Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "online banking"
Client: I want all cookies blocked on my computer.
Me: Are you sure? Some things won't work if i do that. Like using online banking.
Client: I don't use it, so it's fine.
*Two weeks pass. I have to come back and see three bankcards laying on the table*
Client: I'm not able to use online banking anymore. Can you fix it?
Come on! You pay me to give advice and help out with problems. The least you could do is listen.10
A small story on digitalization
I had spent an hour in the bank with my dad, as he had to transfer some money. I couldn't resist myself & asked:
Dad, why don't we activate your internet banking?
''Why would I do that?'' He asked, ''Well, then you wont have to spend an hour here for things like transfer.
You can even do your shopping online. Everything will be so easy!
I was so excited about initiating him into the world of Net banking.
He asked, If I do that, I wont have to step out of the house?
''Yes, yes''! I said. I told him how even grocery can be delivered at door now and how amazon delivers everything!
His answer left me tongue-tied.
He said ''Since I entered this bank today, I have met four of my friends, I have chatted a while with the staff who know me very well by now.
Two years back I got sick, The store owner from whom I buy fruits, came to see me and sat by my bedside and cried.
When u r Mom fell down few days back while on her morning walk. Our local grocer saw her and immediately got his car to rush her home as he knows where I live.
Would I have that 'human' touch if everything became online?
I like to know the person that I'm dealing with and not just the 'seller'. It creates bonds. Relationships.
Does "online" deliver all this as well?
Technology isn't life #BeHuman
For those who are not getting the context, this things happen in India. It is truth not a fact.17
I wonder why banks are always so terribly insecure, given how much money there's for grabs in there for hackers.
Just a while ago I got a new prepaid credit card from bpost, our local postal service that for some reason also does banking. The reason for that being that - thank you 'Murica! - a lot of websites out there don't accept anything but credit cards and PayPal. Because who in their right mind wouldn't use credit cards, right?! As it turns out, it's pretty much every European I've spoken to so far.
That aside, I got that card, all fine and dandy, it's part of the Mastercard network so at least I can get my purchases from those shitty American sites that don't accept anything else now. Looked into the manual of it because bpost's FAQ isn't very clear about what my login data for their online customer area now actually is. Not that their instruction manual was either.
I noticed in that manual that apparently the PIN code can't be changed (for "security reasons", totally not the alternative that probably they didn't want to implement it), and that requesting a forgotten PIN code can be done with as little as calling them up, and they'll then send the password - not a reset form, the password itself! IN THE FUCKING MAIL.
Because that's apparently how financial institutions manage their passwords. The fact that they know your password means that they're storing it in plain text, probably in a database with all the card numbers and CVC's next to it. Wouldn't that be a treasure trove for cybercriminals, I wonder? But YOU the customer can't change your password, because obviously YOU wouldn't be able to maintain a secure password, yet THEY are obviously the ones with all the security and should be the ones to take out of YOUR hands the responsibility to maintain YOUR OWN password.
Banking logic. I fucking love it.
As for their database.. I reckon that that's probably written in COBOL too. Because why wouldn't you.23
Fuck my life...
Okay, so I’m working on a web app with a small group... the app is basically a lead generator for new business in another country. We just need contact details cause they’re a fucker to buy.
Step 1: prototype to the investors, working with the ceo to make this thing look shiny AF.
Goes well as fuck.
CEO: “when can we get this out?”
Me: “it’s basically done mate, get your guys to look at it and we can talk about marketing”
Que a shower of 10 or so bellends with senior in their title going into a room and coming out with:
Bellends: “so on this page we want the user to confirm and accept the contract”
Me: “cool, makes some sense, that’s what it’s already doing.”
Bellends: “afterwards we want to show them the price and have them put in their banking details.”
Me: “Wait, you what when?”
Bellends: “Yeah, well Jenny says we should have as few clicks as possible to get to the final stage and have the customer accept.”
Me: “Jenny’s on fucking crack, moving the contract formation phase to after the contract acceptance stage is not an option”
Bellends: “Oh it’s okay, Andy in legal said that would be okay”
Me: “Andy’s a fucking moron, tell him that online contract formation laws were updated 2014/2015 and you can’t do that anymore”
Bellends: “No, andy’s legal, surely he knows”
Bellends: “We want all of this above the fold”
Me: “OH FUCKING SUCK A DICK YOU ABSOLUTE BAND OF FUCKWADS... which one of you, which one hasn’t looked at a website this millennia!?”
Needless to say I ignored all their shit, got the lead generator out and told the CEO those ten people are certifiably fucking useless.
Bonus round; recent, but “it has to be on internal infrastructure”
“Why? It’s a mobile app sending rest calls to a third party saas.”
“It just has to, we have this thing called the private cloud and w”
“Wait... you what son, priv 🤦🏼♂️ private what mate?”
“You... you mean a server rack?”
“Nah we spent £2mn on it, it’s brilliant”
“Hahahaha you fucking dick, you blew £2mn on server infra with fuckall to put on it!?”
“No, no it’s the private cloud”
“Fucking idiot, aye son, where’s the fucking bean stalk you prick!?”
