Have you ever bought a product or service that worked perfectly well and then a new version is released that inexplicably stops working and develops a set of obvious and disastrous bugs, or have you ever heard of a software or media publisher who believes all their customers are potential thieves and have to jump through so many hoops that only real software pirates get to have any fun? Well, this has been happening with Abbey National’s recent online banking software upgrade this week and I’m totally unimpressed.
As I write this, I’m starting my second week of an effective online banking outage thanks to Abbey’s “upgrade” of their service last Sunday. There was nothing wrong with the previous online software which allowed me to check statements, make transfers and the like, but the surprise new version promises so many more useful features like selling you a loan or a mortgage while you’re checking your statements. This advertising isn’t so bad, if they didn’t have to recode so much of the system to add these features that it’s now fundamentally broken for a huge number of small business users like ourselves.
Evolved Software Studios has two accounts with Abbey National, and one of my other start-ups, Esteam, has a further two on the way. I’ve referred several other business owners to use Abbey’s service (they offer a good set of solid guaranteed bank accounts, with secure financial backing and no charges for the life of the account). If you’d have thought that I’d be able to reach a human being on the phone you were wrong.
They’ve substantially changed some of the architecture (I’ll come to this later) which means that many customers, like myself have had to spend several hours on the phone sorting out account issues that worked perfectly well before. Issues such as transferring money between accounts, making payments or just simply logging in. I’ve spent almost two hours on the phone to Abbey’s technical support desk in India, which wouldn’t matter at all if the operators could speak in English, I kid you not. They couldn’t tell me what the problem was except that it is uncomfortably hot in Mumbai for this time of year.
Last week I was, “Not authorised to perform this function”. Several hours of customer calls later and the result of my hard earned time is a refreshingly new error message, “You currently have only one account linked to your card”. I’ve also seen another rather more cryptic error, “bean error not found within scope”. Apparently I’m not alone as a quick Google search reveals many other business account customers have similar issues.
Abbey also decided that crippling our financial systems wasn’t enough, they banned all our company payment cards. After an hour and a half on the phone to India I was told this was due to a suspicious account activity. The purchase of £500 of hardware for our technology company before Christmas was apparently “unusual”. (Note to those who don’t know us: It’s not at all unusual to spend £500 or more at a supplier). I was told that Abbey’s fraud system fires far more often just before Christmas. That’s difficult when you’ve got suppliers to pay just before Christmas… Also when Abbey only provide premium rate phone numbers for their technical support and customer services lines, that’s just plain rude.
Observing from a customer point of view it looks as though Abbey’s changed it’s online banking architecture, more specifically instead of having an online banking account login which you apply for when you set up the accounts, you now have a debit card which can be used to log into your online banking after setting it up. Needless to say I don’t think Abbey’s technical architects gave much thought to those customers who don’t have (or access to) company debit cards. Neither did they think much about customers who have accounts that don’t have debit cards attached to them, like savings accounts, since this means that you cannot transfer money between cards as that equates in Abbey’s new architectural model to transferring money between cards, and you can’t do that with a savings account.
Therefore, any business customer who has a savings account for say, putting aside money to pay taxes, can’t. Unless they call Abbey to make the transfer manually. And you have to call and wait for hours because as a business user you still can’t use Abbey branches for anything.
I wonder why, when the poo hit the fan, Abbey didn’t simply press the panic button and roll back their machine images to an earlier version; abandoning the upgrade as it simply doesn’t work? It seems to me that there was a failure of having any procedure for failure. No backup, no phased deployment, just all-or-nothing, death-or-glory migration. If a Micro-ISV like ourselves can do it (and get hired by financial institutions to do it), why can’t Abbey/Santander, who presumably have a lot of cash to pave the way?
Do you get the error message, “You currently only have one account linked to your card. To add another account, please call 08459 724 724.”? Well, don’t bother calling that number because it relates to personal banking only and you’ll find out after a few minutes that their phone system can’t handle business accounts. Here’s a handy trick though for those so inclined – when you get a phone menu on a system (like the one Abbey uses) and before you get the “Press 1 for… Press 2 for…” menu, simply mash the hash (#) key on your keypad. This will confuse the system and it will forward your call to their default customer service line, bypassing the impossible computer menu system. You didn’t hear this from me! (Well, you did, but what else can you do?).
Speaking of Abbey branches, today I noticed that our online banking statements don’t match with the recent transactions list when printed from an ATM (different dates on items). Are Abbey caching data, are statements merely guesses (to be revised at a later date) or has this upgrade introduced a new disparate system with different views on the same data? I reckon it’s the latter, but I do hope Abbey sort themselves out sooner rather than later.
Is more passwords more secure?…
In a statement to the BBC, Abbey said: “As part of the upgrade, our active online customers have been required to register again to gain access to their secure internet site.”. This brings me to something of interest to anyone interested in software security. Previously to log into Abbey I had a username, password and a selection of answers to security questions.
Abbey now require you to memorise; your debit card number or long username, a ten digit unique number, an alphanumeric strong password and a numeric password. I bet a lot of people who previously remembered their details are going to start writing them down and that theft of online banking details is going to go up. Also key loggers are going to have an easier time as the order in which the security challenges appear is static and doesn’t change, so it’s now much easier for malware to capture all the details to access your accounts in only one sweep.
Speaking of security…
We don’t like Firefox 3. Use Firefox 2 or Internet Explorer instead.
Yes, that’s right. If you use the latest version of FireFox (3), you’ll be asked to upgrade your web browser with a link to www.getfirefox.com. Hmm. That link is for Firefox 3. So I tried Firefox 2. Oh, that works. Firefox 3 fixes lots of security holes in Firefox 2. Thanks Abbey!
I also headed on over to www.anbusiness.com with Internet Explorer. I got a whole heap of SSL certificate errors (the SSL certificate is invalid). This is not very reassuring on a banking website!
So, let me get this straight. According to the Abbey/Santander IT department/CTO: Firefox 2 is ok with Abbey. Internet Explorer is ok, but it catches the SSL security fail. Firefox 3 is too old and Abbey need to you upgrade to Firefox 2.
Do you need to contact Abbey?
I’ve gone through a lot of pain to get these details. Hopefully they’ll be of help:
- RMT Management Team (Abbey Business Support): [email protected] (don’t email them if you need specific help, they probably can’t do anything actually useful for you)
- Abbey Business Banking Complaints: [email protected]
- Tel: 0800 056 5151 (not checked – taken from another poster on theregister.co.uk)
- Tel: 01908 237 968 (Abbey Business – cheaper than 0845 or 0870)
Who do you bank with and why?
That’s enough from me. It’s over to you, dear reader. Who do you bank with and why?
Sources and further reading:
- Banking Times (Abbey locks out online business customers) – http://www.bankingtimes.co.uk/12122008-abbey-locks-out-online-business-customers/
- Job losses at Woollies and Abbey – http://www.citywire.co.uk/personal/-/news/markets-companies-and-funds/content.aspx?ID=323842
- Abbey IT upgrade ‘chaos’ hits small biz banking – http://www.theregister.co.uk/2008/12/10/abbey_business/
- What’s wrong with Abbey? (Times Online) – http://www.timesonline.co.uk/tol/money/consumer_affairs/article3021092.ece
- Abbey Anger Blog Post – http://strugglers.net/~andy/blog/2008/12/09/abbey-anger/
- BBC: Anger over Abbey’s online glitch – http://news.bbc.co.uk/1/hi/business/7777397.stm