Which? Weighs in on bank security

By Tom Wood @Foolproofer

Consumer champions Which? have published their research on online bank security which amplifies some of the issues highlighted in our blog of last week on Two Factor Authentication.

In a nutshell, Which? is scathing of the security procedures for most of the main UK banks. Only Barclays gained a wholly positive mention for its implementation of the PINSentry two-factor authentication device. But there’s a paradox here.

We got some howls of derision from friends in the UX industry after our blog on two factor authentication because they see this issue from a totally different perspective: the user experience of two-factor authentication sucks.

The truth is that the customer speaks with two heads on this issue: Everyone wants to keep their money safe and secure; very few people willingly submit to the security processes which ensure this.

Personally I think this makes Roger’s argument even more important. We have to design for compromise between these two competing views when we think about the UX of bank security.

Banks can’t be high-handed forcing secure but deeply inconvenient processes on their customer. It’s important to explore design solutions which minimise customer impact, but get the right security result. I know this sounds like a recipe for paternalistic design (cue more howls of derision from the UX community) but this is one place where there’s a good case for it.

Tom Wood

I’m one of the two founders of Foolproof. Within projects I usually take a role both in planning our approach and in the generative phases of design. I’m also active in gathering client and customer needs into the design space. My particular talent is helping senior stakeholders see and understand the customer’s world in richer detail, and helping them work out how to respond.

View Tom's profile

What do you think?