I can tell you right now what I want from a "bank" as a consumer: Putting the consumer first, not seventeenth or whatever I typically experience with retail banks.
As a random example, I had $3,600 stolen from one of my accounts by transactions labelled "Microsoft Online Services" or something like that. The bank reversed most, but not all of the transactions, and then had the nerve to lecture me -- an IT professional more than a bit knowledgeable about security -- about how somehow this was all my fault.
Turns out that banking security and reliability from a customer's perspective is absolutely insane. It's totally ass-backwards. It's the opposite of the Apple experience that made that particular company the biggest in the world.
1) Every field in a credit card transaction is attacker-controlled. They can put down whatever business name they want, whatever text they want, etc...
2) Every field in a transaction history is either an alias ("operating as xyz pty ltd"), an abbreviation, or just outright confusing.
3) Transaction histories and "you paid $ to X" notifications often turn up hours or days later. There's no geo-location or any other strong identifier linking these to the actual business because of (1) and (2).
4) There's no receipt details in the transaction history. "XYZ pulled $123 from your account... for reasons. It's a mystery!"
5) You can't see who's got recurring subscriptions on your account. You can't trivially cancel or block someone from pulling money from your account.
6) Some banks now show categorised graphs of what you're spending your money on, but they're guessing. They don't actually have the info of where the money went, so this is useless. You can't figure this out yourself either because of the tiny amount of info available to you.
7) You can't use your transaction history for warranty purposes, or any similar thing. You have to keep tiny pieces of paper that fade rapidly... which is I'm suuuure is just a coincidence, right? Right?
8) My bank claims I get notified if a transaction occurs on my account. This is a lie, they only notify me of some types of transactions, and not reliably either.
9) Trivial impossible-travel protections are not put in place. If my phone is used for a payment in a "physical store" while the GPS says it's in a different continent, pop up an "Approve Y/N?" prompt at a minimum!
10) You can't generally limit a vendor's access to your account if they have your credit card details. You can't restrict them to a single transaction, a fixed amount, or no-sneaky-subscriptions.
11) With shared accounts, you can't generally tell who made a transaction, even if they have individual cards and/or mobile devices. (You can sometimes, depending on the bank and the type of account, but it's not consistent. This is what happened to us: Both of us assumed the other partner set up a valid subscription.)
Etc, etc, etc....
I could go on for hours.
Unfortunately, like many people of said, the inertia of the incumbents and their moat of regulation makes this kind of thing nigh impossible with backwards compatibility.
Some org like Apple or Meta with very wide reach might be able to force vendors to jump through their hoops, which then will drag the traditional banks kicking and screaming into the future.
"You can't see who's got recurring subscriptions on your account. You can't trivially cancel or block someone from pulling money from your account"
This is because any company that has the potential for creating recurring subscriptions can do so to anyone at any time with nothing but an account number.
There is no pre-verification of authorization whatsoever. The only thing you can do is continuously monitor your bank statements and dispute the charges when you see something turn up, then hope for the best.
This system is croocked by design. Most people can't even believe it is this way , but presentations by budding fintech to small companies tout this 'feature' as the greatest thing since sliced bread.
> There is no pre-verification of authorization whatsoever.
There actually is a way they can sync up to say this is an authorized regular transaction and they get the ability to keep charging even when the old number expires and a new card gets issued.
I forget what it's called, and I don't believe it's supported everywhere.
This "feature" pisses me off. I was going to switch to capital one virtual cards but from reading around it seems that these two can be updated and even have spending limits overridden in the case of subscription services. Since protection from overcharging is the main draw that product had it seems like a useless feature once I read the details. They bill it as a benefit but with the possible exception of my life insurance I'd much prefer it the other way.
It seems to me this feature should just come disabled for virtual cards, as that's the whole point of virtual numbers.
Personally though in a lifestyle with like a dozen regular recurring credit transactions I'm not likely to cancel on a whim or forget (electricity, gas, daycare, insurance, internet, etc.) I'm fine most of these entities getting a more stable identifier for billing but I do agree it would be better to be opt-in on the cardholder side.
I "solve" most these issues by using a different tool/layer (YNAB) on top of my financial institutions so that I can see all my finances in one place with a good UI and and API. I agree things should be better, I just wanted to share how I handle tracking payments and bring some level of sanity to my finances.
Why involve banks in day-to-day financial transactions? The way debit transactions work is batshit insane. One of the reputable credit card providers is much better. Amex, Chase, or Citibank are very good. Citibank offers virtual account numbers with adjustable expiration date and daily spend limit.
As a random example, I had $3,600 stolen from one of my accounts by transactions labelled "Microsoft Online Services" or something like that. The bank reversed most, but not all of the transactions, and then had the nerve to lecture me -- an IT professional more than a bit knowledgeable about security -- about how somehow this was all my fault.
Turns out that banking security and reliability from a customer's perspective is absolutely insane. It's totally ass-backwards. It's the opposite of the Apple experience that made that particular company the biggest in the world.
1) Every field in a credit card transaction is attacker-controlled. They can put down whatever business name they want, whatever text they want, etc...
2) Every field in a transaction history is either an alias ("operating as xyz pty ltd"), an abbreviation, or just outright confusing.
3) Transaction histories and "you paid $ to X" notifications often turn up hours or days later. There's no geo-location or any other strong identifier linking these to the actual business because of (1) and (2).
4) There's no receipt details in the transaction history. "XYZ pulled $123 from your account... for reasons. It's a mystery!"
5) You can't see who's got recurring subscriptions on your account. You can't trivially cancel or block someone from pulling money from your account.
6) Some banks now show categorised graphs of what you're spending your money on, but they're guessing. They don't actually have the info of where the money went, so this is useless. You can't figure this out yourself either because of the tiny amount of info available to you.
7) You can't use your transaction history for warranty purposes, or any similar thing. You have to keep tiny pieces of paper that fade rapidly... which is I'm suuuure is just a coincidence, right? Right?
8) My bank claims I get notified if a transaction occurs on my account. This is a lie, they only notify me of some types of transactions, and not reliably either.
9) Trivial impossible-travel protections are not put in place. If my phone is used for a payment in a "physical store" while the GPS says it's in a different continent, pop up an "Approve Y/N?" prompt at a minimum!
10) You can't generally limit a vendor's access to your account if they have your credit card details. You can't restrict them to a single transaction, a fixed amount, or no-sneaky-subscriptions.
11) With shared accounts, you can't generally tell who made a transaction, even if they have individual cards and/or mobile devices. (You can sometimes, depending on the bank and the type of account, but it's not consistent. This is what happened to us: Both of us assumed the other partner set up a valid subscription.)
Etc, etc, etc....
I could go on for hours.
Unfortunately, like many people of said, the inertia of the incumbents and their moat of regulation makes this kind of thing nigh impossible with backwards compatibility.
Some org like Apple or Meta with very wide reach might be able to force vendors to jump through their hoops, which then will drag the traditional banks kicking and screaming into the future.
I'm not holding my breath.