Barclays iPortal - will it resonate?

Profile picture for user gonzodaddy By Den Howlett September 23, 2015
Summary:
Barclays iPortal attempts to offer customers a more secure method of accessing accounts. The theory is fine, the outcome less so.

Barclays

Reports are appearing for the launch of Barclays iPortal. The claimed differentiator comes in the use of Hitachi's Finger Vein Authentication Technology. I'm not convinced. Ian Murphy, who does better job than most in dissecting the story says:

One of the key targets that Barclays set itself was to raise the bar in terms of security. Customers will be issued with the Barclays Biometric Reader which will use their fingerprints as part of a multi-factor authentication process. There are, of course, concerns about the use of biometric devices as several black hat and other conferences have sought to debunk myths around them.

That explains the use of the Hitachi device. According to Murphy:

The first version is designed around those customers using desktops and laptops as the Hitachi reader is a USB device. In November Barclays will launch their web apps which will enable customers to use smartphones and tablets to connect to iPortal.

At that point they will need to change the fingerprint reader as there will be no USB connectivity and the likelihood is that they will move to a Bluetooth connected solution. What is not known at the moment is whether that solution will also be supplied by Hitachi or whether they will look at any of the other biometric readers on the market.

Much is made of the fact that Barclays undertook a 'ground up' approach using agile methodologies. I guess they're trying to make fintech development sound cool. That can't mask the fact that Barclays is on a hiding to nothing with this combination.

Last year, the BBC reported the early steps Barclays was taking. The technology was considered expensive, for which Barlcays said it would make a charge, and admittedly 'clunky' by Barclays staff. Nothing I see in the current iteration suggests that the obvious usability problems have been addressed.

The fact that several different people can be authorized to use the device for different purposes is interesting but I can't imagine people queuing up to use it in a busy corporate office. Similarly, I can't see your average person lugging around a tennis ball sized device for mobile usage. It doesn't make sense.

To its credit, Barclays has stepped beyond the straightforward fingerprint form of biotech in the hope that improved security buys customer favor. I wish I could agree but this seems plain wrong. More generally, I don't see how you get companies to buy into the idea of 'veinID' when, as Jeff Nolan (who has a dog in this race) points out:

We are entering a period where fingerprint biometric data volume will explode and become an attractive target for hackers.

If we try get past that then what else is on offer? According to CBR:

iPortal alerts and notifies users about certain tasks that requires immediate action along with a consolidated 'to do' list.

It also shows an overview of group balances, across different business divisions and activities in multiple countries.

iPortal also facilitates the sending and receiving of secure messages with Barclays relationship and support teams.

The system will also double as a market intelligence tool, which will provide insight on the latest market research and insights specific to users business and industry.

Some of this I can sort of buy, some of it I can't. Task alerts sounds interesting but most enterprises will surely have already ensured they have advance alerts for cash management purposes. The notion that cash or treasury managers need a portal of this kind to get insight into cash holdings is a problem that was solved years ago. Treasury managers are much more concerned about reconciled balances and cash availability.

On market intelligence, I want to hear more before making a firm judgment but most enterprise questions of this kind I see are centered around benchmarking. I doubt that any bank has the right data to enable that type of service. They cannot for example know what is happening through other bank entities.

As always, I am more than happy to be proven wrong but on its face, Barclays iPortal (which doesn't work today) has more the look of someone's pet science project that got shoveled through a QA process and into production but without the investment in user experience considerations needed for widespread adoption.

More troubling, we are living through an age where banks put the security onus on the customer. Banks sugar coat security issues by offering ever more convoluted methods of access of which iPortal is one in a long line of efforts. I will be much more impressed when I hear that innovation starts with the bank rather than them applying new Band-Aids.