The HDFC bank billdesk online gateway is pathetic, they don’t understand what is security!
They ask the user to select 2-3 security question and answers that are saved in the user’s profile. But when you are making a payment, they throw up questions that the user has not selected! What a secure way of ensuring the user is genuine!
Obviously the user will not know the answers for random questions, it should show only those questions that they have selected instead of random questions! I wonder how they monitor suspicious activity, as everyone will invariably falter at this step. So much for security.
Forget about the user experience, it is extremely frustrating and nerve racking for the user to realise that the web site has a bug and the user is genuine!
They need to make sure they hire programmers/testers and leaders that have little common sense and they should make sure they use it first before unleashing to the public!