Mobile Apps No Substitute For Website. Potential Campaign?

CoastingHatbox

Hello,

Not sure whether this is the best place for this post. Apologies if not.

I want to raise a concern about financial institutions who have provided websites for customers to manage their bank accounts, savings accounts, credit cards etc. on-line, now pushing customers towards using mobile apps instead.  Even, in some cases, making on-line access 'mobile app only'.

I'm aware that Nottinghamshire Building Society LISA holders were transferred from a website to a mobile app. Sainsbury's bank I'm sure used to offer on-line banking facilities, but are now mobile app and phone only. Both my current account providers and all my credit card providers are constantly promoting their mobile apps, and amongst them there are some features or facilities which are mobile app exclusive.

Mobile apps however present some problems. They generally mandate that a customer has a smart phone or tablet with access to the Apple or Google Play stores. They generally mandate that the customer has either an Android or Apple phone/tablet. Some people are more privacy concious and don't want to use these devices. Some people may not want to lose access to their on-line banking when they lose or accidentally damage their phone or tablet. Most importantly however, some people struggle with mobile apps for accessability and/or age related reasons. (I don't want to sound ageist - case in point below)

I also don't see mobile apps as necessarily being more secure. In fact, they are, I believe, actually less secure. And I can find evidence to support that assertion.

I'm really struggling with my mother right now, because she has been adversely affected by a company choosing no longer to provide a website for administering a credit card. With fairly advanced arthritis affecting her hands, she really struggles to use a mobile phone. I don't think a tablet would help matters - it is actions such as swiping and selecting characters with the on-screen keyboard that prove to be frustrating and irksome. I think possibly a stylus might help, but boiling things down a bit further, she doesn't really know how to use her phone. And when she runs into trouble, I think remote access to her phone would pose yet another hurdle (I quite often remotely assist her using her PC).

I don't understand the big push towards using mobile apps for on-line banking. The institution providing the app, has to provision and maintain an API for the app to use. Modern websites often use the same underlying APIs, reducing the extra 'effort' and 'expense' for providing the website. The conclusion I reach is that mobile apps allow institutions to collect more data about their customers. I also think current account and credit card providers want to ease a future transition to more closely integrated payment mechanisms which would reduce their costs in providing bank cards, pin numbers and also allow them to operate independently of the well established electronic payment providers (Visa, Mastercard, etc..)

I think, as financial institutions continue to march in this direction, there are a raft of people who are literally going to get left behind. I think, ideally, I would like to see legislation that ensures financial institutions providing conventional banking services (current accounts, cash savings accounts and credit cards) have to provide their customers with a website, which meets the current (broader) industry accepted standards in terms of accessibility.

I'm tempted to undertake a bit of work to campaign on this issue, but, at this stage I need to validate the issue and obtain some broader visibility on what is going on (as oppose to just my own experience/understanding).

I do accept, that a lot of people, find mobile apps more convenient or at least just as useful as their now old-fashioned website cousins. I don't think mobile apps are going to go away. I don't think it is an either/or situation. I hope that preempts comments which in effect ignore the needs of people who struggle with mobile apps or the concerns of people who would prefer not to use them.

Am I alone in having these concerns? Or do you share them? Please comment below.

Thanks
CH

Carrot007

Pointless will not get anywhere.

The  mobile app is just awebsite wrapped in a "fake" app anyway. The problemn being many comanies website is all the app webshite and !!!!!!.

Maybe if the designers were paid enough or required to have taken a HCI course they may not suck. But Naaa, they aint going to spend money.

I have never seen a company not having a website (since the app is 99.999999% of the time). Though of coures they may tell you they do not when the UI sucks on anything but a phone4 (or not as I said).

eskbanker

Personally I don't see it as accessible websites versus inaccessible apps, so if you're asserting that some (or all) apps aren't compliant with obligatory accessibility standards then challenging that would seem a more fruitful avenue than seeking legislation that would mandate provision of facilities on one specific technical platform - the fact that some people are happier using the browser model (and that this facilitates remote support) doesn't really justify regulatory or legislative action, but failure to meet mandatory standards would be a stronger argument IMHO.

