Intesa Sanpaolo Internet Banking’s Catch 22

It might happens for some odd and unpredictable reason (at least from the user perspective) that the Internet Banking stops granting you access to your account (incorrect userid or password, they say.) Then you have to call customer assistance by phone, and the automated system, before allowing to talk to a human being, asks for your userid, password and one-time-password.

But that information are incorrect (in fact you have no longer access to your account), and you can’t talk to anybody to fix the problem unless you have a working userid and password (that you have not). You just need to wait, and at the end of the day some human being will answer your call.

It would be better to answer first, isnt’it?

Intesa Sanpaolo: when marketing meets security

Recently Intesa Sanpaolo (born after a merge between Banca Intesa e Istituto San Paolo) moved its Internet banking authentication system from a password-based to a one-time-password-based access.

They sell that “innovation” – ever happens in the ICT business – as a major increase in IT security and then as a benefit for the customer, but if you think for a while this is not entirely true. Or – better – this might be true from the perspective of a marketing manager. But it is not from the customer standpoint.

Continue reading “Intesa Sanpaolo: when marketing meets security”

Italian Data Protection Authority and workplace (Internet) privacy

Today the Italian Data Protection Authority issued an official position re: (internet) workplace privacy protection. The bottom line is: employers cannot control how do employees use the Internet during working hours, providing a few exemption to this general “block”. They are simply wrong and tell just the half of the story. Italian courts (including Corte di cassazione – the Supreme Court), indeed, ruled in favour of a more flexible approach when the employer must investigate misbehaviours or crimes. But the data protection people seems not to be aware of it.

What is worse is that to protect employees’ privacy, the Authority is strongly advocacing for preemptive web filtering and content blocking.

That’s a brilliant trade-off: privacy for censorship… and chicks for free!