, on main login screen, no on password reset screen

Online password change: Yes, with old password

Online password reset: Yes, via email; must answer secret question via email link; if unable to access original email account the new password is sent via snail mail

Email confirmation of password change/reset: Yes

Account lockout with excessive login attempts:
Yes, after 10 unsuccessful attempts; a lockout warning appears after the seventh attempt

Online username retrieval: Not necessary since username is equal to email address

PayPal is one of the few financial companies using cookies to automatically insert usernames at login. The company has used this approach since inception, so they must feel that the improved usability more than compensates for the decrease in security.

PayPal’s online password reset process requires the user to have access to the email account registered with the service. If not, users answer one of four authentication questions (top screen) and the password is mailed to a one of the previously confirmed snail mail address (bottom screen).

PayPal explains after the seventh incorrect password attempt that you have 3 more tries before lockout. This is a far more reasonable approach than many banks’ three-strikes-and-you-are-out policy.

Schwab

Password Scorecard

Grade: Fair

Weaknesses:
(1) No email confirmation of password change
(2) Account lockout too quickly, after 3 login attempts, but can be reset relatively easily online

Username structure: Account number or social security number

Password structure: 6 to 8 characters including at least one number BETWEEN the first and last characters; cannot match or be a subset of username

Second password/challenge: No

IE 6 AutoComplete disabled: Yes

Online password change: Yes, with old password

Online password reset: Yes, in one of two ways;
(a) If logging in with account number, you must provide social security number, date of birth, home phone number, and correctly pick a security in your account from a list of 10 choices including “none of the above”
(b) If logging in with a social security number, you must only provide the answer to the secret question.

Can also reset via automated phone system.

Email confirmation of password change/reset: No

Account lockout with excessive login attempts:
Yes, after 3 attempts; no warning prior to lockout

Online username retrieval: Not necessary (acct. # or soc. #)

Schwab’s unique password reset process requires the usual social security #, birth date, and telephone, plus users must correctly choose one of ten securities in the portfolio (including “none of the above”).          

US Bank

Password Scorecard

Grade: Good

Weakness: No email confirmation of password change

Username structure: User defined, 8 to 24 characters

Password structure: 8 to 24 characters

Second password/challenge: No

IE AutoComplete disabled: Yes

Online password change: Yes, with old password

Online password reset: Yes, with ATM card number and ATM PIN; new password displayed online

Email confirmation of password change/reset: No

Account lockout with excessive login attempts:
Yes, after 6 attempts; can reset online or wait 24 hours; no prior warning

Online username retrieval: No, must call

Password change screen. Note the prominent placement of what happens next.

Forgotten password can be reset online with
ATM card number and PIN.

Wells Fargo

Password Scorecard

Grade: Good

Weaknesses:
(1) No email confirmation of password change
(2) Account lockout too soon, after 3rd login try

Username structure: Social security number

Password structure: 5 to 8 characters

Second password/challenge: No

IE 6 AutoComplete disabled: Yes

Online password change: Yes, with old password

Online password reset: Yes, with statement account number and ATM PIN; those without an ATM PIN are directed to call customer service.

Email confirmation of password change/reset: No

Account lockout with excessive login attempts:
Yes, after 3 attempts; user redirected to online password reset page; no prior warning

Online username retrieval: Unnecessary (SSN)

Wells offers six options for where to go
immediately after login.

After three unsuccessful login attempts users are directed to reset their password, which can be done online with account number and PIN.    

Chase Manhattan

www.chase.com

Chase Manhattan (New York; $365 billion; 30 million customers; 3.8 million ATM cards) finally launched Web banking in January, marking the last major U.S. retail bank to port online banking to the Web. But the bank has been an aggressive marketer of its non-Web online programs, so they haven’t felt much impact in terms of lost customers. The bank told Bloomberg they had 350,000 online subscribers in late Feb., a healthy 9.2% penetration of its ATM base. Edify supplied the online banking platform.
Contact: Ron Braco is SVP Electronic Commerce, ron.braco@chase.com , (212) 622-0097.

Chase Manhattan

www.chase.com

Chase Manhattan Bank (New York; $281 billion; 3.6 million ATM cards) has joined the online banking elite, crossing the quarter-million subscriber mark. Here are the five largest North American banks. CIBC (Toronto, Canada; CDN$283 billion; 4.8 million ATM cards) is also nearing the quarter-million threshold, reporting 200,000 users on March 4, 1998.

Source: company reports, industry estimates

(1) For free services, this number of subscribers isn’t particularly meaningful. Number of users is a far better gauge. But of the five, only BankBoston has reported regular users, which are 50-60% of subscribers.

(2) Monthly fee for lowest priced online option. Some charge additional fees for access through Quicken or Money.

(3) Bill pay is optional. The fee is waived at Wells with a $5,000 deposit balance and at Nations and BankBoston with premium checking accts. Additional transaction fees may apply for heavy users.

Web-based indirect lending follows the business model used by financial institutions marketing installment loans at auto, boat, RV and other dealers of high-ticket items. The successful lenders will integrate their lending presence tightly with the end-product Web site itself.

Not surprising the first bank/merchant partnerships have sprung up in the online car sales marketplace, already a multi-billion dollar business in the United States.
Auto-By-Tel, the granddaddy of virtual auto sales (screenshot below), processes nearly 75,000 automobile purchase requests per month. At $20,000 each that’s $1.5 billion per month. Financing is provided by Chase Auto Finance, Key Corporation, and Triad Financial. Leases are from GE Capital.

