For Simple, The Struggle for Active Users; For BBVA, A Big Bet

Quartz was able to obtain an internal document outlining the recently acquired (for $117 million) subsidiary of BBVA current “key” metrics.

The outlook described Simple’s struggle to gain active users


The draft Simple document refers to 33,387 active customers in April, up 4.5% from March. But it notes that “customer acquisition is slower than expected” and “deposits per customer are growing slower than expected.”

In a response, Simple CEO’s Joshua Reich didn’t necessarily address the issue. But he did clarify the issue:

Like most businesses, we’re looking for active customers. Banks have traditionally defined ‘active’ as any customer who’s made at least one financial transaction within a month. This definition doesn’t work for us. We’ve found that our customers benefit from Simple most when they use it as their primary bank account, marrying their spending and saving with our real-time transaction data and Goals. Because of this, we set a higher bar to measure activity.

When  BBVA bought Simple, it said it was doing so for its customers — obviously a point of contention. Still, for the Spanish banking company, Simple isn’t only a source of (relatively small) revenue.

It’s also, most likely, a petri dish of sorts; A sandbox of new features for a tech savvy audience.

Something the Spanish-banking company is already trying to do with its NBA banking account, and its corporate venture capital arm.

@AmerBanker on BBVA Ventures (January, 2013):


How Banks Share Your Data

Bankers share your personal information — it’s a fact of life; Federal law allows them to do so.

A while back I received a message saying just that from Valley National Bank of Wayne, N.J.

The notice (which the bank is required to disclose) describes what the financial services company does and does not do with my social security number; account balances; transaction history; income information; asset transactions; and account transactions. Continue reading

Bankers: How You Beat the Target Breach

I’ve heard several methods that could potentially beat the criminals that cracked Target’s security and stole as many as 40 million bank customer’s information.

This is the best idea I’ve seen:

The system would give issuers the chance to separate out card present and card not present (online) transactions and give a heads up to any bank whose at-the-counter PAN was used to make a digital purchase — or vice versa.

No need for EMV. No added layer of security. Just different information on the mag stripe than at the front of the card.

When Zero-Liability isn’t Really the Case: Target Breach

In the wake of the Target breach, I was reminded that zero-liability on credit and debit cards isn’t necessarily, well, zero-liability.

James Wester, a research director at IDC Financial Insights, sent me a note. “There are costs,” he wrote. “Both direct and indirect.”

He’s right.

There is a difference between consumer liabilities for credit and debit cards, as well as how card issuers treat fraudulent transactions.

(From Wester’s email:)

Credit card liability is zero dollars and any dispute will likely mean your credit balance is reinstated while the dispute is settled. Not so with debit cards. Liability on debit cards is only zero if reported before any charges are made. Before two days liability goes up to $50. Before 60 days the maximum liability is $500. After that any monies lost are gone for good.

Continue reading

Offering Digital Alternatives Doesn’t Give Banks the Right to Charge Petty Fees

I was heading to a wedding.

It was Saturday. A week or so ago. And I did what you usually do before arriving at the venue – I picked up some money to shove into the groom’s, Joey’s, breast pocket. (By the way, if you’re reading this, Samantha, I loved the endless cocktail hour.)

My debit card had just been reissued and I forgot my PIN. So I walked into the Valley National Bank branch on Route 36 in Atlantic Highlands, N.J. and asked for a withdrawal slip.

We don’t have those anymore, the teller said. (I’m going from memory, here)

What? Ok, here’s my driver’s license. Just give me my money.

You’ll need a check… That’ll be a dollar.

Continue reading

NYT Website Outage Exploit Could Easily Affect Bank Websites


For the several hours that the New York Times’ went digitally dark Tuesday, bankers would have been smart to pay attention.

The exploit is common and virtual thieves have been employing the tactic since domain registrars changed website information after being prompted by a fax.

”If your registrar uses single factor authentication, you are just as vulnerable” as the NYT is, a source told me. “If that [registrar] gets pilfered, every single domain name that is associated with that username and password is vulnerable to that same attack.”

Indeed, banks are no more safe or unsafe than any other company that does business on the net.

Financial services companies are completely at the whim of their vendor’s security standards.

And it’s as easy as finding out the domain registrar of Bank of America.

You see, if MarkMonitor Inc. is allowing its users to login online using only a username and password, the bank is screwed.

Guess what? 


Hacked Network Security Company Bit9 Wooed Bank Business

An internet network security company that once wooed bank’s business has been hacked, and was being used by criminals to help spread malicious software, according to the tech blog KrebsOnSecurity.

Bit9 confirmed the news in a blog post — explaining that “due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network.

“As a result, a malicious third party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware.”

From @BrianKrebs:

Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known “safe” files from computer viruses and other malicious software.

At one time, Bit9 boasted financial services clients, such Omgeo, Putnam Investments and Thomson Financial. The company was also one of Bank Technology News magazine’s top 10 companies to watch in 2008.

Continue reading