You assert that apps are less secure than websites, but given the banks' increasing liability for security breaches, it seems that they disagree, and the ongoing introduction of two factor authentication entails the end of the traditional browser-only interaction, so unfortunately the landscape is changing whether or not some people would prefer it not to....

CoastingHatbox

eskbanker said:

Personally I don't see it as accessible websites versus inaccessible apps, so if you're asserting that some (or all) apps aren't compliant with obligatory accessibility standards then challenging that would seem a more fruitful avenue than seeking legislation that would mandate provision of facilities on one specific technical platform - the fact that some people are happier using the browser model (and that this facilitates remote support) doesn't really justify regulatory or legislative action, but failure to meet mandatory standards would be a stronger argument IMHO.

You assert that apps are less secure than websites, but given the banks' increasing liability for security breaches, it seems that they disagree, and the ongoing introduction of two factor authentication entails the end of the traditional browser-only interaction, so unfortunately the landscape is changing whether or not some people would prefer it not to....

Portable gesture driven devices present there own set of accessibility problems, which demand a different set of solutions. My current evaulation is that there are, currently, a broader range of accessibility solutions available for people using personal computers, as oppose to mobile devices.

There are some accessibility limitations with mobile devices, due to form factor, that software alone won't improve upon. With a desktop PC, it is usually possible to plug-in a larger monitor. A physical keyboard is much more satisfactory for someone who does not have the fine motor skills required to operate an on-screen keyboard or use a stylus or pencil.

In the case of my mother, she is not able to use a mobile phone. Her hands just don't cooperate well enough any more.

In respect of two factor or multi-factor authentication - a mobile app should not really be the only exclusive method. There are many other options for providing the second factor. Generally, as far as I am aware, most banks are still falling back to SMS for doing that, which is awful from a security point of view (NIST proposed deprecating SMS 2FA but bowed to industry pressure and back pedalled). A physical token would be much better. Or at least an industry standard authenticator application. Or better still, universal support of existing authenticator protocols, enabling people to use their own preferred choice of one time password generation. That at least means people at least only have one user journey in respect to obtaining a one time password to contend with, and it could be a physical piece of dedicated hardware that implements one of the open standards.

Other than providing a cheap method for 2FA, and a unique way of identifying a customer*, I really don't see how mobile apps can be more secure - and I've been in/around the technology industry for very many years. The mobile apps will still rely on Internet-exposed APIs. Android phones are notoriously problematic in providing a 'secure environment' for an app to run in because many handsets manufactured today will only receive firmware updates for a short period of time. Many handsets rely on hardware components that have had security vulnerabilities identified in them - and there's no way of patching firmware to mitigate some of them. And then there is the state of the Google Play store and the number of apps available that contain malware. The Android ecosystem is nothing short of horrendous, from a security perspective.

So yes, I don't buy the mobile apps == security argument.

*Most PCs have an on-line footprint unique enough to almost be as good; Certainly good enough to link that device to a given customer and trigger the relevant checks and balances when a customer attempts to access their bank account from a different PC.

I think banks driving people toward mobile apps is either down to cutting cost (less likely) or data collection and monetisation (more likely).

dggar

Deleted_User said:

CoastingHatbox said:

Am I alone in having these concerns? Or do you share them? Please comment below.

Thanks
CH

Thanks for your interesting observations. I largely agree with what you say. I have no objection to financial institutions having mobile apps in addition to their websites. When I'm out and about away from home I sometimes find it helpful to use the mobile app for viewing information about my account. For example I can check the balance on the account before I make a purchase to ensure I don't go overdrawn. Also under, new conventions, when making a purchase they may send me a code to confirm the transaction. So in respect of viewing information the app can be useful when I'm away from home.

The main problem that I have with mobile apps is when I have to key in complicated data. The miniscule keyboard on a mobile device can prove a nightmare for typing. For example, no way would I want to set up a new payee and struggle to use a phone keyboard which for me is unsuitable and can lead to potentially serious errors. Admittedly a tablet can make typing a little easier, but then I normally only use a tablet at home where I have my computer which I will prefer to use.

