Let me tell you about my bank.
I would expect an institution which I trust to look after my money to be
among the most competent bureaucratic organisations I deal with. Sadly,
interactions which I and my partner H have had with our bank in recent
years suggest the opposite.
Some of these incidents were comparatively minor: I once had to have a
new debit card issued three times, because I made the fatal error of
asking if I could pick it up from a different branch (the first two
times I got the card, my home branch cancelled it as soon as I used it).
More recently, when I got a replacement credit card, every person I
dealt with had a completely different idea of what documents I needed to
provide in order to collect it. When H bought a used car, it turned out
that it was literally impossible for him to pay for it with a transfer
and have the payment clear immediately -- after he was assured by
several employees that it would not be a problem.
Some incidents were less minor. H was once notified that he was being
charged for a replacement credit card when his current card was years
away from expiring. Suspicious, he called the bank -- the employee he
spoke to agreed that it was weird, had no idea what had happened, and
said they would cancel the new card. H specifically asked if there was
anything wrong with his old card, and was assured that everything was
fine and he could keep using it. Of course everything was not fine -- it
suddenly stopped working in the middle of the holiday season, and he had
to scramble to replace it at short notice. All he got was a vague
explanation that the card had to be replaced "for security reasons".
From hints dropped by various banking employees he got the impression
that a whole batch of cards had been compromised and had quietly been
replaced -- at customers' expense, of course.
What happened last weekend really takes the cake. The evening before we
were due to leave on a five-day trip, well after bank working hours, H
received an SMS telling him that his accounts had been frozen because he
had failed to provide the bank with some document required for FICA.
This was both alarming and inexplicable, because we had both submitted
documents for FICA well before the deadline years ago. The accounts
seemed fine when he checked them online. When he contacted the bank, he
was assured that he had been sent the SMS in error, everything was fine,
and he didn't need to provide any FICA documents.
So we left on our trip. I'm sure you can see where this is going.
On Thursday evening H's accounts were, in fact, frozen. He tried
unsuccessfully during the trip to get the bank to unfreeze them, but
since it was closed for the weekend there was pretty much nothing he
could do until we got back home.
Hilariously, although employees from the bank made a house call this
morning to re-FICA him, he had to go to the branch anyway because they
needed a photocopy of his ID (scanning and printing is magically not the
same as photocopying).
Again, what actually happened is a mystery -- the bank claims that they
have no FICA documents on record for H (as an aside, why are customers
not given receipts when they submit these documents to the bank? If
there is no record of the transaction, the bank can shift blame to the
customer with impunity if it loses vital documentation).
We're very fortunate that none of these incidents had devastating
consequences for us, since they only impacted one of us at a time. If we
relied on a single bank account, we could easily have ended up without
food, without electricity, or stranded in the middle of the Karoo with
no fuel. This is pretty clearly not an OK situation.
The common thread running through all these incidents is a lack of
communication: both between the bank and its customers, and within the
bank. We rapidly discovered through our dealings that while the bank
maintains the facade of a single, unified entity, it in fact comprises
several more-or-less autonomous divisions, and communication between
these divisions often resembles diplomacy in the Balkans.
I would not be surprised to discover that various aspects of customers'
information are distributed over several disconnected databases. There
appears to be no way for certain types of information to be linked to
accounts, which necessitates the use of bizarre hacks. When H's credit
card was disabled, this was in no way reflected in the online interface
-- he just had an enormous amount of money reserved on the card. When
his accounts were frozen, this was again not apparent in the interface
(which was recently updated) -- his available credit balance was just
zeroed, and he got a non-specific error whenever he tried to transfer
funds. I believe that the back-end infrastructure for managing this
information effectively and making it available to customers and
employees simply does not exist.
As a result of this, I have learned not to believe a word that a bank
employee says if there is any chance that the issue crosses some
internal jurisdictional boundary. In the best case scenario they are
aware of their own lack of information and are able to direct you to the
appropriate department. In the worst case scenario, they dispense
outright misinformation -- something which can have devastating
consequences (for you).
We live in an age with an abundance of instant communications methods.
In spite of this, it appears to be beyond the bank's abilities to inform
people timeously about what is going on with their accounts. It has
backed off from electronic communications presumably because of fears of
phishing, and has fallen back to two obsolete and inefficient channels:
voice phonecalls, which are prone to misunderstandings and human error
and leave the customer with no written record, and SMSes, which have a
character limit. Both these channels are vulnerable to blips in the
cellphone network infrastructure, customers having no airtime, or
customers just not being available to answer their phones at certain
times (since voice phonecalls are synchronous). The bank also uses these
channels as if it believes that they are intrinsically secure and
trustworthy, which is ludicrous, as anyone who keeps getting calls from
"the Microsoft Support Centre" can attest.
In order for this dysfunctional system to work, the bank appears to
expect its customers to accept unexpected additional charges
unquestioningly, and to follow instructions issued by unknown persons
calling from unverified internal numbers, even if they are nonsensical
or suspicious and cannot be corroborated by other bank employees
contacted through more reputable public-facing channels. It is standard
procedure for such callers to demand personal information from customers
in order to verify their identities, but they offer no evidence of their
own legitimacy.
In short, the bank expects us to be the kind of credulous chumps who
fall prey to phishing scams. It's easy to see why phishing works when
genuine communications from the bank are so unprofessional and follow
such laughable security practices that they are virtually
indistinguishable from phishing.
I haven't named my bank, although it's pretty easy to find out what it
is if you know where to look, because I'm sceptical that there are
significant differences between the way South African banks operate;
particularly the Big Four. I've certainly heard the same kinds of horror
stories from customers of other banks.
This is the final straw which has led us to investigate other banking
options. Whether the pastures we're moving to are greener or just
differently green remains to be seen.
If you feel strongly that there is a bank which is notably better or
worse than the others, or you just want to share your own tale of
banking woe, let me know in the comments. I'll be over here, stuffing my
money into a sock to hide under my mattress.