Consumer champions Which? have published their research on online bank security which amplifies some of the issues highlighted in our blog of last week on Two Factor Authentication.
In a nutshell, Which? is scathing of the security procedures for most of the main UK banks. Only Barclays gained a wholly positive mention for its implementation of the PINSentry two-factor authentication device. But there’s a paradox here.
We got some howls of derision from friends in the UX industry after our blog on two factor authentication because they see this issue from a totally different perspective: the user experience of two-factor authentication sucks.
The truth is that the customer speaks with two heads on this issue: Everyone wants to keep their money safe and secure; very few people willingly submit to the security processes which ensure this.
Personally I think this makes Roger’s argument even more important. We have to design for compromise between these two competing views when we think about the UX of bank security.
Banks can’t be high-handed forcing secure but deeply inconvenient processes on their customer. It’s important to explore design solutions which minimise customer impact, but get the right security result. I know this sounds like a recipe for paternalistic design (cue more howls of derision from the UX community) but this is one place where there’s a good case for it.