ABT features “One-Click Financing and Leasing.”
Note the customer testimonial below the menu:
The Auto-By-Tel Acceptance Corporation rate was one and one-half points lower than the bank I’ve used for 25 years!

Collin Wood
Hood River, Oregon

CarFinance.com is featured on CarSmart’s front page.

Another example of Web-based indirect lending is at the popular car information site, CarSmart www.carsmart.com (screenshot below). Visitors to this online emporium will naturally be drawn to the CarFinance.com logo featured prominently on the CarSmart site. The financing site is operated by Barnett Bank at www.carfinance.com (screenshot below).

CarFinance.com is operated by Electronic Vehicle Remarketing, a subsidiary of Barnett Bank.

But, you don’t have to be a Barnett or Chase to become an indirect cyberlender. According to the latest count on Yahoo (below), there are 241 Auto Buyers’ Services and 143 Automobile Buying Directories online. In addition, 4,493 dealers are listed online. By comparison, there are only 125 financing sources listed and 93 of those are lease agents. Among the remaining 32, only two are insured depository institutions; one is a non-bank financial services provider; and five are the captive financing arms of car manufacturers (see table below).

Chase Manhattan
www.chase.com

Chase Manhattan Bank (New York, NY; $336 billion; 3.5 million ATM cards) eliminated fees for its online banking offering, and boy do they let you know it (screenshot below). This has more to do with regional competition than any strategic effort to migrate customers to electronic offerings. Citibank eliminated all electronic banking fees June 1, 1995, and has been dominating the NYC market for online banking. Industry estimates put Citicorp’s subscriber base at more than 400,000 compared to Chase/Chemical which stood at 60,000 at year-end 1996. In December, Chase officials predicted 200-300,000 subscribers by year-end 1997. Previously, Chase assessed a variety of fees based on deposit balances and options used.

These little “free” icons are all over Chase’s Web.

Separately, Chase has finally produced a respectable Web site. It still doesn’t offer account access, but the look, tone, and navigation are well-done. A far cry from its inaugural effort we lampooned a year ago. There’s an ATM locator and an online banking demo which is good-looking but PAINFULLY slow. It defeats the purpose to post a series of 50k graphic images to demonstrate how your PC banking program saves time. But we’re glad to see that Bruce and Julie Madsen’s real-life chronicle of life in an RV continues. Contact: Ron Braco is VP and heads the online program, 212.552.2222.

Chase Manhattan (New York; $323 billion; 3.5 million ATM cards) will provide auto loans for Auto-By-Tel Corporation <www.autobytel.com>, a leading Internet-based car broker providing dealer referrals to consumers all across North America. Auto-By-Tel was launched in March 1995 and has grown to 80 employees. The company recently made history as the first Web-only product advertised during the Super Bowl. Volume has grown from 5,500 purchase requests in Sept. 1995 to 35,000 a year later. Cumulative volume to date is 400,000 purchase requests.

Purchase requests, which are free to users, are forwarded to one of 1,500 participating dealers who are obligated to make a “no-haggle” offer within 48 hours. Auto insurance is available through American International Group (AIG) which also has an equity position in privately held Auto-By-Tel. Car leasing will soon be provided by GE Capital Services, another Auto-By-Tel investor.

Major automotive information companies, including Microsoft CarPoint, Kelley Blue Book, AutoSite, and Edmund’s Car Buying Guide, all forward users to Auto-By-Tel to complete the automobile purchase. Auto-By-Tel is also available on Prodigy and CompuServe. At ABT in Irvine, CA, Peter Ellis is CEO, Mike Lowell is COO. Ron Braco heads Chase’s online efforts, 212.552.2222.

Chase Manhattan (New York; $323 billion; 3.5 million ATM cards) recently disclosed the size of its online banking subscriber base and made projections for 1997. At year-end, the combined Chase/Chemical subscriber base stood at only 60,000. With an upcoming re-launch of its proprietary direct-dial program, Chase execs are projecting 200-300,000 users by year-end. Surprisingly, they will stay away from offering Web-based banking during 1997. Chase’s modest 1997 plans for the Web include “(getting) to the point of being able to do some application-receiving on the Internet,” according to Donald Boudreau, Vice-Chairman of Consumer Credit. Either Chase is putting up a smoke-screen to the press or they are way behind. I suspect the latter given the difficulties associated with a merger the size of Chase/Chemical. Good news for all those institutions, big and small, who compete against Chase. Ron Braco is VP and heads the online program, 212.552.2222.

The Web dominated the news throughout 1996. As well it should have. We completely agree with David Weisman of Forrester Research that the Internet is the fourth channel for delivering financial services. Joining in-person, mail and telephone channels as an essential part of every financial institution’s marketing and delivery mix.

The following chart summarizes what we think were the year’s most significant developments in Web banking. From Liberty Financial’s WebSaver annuity to Carolina First’s newest division, Atlanta Internet Bank, these new products, services, and strategies provide a glimpse of how the fourth channel will be leveraged in the future.

Top Story
Top honors go to APL Federal Credit Union (Laurel, MD; $97 million) which in July used Digital Insight’s turnkey Web services to become the fifteenth financial institution in the world to offer online account access. Why is that so significant? APL has only 8,000 members! Yet, because Web-based services can be implemented so inexpensively, APL was able to beat giants such as Citibank, Chase, and Nations to the market with Web-based checking account access.