Operative Codes is a very simple app, it is the digital counterpart of the namesake card used for act on checking accounts.
It was one of my first real projects, its story is very simple. After becoming an ING Direct customer and after receiving the dedicated card I asked myself:
Do I have to leave the card safely at home or do I have to keep it with me trying not to lose it?
Both solutions have their pros and their cons and there's no need to explain them! I opted for the first one, I decided to leave it at home. I thought, what kind of operation I'll ever have to do? Well, a little later arrived the day in which I needed to transfer some money and, obviously, without my card I was unable to do it! When I got back home I decided to write down all the codes on my phone, in the note app, so that I have them in case of need. While transcribing, however, I had a legitimate bad feeling that it was not the right solution. It was true, with the only codes you can perform no operation but the only thing of leaving them accessible to everyone was a bad idea. So I decided it was better to have a different approach! I said to myself:
I am able with coding, why cannot I develop an app by myself? I can add whatever security I want and I can make it nice looking!
Thereupon! In a few weeks, during my spare time shared between work, girlfriend and friends I had the app on my iPhone. It was nice, it had all the features of the real one: it was functional, comfortable and prevented both problems I initially had, everything was fine. Some time passed and I began to think that other people might have had my same problem and so I decided that it was the time to publish my first application on the App Store. I overhauled the app to be a little more desirable, I started the practices in order to publish it and in no time at all it was done! The application was online... I have to admit that seeing my name on the store next to the real gurus looked a bit strange, but after finding out that people downloaded it everyday, that feeling became a sort of real "satisfaction"!
All that glitters ain't gold
Unfortunately, it is not always as we would like. In a few weeks I received harsh criticism from users who said, maliciously, that my app was a sort of trojan useful to stole all the money from their bank accounts. It was such a stupid thought because every clever person knows that with the codes only you cannot do anything (you'll need, in order: the account number, date of birth, pin code, op codes and, later on, it was also added a one-time password sent everytime via SMS!). I had no time to think and regret that I also received a communication from AFCC (Anti Fraud Command Center, London) in which they ordered me to quickly remove the application from the store because it was even infringing several copyrights! I thought to myself:
Worse comes to worst. I came out with good intentions and I got insults plus a pending removal request! Maybe this world is not for me.
It didn't end there. ING Direct Italy, without talking directly to me, began to post here and there on facebook, websites and blogs (for example here) not to use my app because it was unofficial and because it could be very dangerous. I tried to reply, fighting back fire, but nobody seemed to listen and this unfair behavior annoyed me a lot!
You should learn from your mistakes
Taken a little off guard I began to think rationally to it. Suddenly, I realized that I made a stupid mistake! In the very first version I correctly stated that mine was a third-party app, however, probably due to my inexperience, I'd put the logo of ING into my graphics. This was not driven by the will to mask the app as official, nor was intended to trick users. I had simply done it because the app was first created for personal use and I wanted it to be beautiful and to look closer to the real one. Since my intentions were anything but malicious I immediately fixed this problem, I published a second version in which the user could decide which logo to use and I replaced ING name with a generic "ONLINE BANK". Not even happy I decided to add another disclaimer on the App Store and and in the app itself where I pointed out that it was not, in any way, related to ING and especially that it was not official. After submitting these changes AFCC was satisfied.
Changes made in subsequent versions to avoid problems
After a few months there was a regression. Another intimidatory wave of comments and another AFCC request. What first seemed to be resolved returned to be not valid. I tried to understand their reasons but on their side there was no much dialogue willingness. It took me some time to get that their only problem was to avoid that users mistakenly think of my app as official! It didn't matter if everywhere I stated the opposite, it what was their thought! This time, a little bit annoyed, I replied to them and I pointed out that this not-so-constructive behavior wasn't useful to reach a solution! There's the need for dialogue on both sides, you cannot say only: "this is wrong"!
But finally, here comes the sun
In a nutshell I removed some graphical elements that, personally, didn't look so important to me! It didn't matter, if it was ok for them why it shouldn't be the same for me? The final version, which is the current one, is no longer seen as a threat to the AFCC! Despite sometime I get compliments from users it still happens to receive criticism, arcane prophecies of drained bank accounts, predictions of destruction and things like that!
To all these new “Nostradamus” I answer here once and for all:
You are free to think that your data is not safe inside my app even if I put all the efforts and seriousness to achieve the exact opposite, I'm not here to influence your thought!
But please, at least, do not tell me that my goal is to steal all the money from users' bank accounts.
Apart that is such a stupid thing, worthy of a sci-fi movie, it is also a lack of respect for those who, like me, try to be helpful to others.