While I’m not overly thrilled with my long-term bank Wells Fargo, mainly because of their recent assault of unexpected monthly fees across all of my accounts (I do all of my personal and business banking with them, including my mortgage), there are some things they’re doing very well…and that’s what the focus of this article is about.

Today I deposited a number of checks into both my personal and business checking accounts.  I got my checks lined up, signed, and added up the totals for each account so I could fill out my deposit envelopes when I got to the ATM machine.  It’s a routine, really.

I got to the bank and was disappointed to see that the envelope dispenser was empty.  No, wait…it’s not even THERE anymore.  What?  I walked around the ATM with a confused look, half expecting the new envelope dispenser to jump out of somewhere and bite me.  I’m sure I entertained at least a couple of on-lookers.

Eventually, I spotted a sticker where the envelope dispenser used to be.  This ATM no longer requires envelopes, it exclaimed.  I stared in astonishment.  Then I got excited to see how this might have been implemented…and immediately got distracted by my own pessimism about how this is probably something to benefit Wells Fargo and not me (like the plethora of fees I now pay).

So, off we go.  I insert my first first ATM card for the account I only have one check to deposit…I figure I’d better go easy on this new system until I get the hang of it.  I insert the check, sans envelope, and listen to it churn for a couple seconds.  Poof, there’s a snapshot of my check on-screen including the amount of the check.  Yes, it read a hand-written check perfectly.  I clicked the green confirm button, and got a receipt…WITH an image of the check on it. 

<blink> <blink>

Wow, that was cool.  Ok, let’s see what it does with 7 checks at once.  Stacked ‘em all up (you don’t have to insert them individually) and shoved ‘em in.  Listened to the system sort the checks and start sifting through them.  In all, it probably took 10 seconds for the entire process and I was staring at snaps of my checks and amounts for each on the screen.  I confirmed and got a receipt with, you guessed it, all seven checks printed with amounts. 

Awesome.

I have to give kudos to Wells Fargo for a VERY slick system.  Not only does it remove my pain of having to fill out (or even find) envelopes, do math, and lick an envelope…but it also saves a few trees along the way, by entirely eliminating envelopes.

Now, if they would simply allow me to deposit my checks by taking photo of them via my Wells Fargo iPhone app, like USAA Bank…I might have to do a little dance.  Take a look at a video demo of what USAA is doing below. 

How is your bank making you happy?

For the 2009 series, the USOpen has launched an on-line video stream for all of their broadcasts that is magnitudes better than any other I’ve seen to date.  I’m sure there are some good ones I may have missed, but this one has fantastic features that can’t be overlooked.

This is a game-changing way to watch tennis.  First, I’m not the type of person who will go out of my way to watch the game, but have found myself doing so.  If I could do this with football or hockey?  Trouble in the making!  I hope to see other stations and organizations following this fantastic business lead.  Read on for the features…

The stream is crisp, clear, and snappy to load up.  But that’s just the tip of the iceberg.  Once loaded, you’re presented with a number of options right on the screen:

• View other courts (top left):  This displays video from all 5 courts that have feeds as well as scores, clicking on one will take you to that broadcast.
• Game statistics (bottom left):  Aces, 1st Server %, Double Faults, Win % on 1st/2nd serves, Winners, Unforced Errors, Receiving Points Won, Break Pt. conversions, Total Points Won, Net Approaches.  Real time, ON SCREEN!
• Fanbook (top right):  Sign up for an account, and you can comment on the match along the way…or just sit their and read if you don’t want to interact.
• Picture in Picture (bottom right):  Yep, pick one of the other stadiums and you can watch a smaller stream of that!  Click the “swap” button, and voila…PIP is swapped.  Awesome.

Click on the image in this article to see a full-screen version of the stream with all four options expanded.  clicking them again nicely hides them out of they way.

Better yet, head over to USOpen.org and watch for yourself!

What additional features can I imagine?  The ability to view your own camera angles instead of leaving that up to the event producer, ability to tie into your Facebook or Twitter account so whatever you type in the “Fanbook” section shows up on other social media sites, an alert for an amazing play you may have missed on another court (with the ability to quickly catch a replay), the list goes on…  I’m looking forward to the 2010 version!