So the bottom line for me is that I'm happy for financial institutions to provide mobile apps which will be useful when I'm on the road. However, no way should they then do away with their "fully grown up" website which I will always prefer to use when I'm at home. Many of the newer generation of financial organisations seem to be starting out only with mobile apps. In that case I will be very unlikely to want to open an account with them.

These last two paragraphs pretty much sum up my opinion. I recently got a Virgin credit card and can't find anyway of viewing the account on a PC. I only  got it generate direct debits for any current accounts that I might switch to so I may well give up on it. 

wmb194

There are multiple ways to do it but using the 'Your Phone' Windows 10 app makes remote controlling an Android phone easy. It allows you to use your keyboard, mouse, resize the window to make it huge if you want plus other things.

https://support.microsoft.com/en-gb/topic/your-phone-app-requirements-and-set-up-cd2a1ee7-75a7-66a6-9d4e-bf22e735f9e3

Mnoee

Deleted_User said:

wmb194 said:

There are multiple ways to do it but using the 'Your Phone' Windows 10 app makes remote controlling an Android phone easy. It allows you to use your keyboard, mouse, resize the window to make it huge if you want plus other things.

I agree this may help some people who have an Android phone. What about those who have different (non-Android) phones?

You could use a bluetooth keyboard. They do mice too, but I've not used one with a phone. 

I know it involves spending money, but if you absolutely need to use a bank that only has an app (which aren't that many, at the moment!) then that'd be my suggestion. 

wmb194

Deleted_User said:

wmb194 said:

There are multiple ways to do it but using the 'Your Phone' Windows 10 app makes remote controlling an Android phone easy. It allows you to use your keyboard, mouse, resize the window to make it huge if you want plus other things.

I agree this may help some people who have an Android phone. What about those who have different (non-Android) phones?

Secondly I often find the construction/layout of website based finance management significantly preferable to the mobile app implementation for lengthy and complicated tasks. One design consideration is that phones are often carried around in crowded places. So a mobile app has to be designed to assist user privacy, unlike a website viewed on a computer is which normally done at home by private individuals without a surrounding crowd able to spy on the data.

There are solutions for iPads and iPhones, too, of course. I just mentioned this one as Windows and Android are ubiquitous. I've not used an Android tablet but iPad apps often use more of the screen and are easier to see and use than the iPhone versions. For instance, Lloyds' and Barclays' iPad apps are both a lot like their websites and have very similar functionality.

Anyway, it seems to me that you're all tilting at at windmills. Just as no bank/BS/deposit taker is forced to have a branch network, I doubt that you can realistically force them to provide whatever type of website you'd prefer as there are plenty of banks/BSs that do offer exactly what you're asking for. Competition is already providing what you want.

Flick85

There’s an enormous amount of research around technology use for older adults, much of which focuses on banking context. If you’re serious about this, it would be worth engaging in that literature. 

Fwiw, I can see why banks would prioritise maintaining and developing mobile apps in future over web based ones, simply due to ongoing cost of maintenance - currently they have to create Apple & Android & web apps, it would be much cheaper to only do the mobile ones and keep web-based stuff for information only. But also, web tech is pretty limited in functionality when compared with future prospects for innovation with Apps. So, I expect in future there will be fairly “basic” web access, but most will be facilitated through Apps. 

In 20 years, the older adults in our society will be people who are pretty familiar with smartphones. Yes, some may choose not to have one, but actively making that choice will mean limited access to things like online banking. So, it’s a temporary problem, and within that period advances in tech should alleviate many of the physical access issues with mobile devices (eg through voice control and natural language processing, or even brain computer interfaces and eye tracking as alternatives). As speech-based tech and NLP improves, virtual keyboards will become obsolete for many anyway. And, once you add AR into the mix, who knows where we’ll end up!

penners324

Yet there are app only fully fledged banks.... 1 has launched a website which is a very basic version of their app (Starling)....

Daliah

Not sure what happened to the the stats for 65+, but as @felicityBD15 said, a lack of smartphone would be seen by providers as a temporary problem, if a problem at all.