Oct 26, 2010
Another tale of poor service design. Yes, it’s been a while since I wrote one of these. No, things don’t seem to be improving. Yes, it’s a call centre again.
The old challenge of remote authentication: are you who you claim to be on the phone, or the internet (and indeed at the driving test centre or the passport interview)?
It’s all about risk: balancing an acceptable level of assurance against the negative consequences of the business not happening at all.
So what happened this time? Ring ring…ring ring [for 23 mins]. Ring…ring – Hello?
– Hello, can I give you a policy number?
– Yes of course. Can I please have your full name? [gives] No, that’s not the name I have down here. [I look at the 2008 policy document in front of me, and try wife's maiden name as shown there. It's a joint policy] No, that’s not the name I have down here. [Married name?] Yes. And can I please have your full address? [gives] And date of birth? [try mine first, but only wife's is accepted] And contact telephone number. [I glance at the document - the old London flat number is shown - I try that, but no. A mobile number, apparently. I give mine. No. In the fog of a now 25-minute unwelcome experience I can't recall E's mobile immediately]
– Do you really need that? I’ve given you seven personally identifying data points already. Do you really need an eighth?
– Yes. I can’t speak to you without going through all the checks. [please escalate to supervisor…it’s escalated. Supervisor’s word is handed back down – the call will not progress without that mobile number. In fact, I can’t even escalate to the supervisor without that number.]
– [Fuse now lit] Why is that? Are you in the slightest doubt as to who I am?
– Data protection.
– [Firework pops] No. It’s not really data protection, is it? Data protection is a safeguarding system designed to protect my data from inappropriate access or use. It was introduced as computer processing became more prevalent and people became unsure of the consequences that might arise from having large volumes of quickly transferable, personally identifying, perfectly copiable information held on third-party systems. I have been a data protection officer. I know what I am talking about. This isn’t data protection because, so far, you’re not protecting any of my data. You are going through a series of over-elaborate verification procedures before you are prepared to even acknowledge the purpose of my call. Were I to ask you to run quickly through my account history with you, or to check information about people, places or things featured on this insurance policy, or to ask you what else you held on file about me, then that would require some data protection. But so far, Mr Direct Line, this has all been one way traffic. And do you know what is really annoying about this? I am calling to try and buy some more insurance – to put additional products on my policy. The data is only going to go one way. And your company knew this. You knew this because I went through a five-keystroke automated call handling decision tree when I first called you, establishing that I was a current policy holder interested not in claims or new business, but in making changes to my current policy. I could possibly, just possibly, live with these checks were I trying to remove cover (possibly) but if you’d taken a moment to find out that I was trying to give you money in return for more of your services you might sensibly have concluded that the probability of A.N. Other calling you up, blagging through seven identifying data points and producing a credit card to buy me £100’s worth of extra insurance was just a tiny, tiny bit small. About the same probability, in fact, of me ever using or recommending your services to anyone else ever again? Do NOT give me that bollocks about Data Protection.
No, of course I didn’t say all of that. I did say most of it though. Match the process to the risk. That’s all I ask, as a process rationalist. It works. The one really gold-standard online transaction that government offers – the tax disc – works so beautifully because just such a risk-based decision was made. You don’t have to exhaustively prove that you are the person connected to the licence reminder or the car. You just have to have the reference number in your hand, and a means of payment. It also helps that the car isn’t a person – and its data can be matched across DVLA, insurance and MOT databases with relative ease – but that’s another story.
Yes – you can pay for someone else’s tax disc if you want. In fact that’s an advantage to some with elderly relatives who want the convenience brought by the internet without actually having to use it. I’m sure in a dark corner of some twisted risk analyst’s head lurks a thought that just possibly something dreadful might happen if, say, a public figure were to have their disc bought for them by a perpetrator intent on framing them for corruption… need I go on? It’s baloney.
The service has actually been beautifully designed through the act of taking out verification which adds no value. And you can get away with a pretty clunky, ugly website – and still be famous for running a great service – if you do things like that.
Paul Clarke was head of proposition and strategy for Directgov from 2007-2009. His book “Searching for the next tax disc app: why online government transactions have run into the sand” is still in production.