I imagined when I started this blog that I’d be writing about, well, the bits of technology that I know something about. I’d have guessed I’d be scribbling on web development, useful titbits in PHP and confounding buglets in JavaScript, plus maybe a pet software project or two. But the thing about writing is that, in my experience at least, it takes on a life of its own – things happen in Real Life that in some sense feel like they want to be blogged, tweeted, raised, discussed. But when I’ve written before outside of programming – possibly just for the catharsis of getting a frustrating thing off my chest – it has, coincidentally, often been about technology. Which, I suppose, might serve to remind us technologists that technology is often done wrongly, and perhaps also that the correct solution to a problem is less technology, or – horrors! – none at all.
Which brings me to a hugely frustrating experience I had with LloydsTSB recently. Despite my reservations about British banks in general (mine’s a freeloader) they do deserve a tip of the hat for a useful and clear Internet-banking service. But of late when I’ve tried to transfer a sum of money to another person, I’ve found the security hoops to be so onerous that customers best give up and do the whole process manually. So, when setting up a new payment recipient electronically, one has to pass an authorisation check: the system makes an automated call to a registered telephone number, speaks a temporary PIN, which one enters into the web site. All fine, except my registered number is out of date, and a postal procedure is required to set a new one up.
No problem, says I – I’ll simply telephone the bank, and dazzle them with as many correctly-answered security questions as they fancy. I explain I want to transfer some money to an individual, and to continue, I’m asked four questions, such as “how much did you spend at shop X yesterday on your card”. So, I wait in a telephone queue, I press the right menu buttons, I co-operate with the security checks, and ten minutes later the assistant explains that since I don’t have a telephone PIN code, he isn’t permitted to continue. I hate to suggest the obvious, but I will anyway: perhaps they might have asked that question first?
Having wasted my time, his time, and his employer’s time, the assistant tells me he’ll send said PIN in the post – maybe as a consolation prize? But I really ought to reserve the lion’s share of the blame for whoever wrote the script; that call (minus waiting time) could have been reduced to one or minutes. To clarify, it’s not so much about the wasted time as the frustration that results from getting nothing done using poorly-designed processes. (Indeed, if customer service assistants were permitted to idly chinwag, we could equally have spent six minutes discussing the merits of Leslie Feist’s new album, or making amusing observations about the parlous state of the US presidential nominations – I am not into rushing for the sake of it).
My solution, of course, was to go to the payee’s bank and make a cash deposit. If I can put my Bruce Schneier hat on for a moment, the solution is trivial:
- Get the customer to identify themselves (name plus account number or debit card number)
- Take the full details of what the customer wants
- Do checks appropriate for requested services
- Do requested services
In my case, it wasn’t just “make a payment”, it was “set up a new recipient” and then “make a payment” (although, yes, one often implies the other). This approach has two benefits: not only can all parties involved save time and frustration if the security checks will fail anyway, but the checks can also be selected according to what service has been requested. (This brings to mind an occasion years ago when I enquired about an interest rate on a particular account type; I was presented with a list of security questions that appeared to be protecting, um, publicly available information. D’oh)!
Now, I wonder how I can get LloydsTSB to fix this. Do they have a bug tracker, perchance?
Updates
30 Jan: I telephoned another bank today to close an account. I’d had much the same problem with them – wasn’t permitted to do anything without a PIN posted to my address. So, I received the PIN, telephoned customer services, and explained what I was calling for. Despite the fact I would never use them, I was required to set answers for three security questions. I wonder: am I fighting a doomed battle in the scripted-assistance war?