US Banking Advancements: Too Little, Too Late?

Chip Credit CardI have been reflecting on the “advancements” in banking, particular in the United States, over the past few decades. In short, not much has happened since the 1980’s. The major update has been to allow consumers to access their bank accounts online, and more recently, from their mobile devices.

The banking industry did not lead in this online movement. Most other industries, notably those involved in e-commerce (online shopping), led the way. Banks reluctantly moved online, little by little. And now, many of them have mobile apps that allow more convenient banking from people’s smartphones and tablets. They are now touting their coolness with the number of new services they are providing like depositing checks by taking a photo of them. Although, how many checks are you receiving these days vs online deposits? A few banks even allow wire transfers to be initiated online.

Another change has been the inclusion of the “smart chip” on newer credit cards. These are also known as EIC (embedded integrated circuit) or EMV (Europay, MasterCard and Visa) cards. What the US banking industry won’t highlight is that this extra layer of protection has been standard in Europe for many years. It took additional regulation to push the banking industry forward in the US. This technology does better secure credit cards, however, it takes twice as long to complete an in-person transaction.

Virtually all banks have not yet matched the security now available with bitcoin and other cryptocurrency trading sites. I’m talking about two-factor authentication, or 2FA. All your hard-earned money is simply protected with a password. All your money — just a password. In short, this is ridiculous and not enough. There are a few banks that do support 2FA. So what is 2FA and how does it make my money safer?

Bitcoin users know about 2FA as nearly every trading site requires a second password, a second “factor” or “token”. Folks in sensitive government and commercial endeavors have been using second passwords for decades such as with RSA’s SecurID device. The 2FA version most popular today involves your smartphone. With a specific “seed” provided by the site when first setting up your account and a specialized password generator on your smartphone, a new second password is generated every 20 to 30 seconds (similar to SecurID). After entering your primary password, you need to enter a second “changing” password each time you login. And if you lose your phone, you can disable 2FA and re-seed it again elsewhere.

Furthermore, are banks serious about requiring only 4-digit passwords, so called PINs (personal identification numbers), in securing ATM cards? Mathematically, there are only 10,000 possible combinations, 0-9 (10 possible digits) for each of the 4 number positions (10x10x10x10 = 10,000). These are simply 0000, 0001, 0002, all the way to 9999. And banks even disallow many of those combinations as being too easy to guess. However, given that people are notorious bad at selecting a “random” number as  studies have shown, the most popular PIN is still simply, 1234.

How about transferring money, even just domestically. Do you know that it can take up to 3 days to transfer money from an account in one bank to an account in another in the US? That’s using PayPal, recently self-branded as “new money”. Really, what’s new about it? By the way, that 3 days to transfer funds between my own accounts! In Europe, again, clearing is faster than that, but still not instantaneous. With bitcoin, it’s yours now and confirmed (locked in irreversibly within the blockchain) within an hour.

My final gripe, or “observation”, is this. Bank account and credit card numbers are “two way” numbers. That it, they can be used for both deposits or withdrawals. If I give my bank account to someone who plans to deposit money into my account, that same number can be used to withdraw money as well. Those numbers can also be forged onto another credit card with the right tools.

The beauty of bitcoin and cryptocurrencies is that wallet addresses, the equivalent of a bank account number, can only be used to deposit funds, not to withdraw them. The cryptographic algorithm makes it impossible to withdraw bitcoins given simply a wallet address.

These are a few of the reasons why bitcoin and cryptocurrencies will “win” in the long term. There are too many weaknesses in banking technology, and these are just a few obvious ones. Just as in the early days of the internet people could hardly imagine the importance it would have for business and communication today, Bitcoin and its underlying Blockchain technology are likely to disrupt the financial industry in ways that we cannot yet imagine!