Banking via Twitter??

When I first saw this fly by on Twitter (ironic) I thought it was Rsnake joking around.  I followed his comment about it over to Vantage Credit Union‘s web site and saw that sure enough, their customers can do limited banking via Twitter.  Before I go further, let me state this openly.  I like and use Twitter quite a bit.  The ability to find people with similar interests and hear about events on the fly is awesome.  All that said, here’s some of my thoughts.

I took a look through the documentation on how to use their service.  Customers can perform simple functions such as view their balances, deposits, withdrawals, holds, and cleared checks.  They can also transfer money between accounts inside of VCU.  Nothing particularly earth shattering about this.  The commands are pretty basic and easy (at least to me) to remember.  To pull the last 5 deposits customers send a direct message to the credit union using the following command.

The credit union’s twitter account receives the message, then sends back the results.

Ok, that’s kinda neat and the actions available in the first release aren’t too worrisome. But I’m still concerned about the whole idea of this. If I’m a customer of VCU (I’m not), do I want Twitter to be the middle man for access to my account? The whole security model hangs on the idea that direct messages are completely secure and only visible to the two parties taking part of the exchange. While I suspect Twitter has gone to some lengths to protect these messages, do we think that they designed its security with banking in mind? I doubt it ever entered their mind. Keep in mind that all of this is being done without encryption too.

However, for the sake of argument, lets say that direct messages never become exposed due to a vulnerability. Do people only use Twitter with their browser directly on Twitter’s website? Not by a long shot. I personally use two other applications to keep tabs on my feeds. These apps also have their own issues. I don’t know of any Twitter apps that do this, but I have heard of some apps sending data back to the developers. They also are subject to vulnerabilities. So even if Twitter itself is perfectly safe (it’s not), the mediums with which we use it aren’t.

And last, the whole notion just strikes me as asking for trouble. VCU plans on offering functionality via Facebook and text messaging as well. They have in essence decided to teach their users to trust third parties with access to their bank accounts. These aren’t third parties that we know either. I don’t know the people who are, will or used to work at Twitter. VCU is training their customers that it’s ok to put access to their financials in the hands of others. This is a bad idea and one that may come back to bite folks who believe that Twitter has their back because otherwise their bank would have never offered it.

Technorati Tags: bad idea, banking online, twitter, web security

Tags: bad idea, banking online, twitter, web security