“It has to go on internal infr”
“Shut up, that won’t work”9
I can add two-factor authentication to GitHub, but my online banking password must have EXACTLY 5 characters...14
After a couple years as a developer I've learned that all those banking sites and cool online stores and apps are held together with old chewed gum, duck tape and that guys who has been in the office 48h straight and whose wife thinks he's dead.2
Meet 'SBI Online' app from Play Store, in their own words:
What they were supposed to do?
"Experience the new Retail Internet Banking of SBI"
What they do?
"SBI online app will redirect to SBI Retail Internet Banking (online SBI) site"
Why do they have app?
"No need to remember URL",
"Less memory space required on device"
App storage space?
F**king 2.6 MB, just to redirect users to their website, in third-party browser.2
This is what f*ckin' grinds my gears to the max...
Today a family member asked me to help them with online banking so I agreed because they are really not computer literate.
I don't use the bank they use so the whole online banking website interface was new to me and I had to figure out where some things were.
The family member that I was helping was getting really annoyed because it was taking long (by the way it took me less than 15 min to finish helping them).
As I was assisting them the f*ckin' idiot had the nerve to tell me, and I quote, "I thought you were good in IT. You can't even assist me with online banking".
Honestly, WTF?!?!?! 😡😡
How does one even respond to such...
Anyways... This is just one simple example regardless of what field you are in IT, you NEED to be good with whatever tech gets thrown at you.
Just got chewed out because someone couldn't see the latest interface changes on the site...
*Walked over to their desk*
Me: "Did you clear your browser's cache?"
Them: "Oh, what does my online banking have to do with the updates?"
Me: *sigh* 😬😬5
So... did I mention I sometimes hate banks?
But I'll start at the beginning.
In the beginning, the big bang created the universe and evolution created humans, penguins, polar bea... oh well, fuck it, a couple million years fast forward...
Your trusted, local flightless bird walks into a bank to open an account. This, on its own, was a mistake, but opening an online bank account as a minor (which I was before I turned 18, because that was how things worked) was not that easy at the time.
So, yours truly of course signs a contract, binding me to follow the BSI Grundschutz (A basic security standard in Germany, it's not a law, but part of some contracts. It contains basic security advice like "don't run unknown software, install antivirus/firewall, use strong passwords", so it's just a basic prototype for a security policy).
The copy provided with my contract states a minimum password length of 8 (somewhat reasonable if you don't limit yourself to alphanumeric, include the entire UTF 8 standard and so on).
The bank's online banking password length is limited to 5 characters. So... fuck the contract, huh?
Calling support, they claimed that it is a "technical neccessity" (I never state my job when calling a support line. The more skilled people on the other hand notice it sooner or later, the others - why bother telling them) and that it is "stored encrypted". Why they use a nonstandard way of storing and encrypting it and making it that easy to brute-force it... no idea.
However, after three login attempts, the account is blocked, so a brute force attack turns into a DOS attack.
And since the only way to unblock it is to physically appear in a branch, you just would need to hit a couple thousand accounts in a neighbourhood (not a lot if you use bots and know a thing or two about the syntax of IBAN numbers) and fill up all the branches with lots of potential hostages for your planned heist or terrorist attack. Quite useful.
So, after getting nowhere with the support - After suggesting to change my username to something cryptic and insisting that their homegrown, 2FA would prevent attacks. Unless someone would login (which worked without 2FA because the 2FA only is used when moving money), report the card missing, request a new one to a different address and log in with that. Which, you know, is quite likely to happen and be blamed on the customer.
So... I went to cancel my account there - seeing as I could not fulfill my contract as a customer. I've signed to use a minimum password length of 8. I can only use a password length of 5.
Contract void. Sometimes, I love dealing with idiots.
And these people are in charge of billions of money, stock and assets. I think I'll move to... idk, Antarctica?4
Fuck you for imposing the upper limit on password length for my online banking! Why do you even care about my pass - don't you fucking hash it beforehand?!3
Bank Teller: So how was your experience in using our online banking service.
Me: (Me looking at his face in awkward way)1
Oh you want to email me and have me click on the link in order to update my online banking profile. Yes even tho I don't bank with you that seems like a good idea
Fuck Banks and fuck online Banking
Fuck you for not supporting real 2FA
Fuck you for having such shitty bloated bullshit Websites and online services
Fuck you for taking forever to transfer money
Fuck you for not having public APIs Fuck you for so many uncountable reasons.
And most of all Fuck you for constantly trying to fuck me. I FUCKING HATE BANKS SO FUCKING MUCH.
I hope so much that there'll be a decentralised uncontrollable anonymous and digital currency in the future. Something like Cryptos (like BTC or ETH) but without all the major Problems they have now.
I wish there was a hell Banks could go to. I want to see them burn and suffer so fucking much not even the worst medieval torture methods are enough to satisfy me.43
I was doing code reviews for some of the new Devs recently joined... One guy wrote his entire life history in the check in description... Like Why he took this approach, why interfaces are necessary in coding, when did he lost his virginity (I doubt he ever did), what's his pet name? - sadly no information related to his online banking... Shame really...
