Well, seeing how old the US banking system (that everyone is still writing cheques!), I can't complain about the three-day delay for UK wire transfers made online, which would be instant if you make a transfer in Taiwan.
One of the largest banks in Taiwan,
Taipei-Fubon bank, who I bank with for about 10 years now, has always been rather friendly for online banking, as in, I haven't had major troubles using
firefox to do online banking.
Until now.
So like most places, E-Statement is what the banks are pushing, as it saves some bloody trees, and more importantly, the cost for printing and
delivering the papers. So there's whole lot of incentive for banks to do so. I have been getting summary of my account (including current account,
USD/
GBP account, mutual funds etc) monthly, in
plain text. Last month they started to introduce some kind of encrypted statement, but unfortunately it's not documented about what format or scheme they are using, and they only provide an (unsigned)
exe file for windows to read those ".
fubon" files.. So each time i receive such
gibberish, i prompted send them a reply:
[[[
敬啟者,
貴行新電子對帳單安全機制令人感到對客戶的用心,
唯所採用之技術似乎未註明是否使用開放標準,而貴行僅提供 windows 下的瀏覽程式,令不使用
windows 系統的客戶無法再使用電子郵件閱讀對帳單,著實不便。希望能儘速予以改善。
如果貴行使用的是 Symmetric-key 並以使用者生日資訊或自行設定之密碼作為 key, 請告知加密規則及演算法及檔案格式。
]]]
In English:
Dear sir,
The adoption of encryption for e-statement is certainly considerate and valuing your customers.
However it is not made clear that if the technology used is an open standard, and you have only provided a browser under windows. This makes non-windows customers of yours unable to read the statement, which is rather inconvenient. Please make it better.
If you are using some symmetric-key based on custom password (which default to date-of-birth), please make your encryption scheme, algorithm, and data format known.
Best,
So I usually get a polite reply after two days. Being the
company that makes issue tracking software
RT which should certainly be used in this case for customer service, I was curious enough to take a quick look to see if there are traces in the mail header that denotes such software system is being used.
Well, first of all, it was depressing to see "X-Mailer: Microsoft Outlook Express 6.00.2800.1914", meaning this was replied by a real person, in a normal outlook mail client. Which means if I have further followup regarding this reply, it will not be tracked and is likely to be handled by a different customer service representative. But that's alright, we know a lot of large companies do that, and that's where our product could help.
However I also noticed some very interesting headers in the path before it reaches our mail server:
by sms4.fubon.com (Symantec Mail Security) with ESMTP id XXXXXXXXXXXX
Received: from EXFE03.group.fb.com ([10.201.13.33]) by exfe01.group.fb.com with Microsoft SMTPSVC(6.0.3790.1830);
Mon, 11 Aug 2008 16:01:36 +0800
Received: from user008 ([172.16.205.8]) by EXFE03.group.fb.com with Microsoft SMTPSVC(6.0.3790.1830);
Mon, 11 Aug 2008 16:01:21 +0800
Message-ID: XXXXXX@fubon.com.tw
I didn't know my bank is rich enough to obtain
fb.com (and not use that as their website?), as if Merrill Lynch would want you to use
MerrillLynch.com rather than ml.com. a quick
whois shows that
fb.com is owned by
American Farm Bureau Federation, and also the message id, fb.com.tw, is owned by someone else as well.
What does this mean? The
fubon folks will not be able to send any message to
fb.com, because the mail servers think they are
fb.com, and internal network is very likely to decide the fb.com MX records for themselves. Maybe they don't ever do business with each other, but whoever configured this that way should get fired.