What additional features can YOU imagine?  Have you seen a better player out there?  Let me know in the comments…

The purpose of this post is two-fold:

First:  To stress the importance of preserving the security of your on-line identity

Second:  Exposing a company who’s doing an inexcusably poor job of protecting your on-line identity

Most of us don’t realize how insecure the on-line world can be.  You create an account on a website, give it a username and the password of your choosing.  That password is obfuscated with asterisks so someone over your shoulder can’t see it, and many sites even require certain complexity (numbers, upper/lower-case letters, special characters, length, etc) to help assure your password is not easily guessed by a human or a brute-force and/or dictionary attack.  As well, the registration form is usually protected with SSL (aka: Secure Sockets Layer, Transport Layer Security, or when you see https:// in the URL) encryption.  Beyond that, you’ll usually enter an email address where you’ll have to validate that you’re you before you can even proceed on the website. 

Sounds like a pretty secure process, right?  In most cases, it is.  The problem with this, is you’re only exposed to how they protect you from OUTSIDE exploits.  Everything mentioned above does nothing to protect you from an INSIDE exploit…and frankly, an inside exploit is FAR more likely than an external one for 99% of the population.  A rogue IT Administrator or Webmaster, or worse yet…an internal company process that ALLOWS employees access to your private information.

ZipRealty is a company that I’ve used for a number of years to help keep an eye on property values in my area.  I set up some criteria for alerts that send me emails, and I had a hankering to make a change to those emails just the other day.  I logged in and found out that the system said I didn’t have any “saved searches”, despite the fact that I was getting emails from them.  So, I asked for help in straightening this out.

When you register at ZipRealty, they assign you to a Real Estate agent.  I’ve had more of these agents assigned to my account than I can keep track of, as it appears they have a fairly high turn-over rate for their agents.  Since all my “alerts” come from this person’s email address, I replied to her.  I asked why it was that I was getting alerts but didn’t seem to have the ability to modify them.  After going back and forth a bit, it came into question whether or not I might have two accounts assigned to the same email address (turns out I didn’t…but that’s not the important part).

In order to verify whether or not this was the case, she emailed me information about my account and asked me, “Is this you?”

Here comes the sad part.  She emailed me, in plain text across the Internet, not only my user account…but my PASSWORD.  It’s bad enough she did that, but the far worse situation is that she actually had ACCESS to my password.  This is an agent that likely signed up to get leads from this service and was randomly assigned to various user accounts.  This person, who will likely not be assigned to me due to turn-over in the next 3 months has access to my username AND password.

The grand point of this post?  There are two of them:

1. Don’t judge a book by it’s cover.  Just because their outward appearance seems secure, does NOT mean the internal workings are anywhere near as secure.
2. Do not use ZipRealty.  If you do?  Change your password to something you do not EVER use anywhere else.  If you have the same username and password on another site…someone from ZipRealty (and possibly other poorly managed companies) has access to that site.  Let’s hope it’s not the same as the account to your on-line banking site.

What’s the best means to protect yourself against inside exploits?

Do not use the same password on any two sites.  I know…I know…how can you remember them all?  Options:

• Build a spreadsheet with all of your passwords (and password protect that spreadsheet.)
• Use a password management application.  There are lots of them out there.  I would avoid the ones that store your passwords on-line, but that’s just me.
• Assuming you have a good password to begin with (secure from outside exploits), you can add characters to this password that pertain to the site you are registering with.  This makes your password unique, albeit only slightly different (and thus, still easy to remember).  For example, if your password is normally “password” (please, tell me that’s not your password)…your new password for ZipRealty.Com might be “ZpassRwordC”.  Be creative, but memorable for you…and not something so obvious that someone looking at ZpassRwordC knows that your WellsFargo.Com password is going to be WpassFwordC.  My example was just a simple example, not a gold standard!

Have you seen similarly poor security practices anywhere?  Have you experienced any security breaches from particular companies?  Please share them in the comments…