Frozen customer experience
Piotr JJ Szymanski
Insights professional. I help organisations make better decisions faster and drive change by applying agile mindset to data.
One-Time Passwords (OTP) sent via text messages (SMS) – a form of ‘Two Factor Authentication’ (2FA) – seem to be an example of consumer #technology that froze in time.
I make a transaction online with my credit card, and am promptly taken to a ‘verification’ page. There, I need to input an OTP that my bank sends to my mobile (a.k.a. cell) phone via SMS. A decade ago, I would have had no issues with that. But today, this experience is far from ideal.
First, these days, I mostly use my smartphone to buy things online – not a desktop/laptop/tablet computer (like I used to, years ago). The OTP arrives on the same smartphone, so I need to swap back and forth between the apps.
Second… and this is the root cause of the ‘swapping back and forth’ thing… more often than not, the OTP consists of eight digits. I don’t know about you, but the mnemonist in me struggles to remember more than six digits after just a quick glance. I usually read the first four, go to the verification page and input these, go back to the OTP to read the remaining four digits, and go back to the verification page again to complete the process.
Third, most of the verification pages use ‘password dot code’ for the OTP field: as I type in the digits, they quickly turn into dots. Even if I went back to the text message to check the digits from the OTP, I could never be sure whether I inputted them correctly on the verification page.
We all know why the ‘dots’ – this is yet another ‘layer of security’ for my card transaction. Except, no one is lurking over my shoulder while I am doing all this on my smartphone! And even if they were, it is a One-Time password – stealing it would not pose a threat to my credit card in the future (unless, that hypothetical fraudster would keep stealing subsequent OTPs sent to my smartphone over and over again – which is a scenario too unlikely to consider).
So, here we are: dated security features that make my customer experience with card payments online less than ideal.
Can this be done differently? Of course, it can!
Starting from the bottom of the list: get rid of the ‘dots’ replacing digits on the verification page. My one-account-for-all-government-related-matters is protected by a 2FA system. When I type the OTP, the digits stay right there in the field, and I can re-check the SMS if I got it right.
The OTPs I receive when logging to the same government account are six-digits long. I memorise them in two groups of three digits, which I am able to input in one go.
Finally, when my bank wants me to authorise a transaction, I get this big red ‘Authorise’ button in my banking app. One tap and… Bob’s your uncle! It can be done.