Monday, September 18, 2006

Electronic Statements

I'm an early adopter of Internet banking. I've had an account at an Internet-only bank since 1999, using on-line bill payment starting the day I could get it for free. When electronic statements came about, I quickly adopted them too -- what's not to like about less paper to deal with? And since I deal with all financial matters on the computer anyway, having all statements in electronic form fits naturally.

So now I'm getting a lot of e-statements every month (banks, credit cards, broker, utilities, insurance EOB's, even my wife's paystubs), and I want to save them all (TrueCrypt is great for storing financial information like that, by the way), but I'm running into the following problem. It takes me a lot of time every so often to go around all the web sites and collect the statements. With different logins, different procedures for getting to the statements, some sites being down for maintenance when I'm doing this (usually at night on a weekend), this has become a tedious and time consuming task. But all the billers are seemingly ignoring that this process just does not scale. Really, it's a lot easier to throw a paper statement into a pile of papers "to be dealt with later," occasionally comparing the end balance with Quicken, and dealing with that pile once a year at tax time, than to go around all the sites every couple of months (because some sites only keep the statements for 3-6 months, and I want to have a recent copy of the statements under my own control anyway). And if I fail to collect my e-statements in a timely manner, they're gone forever.

The good news is, I think I have a solution to this problem. The bad news is, somehow I don't see it being adopted by the financial industry -- although they would be the ones benefiting the most.

The solution is simple, and making use of the existing technology. And this technology is GnuPG -- basically, a very nice implementation of public-key cryptography. What I'd like to be able to do, is login to my bank's web site, go to the customer service area, upload my public key, and specify e-mail address where I want my e-statements delivered, encrypted using that key. Then every month all my statements would automatically show up in my mailbox, unreadable to anyone but me (with GnuPG, not even to my e-mail provider, or anyone else with access to my mailbox). As an added bonus, the billers can electronically sign their messages and statements -- another nice feature of GnuPG -- by the way completely solving the e-mail phishing problem for me and everyone else using this system. And with Thunderbird and its Enigmail extension, this technology is very much accessible to the masses (Thunderbird with Enigmail is what I use, in addition to mutt, which also works with gpg flawlessly; there is also a plugin to integrate GnuPG with Outlook, available with standard Windows installer as a part of gpg4win). With space in e-mail accounts not being an issue lately, this seems to me to be a close to perfect solution to a very real problem. And unless this problem is addressed somehow, and soon, I'm almost ready to go back to paper.