SFFCU is the best

The San Francisco Fire Credit Union is the best financial institution.

Wow, pretty big assertion there, eh? Yeah, and I mean it.

Not only do they have decently competitive interest rates, are a credit union, help the community, but they also send their members OpenPGP encrypted documents.

Let that sink in.

Yep, my credit union sends me documents encrypted to my GPG key. Well, they did once so far. This alone makes them the best financial institution around.

Let me rephrase: as they are already on the good end of the spectrum for most if not all things that financial institutions do, the GPG thing just puts them past the goal post. That’s more than other professions that care about authenticity do.

The story:

I sent a check to a previous landlord to cover some cleaning expenses (loooooong story there), and when they cash that check my stress level would go a TON down (again, long story). It was a long time until the check cleared on my bank account; about a month after I sent it. I wasn’t too worried about that part. I did, however, want to see/have a record of the fully executed check, ie: the scans of your cleared checks. I went to look for them but they weren’t there, though it was listed in the transactions for my checking account.

I fired up the 24 hour web chat help (which is AWESOME) and spoke with a nice person who told me that apparently my previous landlord’s bank had typo’d the account number and the check first posted against the wrong account at SFFCU. They noticed it and moved it over to my account. Hence the not normal representation of the transaction in their banking portal.

I asked if I could get the scans of the check and they said sure, they can send them to me via email or snail mail. I told her email. And then she asked:

“Do you use a PC or a Mac? That determines how send the encrypted file.”

Well shoot, I thought. I replied:

“Unless it is simply a password protected PDF it probably won’t work on my Linux(sic) computer. It’s ok, you can just send them via the postal mail. But if it was something like GPG, then it would be fine.” (paraphrased from memory, I don’t have the log)

She said she’d see about GPG but she’ll send it via the postal mail either way. This was on Thursday.

On Friday afternoon I received an email with the subject: “SF Fire Credit Union documents you requested”

The body:

Here are the GPG encrypted files you requested.

These were encrypted with the “public” key that you have posted on your website, so no password is necessary. Please call us if you need further information to access these files.

Thank you!
Member Elations Consultant
SF Fire Credit Union

Attached were two files with the names DocumentFront.pdf.gpg and DocumentBack.pdf.gpg.

“This can’t be” I thought. A quick gpg -d later and, what the…. yes. Yes they did.

This amazing person at SFFCU took the time to A) look at my email address B) notice it uses my last name as the domain C) go to the domain D) go to my about page E) find the link to my gpg public key and F) encrypt the file to my key.

Yeah, all things that probably anyone reading my blog could do without thinking. But when was the last time your bank did this?

The response I got when I told my friends via IRC was pretty universal:

flattr this!


  1. Woah, indeed.

  2. Hello Greg!

    Nice post man, hope you’re doing well!

Post a comment.