Tuesday, February 22, 2011

ICICI - Case Study of Banking Web Site - not!

I have been an ICICI Bank customer for the longest time. I do ask myself every now and then why?
Initially it was because they had the most number of ATMs in Chennai. This now stands negated by the longest queues ever outside any ATMs in the city. So the any ATM banking rule by the RBI is a boon for all ICICI customers.
I also had to stick with it, because of a few wire transactions that had been setup, and would have been too problematic to change. The dependency simply kept shifting.

They do have one of the better running banking web sites in the country. But that is also because i have not been exposed to very many out there. I really wish someone did a good job to reviewing this for the customers.

Anyway, let me start with some of my favorite things about the ICICI Bank's website.

The most commonly seen screen:
It supposedly is supported on IE and Firefox. However, it never really works on Firefox. And if you ever get thru' to their customer service, they will blatantly tell you to use IE.




The banking site is so paranoid with security issues, that you have to jump thru' hoops sometimes to get the simplest thing done. You get a feel for it, at the very beginning itself, by their Virtual Keypad. It supposedly reduces the chances of malicious software capturing your key strokes. Good thought, poorly implemented since, most people  are not computer savvy and so are less likely to click and use it. No derived benefit. Wasted effort ?

I found this interesting code snippet, while i was trying to gleam for the name of the company that developed this web site for ICICI. I think it is Infosys (I could be wrong, since ICICI also have their own IT services company). This is supposedly based on their application for banks. Trust us desi's (before someone decides to kill me, i am including myself) to come up with a design that requires multiple levels of approvals (sign-ons) and password protection, session time-outs, disabling right-click, disabling cut/paste etc. Does this reflect on our ability to trust people ? Or rather the lack of it ?
Anyway the code snippet here, possibly shows poor design, where it requires apparent changes to the source code(?), to disable access during system downtime. So what happens, the Sysadmin, or some cowboy programmer goes into the production site and changes the code on the fly, when the servers are planned to go down ? This is based on the comments indicated in the code. Its quite possible these are remnants and have been redesigned differently.



This is just the beginning. The real fun starts upon logging in. Here is another example of wasted process and steps to complete a transaction. A single screen presents this choice to the user. Based on this choice, you are taken to the next screen for further choices and options. Something that could be easily implemented using radio buttons or other methods.


Here is another interesting set of data capture implemented.
The account number is very validated (by ICICI), altho' they do ask you to enter it twice to make sure you havent made a mistake and typos. They have conveniently disabled copy/paste options to this field. I can understand to both, but they could easily allow it for the first entry of account number, which is a 12 digit number with a lot of 0 (zeroes).  And a good data capture will validate this number to make sure it exists. Remind you this for xfer of funds from your account to a payee.

The payee name fields allow only A-Z,a-z and space. Even if the real name of the account holder includes a period (like Ltd. or after initials). The nick name doesnot allow even spaces to be entered. So figure out a way to creatively provide a nickname.

Ok. I'm tired. I had to rant, and so i did. This is really overdoing it. I give up. One last curveball before i stop this. Never, never ever, call their help line. If you can figure you way around the web site, do it. But dont call their help line, which requires a good 3-5 minutes before you get to talk to somebody. They use some outdated IVR/CRM system, because all authentication is lost after the IVR transfers the call to an operator. The operator is usually a small kid, right out of college, who barely knows what (s)he is talking about.
I should really stop bitching and get a new banking relationship started. Well, i only wonder if i am going to be leaving the devil, only to sink in the deep sea.

3 comments:

Anonymous said...

Nice one :)

Unknown said...

I think what could actually make a difference is by mailing them (ICICI) this post - they surely have a customer feedback id.

I think the information here is valuable for ICICI (or any bank/financial instituion), and they should use this to address interface issues on their portal. Apart from security - "ease of use" should be the highest priority of such portals.

good writeup.

sbobet said...

the information here is valuable for ICIsbo
sbo
CI (or any bank/financial instituion), and they should use this to address interface