[adkadskhj]

Yup. I think this is true for all sorts of aspects on the UX of financial related institutions. Not just banks, but anything you use money on.

My mortgage is paid through something that frankly looks like a scam site. You connect to it with an odd domain. When you login, it hops all over the place changing domains and forwarding you repeatedly. The UI is old, odd, and breaks with modern and safe UX patterns, like password managers (can't paste). When you finally land on the site to enter your payment information, it no longer matches the domain you went to.

I don't think a single one of my online payment hubs for standard bills like mortgage, utilities, loans, etc don't at least have one glaring pitfall that helps to introduce confusion to uninformed customers. Hell, i consider myself reasonably informed and i still fear i'm logging into a poorly thought out phishing attempt every time i pay my bills.

We've given very little consistent information to the average person about how to safely interact with the web. And that's just obvious issues, not even straight up incorrect data like what the OP seems to describe.

[vharuck]

I have the same problem with my mortgage bank. Not to mention the emails and physical mail I get from them, which I don't even consider until my mortgage agent confirms they're legit.

Hilariously, the best online credit payment I've used has been Synchrony. I got their card when my wife had laser eye surgery because it came with a nice deal. Then I got another card for a deal at the auto mechanic's. It was so simple to go to their website, log in, make payments or change autopay, see my balance, anything. It took barely any time to tweak uMatrix so it worked. And I've never been surprised by them.

I swear I'm not being paid for saying this.

[alistairSH]

Interesting. My mortgages have always ended up with a known retail bank and can be paid through their normal websites. Is your mortgage held by some fly-by-night bank?

The only sites I visit frequently that do the domain forwarding and have ancient designs are local government sites (for paying taxes and fees).

[rsync]

"Interesting. My mortgages have always ended up with a known retail bank and can be paid through their normal websites. Is your mortgage held by some fly-by-night bank?"

I think you misunderstand. Your parent is saying that after logging into his normal bank, he is taken through two or three third party banking providers that have their own domain names and web user interfaces - just to perform some core action related to paying his mortgage.

I have seen this and can give you a few concrete examples:

- Log onto unionbank.com. Mortgage payment is done through "my mortgage portal" which jumps you to unionbank.customercarenet.com.

- Log onto tiaabank.com. You are quickly redirected through the first third party domain which goes by too fast to copy/paste then you are redirected to cibng.ibanking-services.com, where you do your TIAA banking online (!)

USBank bounces you around weirdo domains as well. FWIW, I have never seen wells fargo do this.

This is a phishing nightmare and it is right at the crux of high-consequence interactions (your mortgage, your banking) and barely technically literate users.

It is unbelievable that they do this.

[adkadskhj]

> I think you misunderstand. Your parent is saying that after logging into his normal bank, he is taken through two or three third party banking providers that have their own domain names and web user interfaces - just to perform some core action related to paying his mortgage

Actually i think it's slightly different (in my specific example). It looks and feels just like you describe, but i get the impression that it's all the same bank. For some reason the application operates on multiple domains.

My old credit union was the same way. I'd log into `someCU.com` and be forwarded to `secure.CUentry.com` or w/e (i forget the specifics). Both domains were the same CU entity, i imagine, but the pattern we should be telling the "average person" to look for is to always find `foo.com` in the address. If you're not connected to `foo.com` then it's evil. However when sites forward you to likely safe but alternate domains entirely we erode this trust in fixed domain names.

Next time a user clicks on an email to `scamCU.com` and don't think anything of it, since `someCU.com` already has multiple domain names.

But yea, you hit the nail on the head with the root problem. It's gross.

[alistairSH]

I think I have it. I just haven’t encountered that with my banks. There may be some requests that cross domains, but none of them drop me on a payment page that looks suspect.

[mgkimsal]

> Is your mortgage held by some fly-by-night bank

Even if it's not, it might be if someone decides to sell it. years ago, I went with a well known company, and in the disclosures they have fine print saying "we may sell this". 2 months after closing, they sold, and the new servicing company required $5 per payment 'fee'. I never agreed to that, but... essentially have no choice in the matter. Options? Spend another 4 figure amount to refinance and hopefully get a different servicing company?

[alistairSH]

Interesting. My mortgage has always gone the other way - initiated someplace small and unheard of, and then bought by a name-brand bank. Just luck or the draw, I suppose.

[adkadskhj]

Yup. I was warned, not even in fine print, that it was almost assured that the mortgage would be sold one or more times. I'm on my 2nd, currently.

[srtjstjsj]

Those fees are usually illegal but good luck fighting it

[morpheuskafka]

Speaking of bill pay, there seems to be some contractor that provides the Bill Pay software for banks because the UI looks nearly the same between my Schwab and BofA accounts and its always on a subdomain of its own.

Under the More -> Charities tab, one of the 9 charities in the world they have chosen to preload as defaults is Focus on the Family, a notorious anti-LGBT hate group.

[srtjstjsj]

That's because anti-LGBT hate and its proponents have a plurality in opinion polling.