Simple Security (opens in new tab)

(neglectedpotential.com)

9 pointsdcope13y ago5 comments

5 comments

5 comments · 2 top-level

joshstrange13y ago· 3 in thread

I think you are blowing things a little out of proportion. As you mentioned in your blog post you say that ever other bank's app you have tested has had the same "shortcomings". That said I would venture a guess that none of your other banks are anywhere near on the same level as Simple.

I have been a Simple customer for a couple months now I absolutely LOVE the service. I have dug into what happens behind the scenes on their website and yes, they do pass more data back and forth than is always needed but they are using SSL so I'm not too worried.

You say you reached out to their security team and waited 8 days for a reply before following up, why didn't you just use Simple's support? I have reached out to them multiple times and always received a response within an hour. One of those times they redirected me to their engineering team so I could talk directly with one of their programmers, we exchanged 3-4 emails that same day. Should they have monitored this security email address you sent to better? Yes, but they provide the best support of any bank I have used in the past.

Pretty much I don't feel like the "concerns" you raised are all that important and in fact the whole post smells of FUD IMHO.

noir13y ago

That's fair. The reason I put their email response in my post is so user's could evaluate for themselves how they felt about. The response so far has been mixed. Some are bothered by it, others, like yourself, aren't really worried. And that's fine.

The reason I reached out specifically to their security team is because on their security policy page that's the email they provide to contact them regarding security issues. Reaching out to their security team wasn't some intentional move to try and not get a quick response, it was just what made sense to me at the time.

I agree that their support is usually extremely quick to get back to you and it's one of the things I love about the company. Except for these issues and their security team's response, I love their service as well. I'm not rooting for them to lose here, I'm rooting for them to fix the issues so we can all happily move on.

They have been much quicker to respond to people reaching out to them over Twitter today and I have updated the blog post to reflect that. I look forward to having these issues all wrapped up.

mattyohe13y ago

Keep in mind not everyone that submits articles to HN are the article's author.

joshstrange13y ago

Sorry, I often write my comments in reply to the whatever was linked. I should have written it differently.

zampano13y ago

While most of this can be forgiven thanks to Simple being a newcomer to banking, having all that extra information sent along (ssn, dob, etc.) just seems like a horrible oversight. As a recent Simple convert, I sincerely hope they listen to the feedback from their members and rectify this as soon as possible.

j / k navigate · click thread line to collapse