US banks that can send PGP/MIME e-mail

Robert J. Hansen rjh at sixdemonbag.org
Sun Feb 24 20:35:00 CET 2013 

On 02/24/2013 08:21 AM, Anonymous wrote:
> You seem to imply that Americans are less capable or less interested
> in PGP-protected mail.

Oh, please.  This is pure projection.

> The German bank "1822 Direkt" sends PGP encrypted bank statements to
> their customers.  Someone mentioned another German bank that does
> this.  Why does the business case work in Germany?

It doesn't.  It works for one particular bank.  It doesn't work for
Germany as a whole.  Different banks have different clienteles and
different incentives for how they deal with their clientele.

> Anyway, I don't accept the idea that the business case is lacking.  In
> an industry that is willing to pay upwards of $150 to entice new
> customers into opening an account, a bank could easily gain majority
> market share of all self-respecting nerds in the country at a fraction
> of that cost.  I call it a missed opportunity.

And as soon as a customer is on the phone with tech support for two
hours trying to get GnuPG to work on their system, that's about $100 the
bank has now spent trying to retain this customer.  That's a lot.  The
only way to make the user profitable in such a case is to raise service
fees, in which case that bank will hemorrhage business to their competitors.

If I were a banker and I had a choice between SSL-secured HTTPS that 99%
of my internet banking customers would approve of, which requires no
special training or experience on their part, which requires no
additional special training on the part of my tech support staff, or
adding OpenPGP-secured statement delivery that would appeal to 1% of my
userbase and each one of those users would have tech support costs
orders of magnitude greater than the users as a whole, the presence of
that 1% would require expensive training and retraining on the part of
my tech support staff...

Honestly, if I was advising a consumer bank about this, I'd tell them to
avoid OpenPGP.  I don't see the business case for it.  And until you can
show me either (a) radical improvements in ease-of-use, (b) radical
reductions in technical support costs, or (c) explosive demand from the
users, you really can't show me the business case for it, either.

More information about the Gnupg-users mailing list