For somebody who went to a liberal arts college, I'm surprisingly resistant to inconsequential changes. For instance, I flipped a shit when my online banking changed their dns configurations a little bit.
I checked out this new hybrid app that was released by some local senior developers.
Turns out that on my user profile, my user ID is set as the value of a hidden field and changing it to any other user ID and saving the form will update the profile of that user. Including changing the password.
The password reset form also allows me to change the user ID to reset that user's password.
Speaking of passwords, the value of the password field on the profile is my actual password in plain text.
Yes, I said this app was released by a couple of "senior developers". One has over 15 years of experience and the other works at an IT company that builds online banking systems. They appear to have outsourced this side project to some other development team but... Come on. At least take one quick look at the source code before releasing it, why don't you?
I don't even...1
Jesus fucking christ! I've been hired by this bank to improve the quality of their online banking software. Zero unit tests and I'm tasked to make it testable as much as possible.
Guess what? Almost the whole fucking codebase uses static classes everywhere!!! Good luck unit testing that.... what a bummer. It is a challenge though.2
Has anyone ever tried to send a message to a rep at PNC on their online banking?
-you can't write any 'special characters' in the message. This includes dashes, slashes, and even apostrophes ("don't" is not allowed!) among others. I guess they just pipe the message right into the SQL queries!
-I had to type a long message there, and I was tired and forgot to do my usual CTRL+A/CTRL+C ritual - BIG MISTAKE!! After clicking submit, I get a JS alert() come up saying that my session timed out after 15 minutes of inactivity (writing a large rant to PNC ofc). Back button does not bring up the filled out form to copy from, as like the whole site seems to be on the same URL. There was no way to exit the alert without losing the message. Thankfully I did not close the tab, and I was able to recover and piece together some of the text snippets using $ gcore / $ strings | less.
Overall this has to have been the worst web app I have dealt with for quite a while.3
anyone else get second thoughts about their bank when they see this kind of message after logging in?
"Online Banking is unavailable
We are really sorry we are preventing you from completing your banking today. Our technical teams are aware and actively investigating. Please know they are working hard to restore service as soon as possible.
Please call us at 123-456-7890 for banking assistance or information."
"Ideal" online banking:
1. Force users to change passwords often.
2. Implement possibility to login if forgot password.
3. Make it impossible to chage password if forgot one.9
They want you to go paperless (cos it saves them shit loads of money, and the shareholders like to count it all day long) not for environmental reasons. But their shitty, flakey online banking system is always down or having technical problems. Fucking sort it out!4
My bank's website is the shittiest fucking site in the world. It literally kills my phone, to the point where my browser takes a full 5 minutes to exit.
The latest bug I mean feature they have rolled out interrupts your login with a fullscreen modal which asks if you want the app or to continue on the site.
Well, the fact that I'm in a browser means I've already made up my mind so why don't you go and fuck yourself? And based on the quality of your website, do you really think I want to voluntarily install software that you've sellotaped together onto my device?
Go and fuck yourself you pieces of shit.2
Why in the FUCK does the NSLSC (company that lends out student loans) have as their ONLY method to update your banking information a .pdf that you print out online and physically mail in. Once they receive it–will take another 1-2 weeks (according to them) to update my banking information.
It's fucking 2019, every single service I've used to update any kind of information (from gym payments to government related information) can be done online through a secure, streamlined, fast, environmentally friendly and cost effective ONLINE FORM.2
Dear the devs at Danske Bank UK,
For the 4th time in 5 years I am going to send a error report to you and get my local branch to directly email you to complain about the lack of being able to see anything on my ISA on online banking, plus just fucking fix it,
Guys, I just need to know if I'm the one who's crazy.
I work at a fairly large bank. This bank has an Online Banking platform. Now, for reasons that deserve a rant of their own, I work on a self service account opening platform (in branch).
Now, my team is being tasked with adding features that will force customers to enroll in Online Banking and 2FA when opening accounts if they have not already done so.
The reason? There's low usage of the Online Banking solution.
My problem? I think this is a pointless waste of time.
Hear me out: All existing customers already have the ability to enroll with online banking, they can do it from there homes, in their underwear if they want, and they aren't doing it. Can anyone explain to me why we expect that customers who showed no interest in online banking before are going to be interested in using the application now?
You come in to branch to open an account, we stop the process to force you to enroll with internet banking(if you want to finish opening your account through the app), and then hope you'll use it now (despite the fact you could have enrolled at home all along)
We're duplicating the feature of an existing project and slowing down an unrelated process so we can hope you change your mind? Is this not a marketing problem? Do we not just need to sell the shit better? What am I not seeing? It's insane, we even took time to look at signing customers up for email addresses (in branch, while opening an account) if they didn't have one(because you need an email address for online banking). What really gets me is that everyone on my team is eating this shit up like it makes perfect sense. Like nobody else seems to think this is fucking stupid. I'm now resigned to implementing this bullshit. Am I the crazy one here? I realize I must be. Whatever I get paid anyway I guess. I raised my concerns repeatedly and I just kept getting the same stupid response. My job is done14