Tax discs and pointless processes

Another tale of poor service design. Yes, it’s been a while since I wrote one of these. No, things don’t seem to be improving. Yes, it’s a call centre again.

The old challenge of remote authentication: are you who you claim to be on the phone, or the internet (and indeed at the driving test centre or the passport interview)?

It’s all about risk: balancing an acceptable level of assurance against the negative consequences of the business not happening at all.

So what happened this time? Ring ring…ring ring [for 23 mins]. Ring…ring – Hello?

– Hello, can I give you a policy number?

– Yes of course. Can I please have your full name? [gives] No, that’s not the name I have down here. [I look at the 2008 policy document in front of me, and try wife’s maiden name as shown there. It’s a joint policy] No, that’s not the name I have down here. [Married name?] Yes. And can I please have your full address? [gives] And date of birth? [try mine first, but only wife’s is accepted] And contact telephone number. [I glance at the document – the old London flat number is shown – I try that, but no. A mobile number, apparently. I give mine. No. In the fog of a now 25-minute unwelcome experience I can’t recall E’s mobile immediately]

– Do you really need that? I’ve given you seven personally identifying data points already. Do you really need an eighth?

– Yes. I can’t speak to you without going through all the checks. [please escalate to supervisor…it’s escalated. Supervisor’s word is handed back down – the call will not progress without that mobile number. In fact, I can’t even escalate to the supervisor without that number.]

– [Fuse now lit] Why is that? Are you in the slightest doubt as to who I am?

– Data protection.

– [Firework pops] No. It’s not really data protection, is it? Data protection is a safeguarding system designed to protect my data from inappropriate access or use. It was introduced as computer processing became more prevalent and people became unsure of the consequences that might arise from having large volumes of quickly transferable, personally identifying, perfectly copiable information held on third-party systems. I have been a data protection officer. I know what I am talking about. This isn’t data protection because, so far, you’re not protecting any of my data. You are going through a series of over-elaborate verification procedures before you are prepared to even acknowledge the purpose of my call. Were I to ask you to run quickly through my account history with you, or to check information about people, places or things featured on this insurance policy, or to ask you what else you held on file about me, then that would require some data protection. But so far, Mr Direct Line, this has all been one way traffic. And do you know what is really annoying about this? I am calling to try and buy some more insurance – to put additional products on my policy. The data is only going to go one way. And your company knew this. You knew this because I went through a five-keystroke automated call handling decision tree when I first called you, establishing that I was a current policy holder interested not in claims or new business, but in making changes to my current policy. I could possibly, just possibly, live with these checks were I trying to remove cover (possibly) but if you’d taken a moment to find out that I was trying to give you money in return for more of your services you might sensibly have concluded that the probability of A.N. Other calling you up, blagging through seven identifying data points and producing a credit card to buy me £100’s worth of extra insurance was just a tiny, tiny bit small. About the same probability, in fact, of me ever using or recommending your services to anyone else ever again? Do NOT give me that bollocks about Data Protection.

No, of course I didn’t say all of that. I did say most of it though. Match the process to the risk. That’s all I ask, as a process rationalist. It works. The one really gold-standard online transaction that government offers – the tax disc – works so beautifully because just such a risk-based decision was made. You don’t have to exhaustively prove that you are the person connected to the licence reminder or the car. You just have to have the reference number in your hand, and a means of payment. It also helps that the car isn’t a person – and its data can be matched across DVLA, insurance and MOT databases with relative ease – but that’s another story.

Yes – you can pay for someone else’s tax disc if you want. In fact that’s an advantage to some with elderly relatives who want the convenience brought by the internet without actually having to use it. I’m sure in a dark corner of some twisted risk analyst’s head lurks a thought that just possibly something dreadful might happen if, say, a public figure were to have their disc bought for them by a perpetrator intent on framing them for corruption… need I go on? It’s baloney.

The service has actually been beautifully designed through the act of taking out verification which adds no value. And you can get away with a pretty clunky, ugly website – and still be famous for running a great service – if you do things like that.

Paul Clarke was head of proposition and strategy for Directgov from 2007-2009. His book “Searching for the next tax disc app: why online government transactions have run into the sand” is still in production.

Category: Other


7 Responses

  1. Anonymous says:

    I’d summarise it like this:

    Firstly, you need to get the balance right between having false positives (letting the wrong people in) and false negatives (keeping the right people out). Where that line is drawn very much depends on the underlying value of the data/transaction.

    Secondly, you must acknowledge that your security measures have a cost both for the organisation and its customers. This cost must be offset against the value of the transaction, including the cost as described above that legitimate customers may not be able to complete the transaction at all.

    There is a “security” mentality that says that every process should have as much security as possible, whereas it should actually have as little security as necessary. Good security is proportionate and as far as possible, unobtrusive.

  2. Not being a process design afficianado but having had tons of frustrating experiences of this type, I completely agree wioth the tax disc comments, it was a joy to do it last time I renewed.

  3. […] everyone else does. The problem is that that both makes more difficult for ordinary citizens (as most encounters with bureaucracy make clear), and also makes it easy for criminals (who by definition don’t follow the […]

  4. BenPlouviez says:

    SEVEN checks? Blimey…. I think the question here is whether Direct Line are arses more for demanding that number of checks, or for not giving their operators discretion to conclude that actually you might have failed on one or two but it’s probably you and anyway you only want to buy additional services. I think the former. To give their call centre staff that discretion, they’d probably have to pay them a decent wage, and that would break their business model.

    My own rant on similar subject: http://benplouviez.wordpress.com/2010/04/19/id-is-for/ .

    This whole area needs fixing!

  5. Ben says:

    My mother-in-law had a similarly absurd experience.

    If I recall correctly, she was trying to send my brother-in-law some money for his birthday by bank transfer.

    She went to the bank – let’s call it the WatNest – but didn’t have the required proof of id to make the transfer.

    She confronted the bank manager – “I just don’t understand. Of course you know who I am, Ian Williams, I used to babysit you when you were a boy. And besides, I’ve been coming in here for 30 years.”

    “I know Anna, but these new rules. I need to see some identification. It’s data protection, you see.”

  6. Nick Holden says:

    I’d post a really relevant and witty comment if only I wasn’t so busy buying tax discs for members of the cabinet using the identity of a Colombian drug lord…

  7. […] finally, along comes Paul Clarke being authenticated over the phone by an insurance company.  It does not go well.  Match the process to the risk. That’s all I ask, as a process rationalist. It works. The one […]

Leave a Reply

Flickr Photos











More Photos