22seven launches…&…crashes – Can we trust it with our PIN ?

image

DO NOT GIVE OUT YOUR PIN – golden rule. I broke it.

We are repeatedly told that no one, including bank tellers, will ever need your banks PIN. It is your security. It is your responsibility to make sure no one knows it. We have been repeatedly warned by every bank that if you give our your personal information and your account is accessed – TOUGH. You are in breech of Privacy Policy.

So along comes a services called 22seven.com which is an “independent online personal financial service” that aims to help consumers answer the question: “how do we make ends meet?”

“Our service doesn’t have all the answers but it does have a few insights,” says Christo Davel, CEO of 22seven. “22seven is founded on the idea that if we become more aware of why we make the decisions we do, we will be in a better position to make smarter money choices.”

The team at 22seven believes the flaw is that traditional financial management tools rely on objectivity, rationality, budgeting and discipline.

“The reliance on purely empirical data to make decisions is the problem,” says Davel. “People are hardwired to make choices on instinct, intuition and emotion. It doesn’t matter how many budgets we do or how many books we read, we will still act like the complex, emotionally governed human beings we are.”

22seven offers insight into how people make their money choices, and guides them to being and feeling in control of their financial lives.

So how does it work ?

You obviously have to sign up and you are walked through various screens of humorous prompts Kulula.com style.

22seven - humerous messages

Once you have completed the initial steps, you are asked to select your bank:

22seven - select your bank

and then the unthinkable:

22seven - enter your PIN

You HAVE to put in your login details, pin and password as if you are logging into your Bank’s website ! …eh….what ?????

At this stage, most people will do a double take and I suspect most people will abandon the service. (See Golden Rule above – never give our your PIN)

Whilst 22seven goes to great length to explain about security and that its a Read-only and you can not actually transact from this website, the fact remains that they have your information stored somewhere.

image

If you are able to get over that fear and put your confidential information in, the website then pulls your info directly from your bank (heart skips a beat when you get the “someone has logged into your online bank account” sms).

It seamlessly sets up all your accounts and then does a good job in categorising your expenses.

That is unfortunately as far as I got as the site had logged me out due to “technical issues”.

22seven - technical issues

I suspect that they have not estimated the initial take-on popularity and the system simply fell over.

Here lies the main problem which is going to hurt: When you are dealing with people’s sensitive financial information and thiose brave early adopters who took the plunge and gave you their PIN, you can not afford to have your system crash. This raises serious concerns and doubt.

As can be expected, the Twittershepere has been abuzz with both positive and negative comments – not surprisingly Security dominates the chatter with even a Facebook Poll launched.

22seven - Twitter comments

22seven - Twitter comments

22seven - Twitter comments

22seven - Facebook Poll security

In Summary:

I am confused. Surely Management would have recognised that the PIN will be a major stumbling block. So why not have the facility to “Import Banks statement” as an alternative. This would have been prudent in the initial stages when you are trying to gain customer trust.

The choice of technologies also seems puzzling – the entire system is written in Flash which instantly leaves out the MAC iPad users. Why not use HTML5 ?

Finally, when you see the system taking strain, why not shut off any new registrations ? This gives your technical team the time to better bulletproof your system before opening it up to the public again.

What a pity. The service has such great potential and is very needed. I am looking forward to watching this service as it develops, fixes it bugs and see how it handles the security concern.

As for me, yes, I did sign up and put in my PIN. And Yes, I did delete my account and changed my PIN as the site started to crash around me.

Guess I also have trust issues…

5 Comments

on “22seven launches…&…crashes – Can we trust it with our PIN ?
5 Comments on “22seven launches…&…crashes – Can we trust it with our PIN ?
    • Hi Callan,
      tried it but it keeps failing in the upload CSV file part…

      Just a heads up: on the Login there are two text boxes with no description – I am assuming the top is the username and the bottom is the password..

      • Hi,

        This isn’t unusual, since we’re reverse engineering every new CSV type that we get. Banks have been blatantly uncooperative with getting us any information whatsoever with regards to how they structure their CSV statements for different accounts. What makes it challenging is that most banks (esp Nedbank) have, inexplicably, different formats for different account types. The upside is that we’re getting higher success rates we as we allow for new accounts, every day.

        I had a look, however, and I don’t see that your import triggered an error on our system. Could you ping me a mail on callan at moneysmart dot co dot za and shoot me some details, like bank, account type, error message, etc.?

  1. Pingback: 22seven is safe & secure but banks are not happy « The Techie Guy – complicated IT translated into simple English

  2. Pingback: Inside 22Seven: Budgeting is so old-school and doesn’t work–its all about how we behave « The Techie Guy – complicated IT translated into simple English

Add your comment