I just recently changed energy service providers from Powershop to Powerdirect on recommendation from iSelect. After getting my first Powerdirect bill, it does look like the shift has been a positive change.
I compute a dollar to kwh usage ratio of 0.2379 for powerdirect using the pay on time 37% discount.
The same ratio is 0.261019 for powershop.
The weird things that Meralco does:
– makes it very hard to transfer account names, such as from developer to property owner
– blocks people making online payments when a day or more late. Do they not want to collect/receive payments in these circumstances anyway?
The weird things that PLDT do:
– makes it very hard to request an account disconnection: need to go to a PLDT business office, when the transaction could alternatively be handled over the phone. Don’t they know how to authenticate people over the phone?
The weird things that BPI do:
– Everyday their BPI express online goes offline early in the morning. It also goes offline at random times during the day.
– BPI credit cards cannot be paid from other banks online. Most other credit cards are possible to pay online via any bank.
– Charges a fee for inward local remit from another bank
The weird things Philippine banks do other than citibank:
– make it hard to do local interbank fund transfers which is very free, simple and easy to do in many other countries.
– it is not possible to choose currency when booking a flight using the website but if you call to make the booking they can.
– they make it really difficult to do simple funds transfers. Even for transfers within own account.
- search automatically defaults to text under the cursor
Some banks demonstrate behaviour that I find very odd. These are peculiar security measures that some creative security bright sparks must have thought of.
I think there is an important role for information security professionals to play, but sometimes they overdo it, or don’t seem to think through practical consquences thoroughly.
Its when banks do unique things in their process, is probably when common sense alarm bells should go off. Here are soem examples.
1. Standard chartered PH requires a mobile pin (which they call an eTAC code) even for internal transfers. And its a very long code. 10 digits
2. Metrobank PH – on most pages, copy pasting is disallowed. Even for enrolling credit card numbers for payments.
3. HSBC US blocks online internet transactions on debit cards and requires the customer to call back customer service/security department.
– customer service is only available to receive calls 9am to 5pm
– if you happen to be elsewhere around the world at the time, calling customer service may require an international call.
– HSBC US claim they have a collect call service but it doesn’t work 99% of the time
– the combination of having to call during working hours of customer service, and having to make an international call probably should have set off usability/practicality alarm bells
3. Citibank’s internet banking messaging system disallows most symbols and punctuations.
– the reply function will include original text, but the system will complain if you hit send because the system crafted original text portion has characters that it does not like
– the message is limited to only a certain number of characters, so often a message trail cannot be maintained
– the system does not store sent messages
– the system does not help the user with an indication of what the invalid character(s) are
These are just some fails I have encountered in bank security policy/processes. Have you had similar experiences?
I have just done a compile of curl 7.45.0 and openssl 1.0.2e
The binary is here.
curl and ssl download
curl 7.45 is dated 2015-10-07 from http://curl.haxx.se/download/
openssl 1.0.2e is dated 2015-12-03 from https://www.openssl.org/source/
The binaries are provided without warranties of any kind. Feel free to leave me a comment.
Just tried to access BPI Express online and all I get is.
– Why is BPI Express online down too often? This is not the first that I have encountered this screen.
– The page talks about a daily system refresh. Surely there must be some means to do their refresh that avoids a prolonged downtime. Many banks and other websites can do it, but BPI cannot?
– This daily system refresh that the page talks of is supposed to happen 10PM manila time. It is now 8:20AM Manila time. Did the BPI system refresh take that long?
Count of schools per LGA:
Primary schools enrolments per LGA:
Secondary schools per LGA:
School capacity per capita