This week I went to AgileLondon which was hosted at McKinsey. It was a really interesting MeetUp-style event with a format I’ve not seen before.
There were seven presentations and we all voted for two of them after a short elevator pitch from the presenters on why their presentation was worthy of being included. The other five were ‘eliminated’ and the audience provided a topic for those presenters to work on while the two were being presented.
Earlier today I gave a short presentation to the Digital Finance Masterclass in London. I only had ten minutes, followed by 8 sessions of pretty intense ‘Digital Surgeries’ – a great format, but quite tiring.
Before the event, I had been told that the Digital Surgeries were like speed dating – thankfully I got married before speed dating, because I can’t imagine going through that process in a relaxed, sociable setting.
With only ten minutes for the first presentation, to a varied audience across Financial Services, I focussed on the following topics, shown in the attached Slideshare presentation:
Every year I forecast a number of predictions in the Digital Media/ Internet world, and at the end of the year I score those predictions to see whether they came true or not. Here are links to 2010, 2011, 2012 and 2013 predictions.
For the coming year, here are my predictions:
Endava has been helping a UK IT industry association with some thought leadership pieces recently, and I’ve been permitted to share my contribution before the report is published.
We’ve contributed to two essays, and I’ll post a link on this site when they are released in early 2014 . This is the second part of two posts – you can read the first one on user experience for banking customers here.
The answer here lies in three distinct areas:
Let’s take one of the biggest retail banks in the UK. To log into their online banking systems they have a variety of authentication methods:
These methods are not only inconsistent, they negatively impact the users’ experience of the online servicing channels.
Organisations need a unified authentication standard. I understand that an ATM requires a physical card, so it can have the easiest authentication of only 4 characters, but why does the message boards (which have no account access) need to be more complex than the mobile banking app?
In order to trust online retailers with our private details, we use SSL security certificates. Certificates are not just for encryption, they are a means of ensuring we are buying from a company who is who they say they are.
It’s now time for the other way round – for customers to prove who they are.
If a user books a room on Air B&B, they don’t want to stay at a mass murderer’s house, and the house owner doesn’t want a mass murderer staying with them either. Both need to have a level of trust on the network – usually achieved by previous transactions being validated.
I have an eBay account with 100% positive feedback amassed over a few years and over 500 ratings, both buying and selling. So when I join a site such as TripAdvisor, or Air B&B, that eBay ‘score’ should count for something. I’m the same person. And this is the Internet’s Identity Crisis.
The Internet needs a centralised Single Sign On system to link all accounts into a common identity. Facebook and Twitter both have their own systems in place (Facebook Connect and Sign in with Twitter), but the issue here is about Trust. I don’t trust those two organisations to log into my bank, tax or healthcare providers.
I do trust my bank though. And so do most people. Whilst the media attempts to discredit banks, there aren’t mass cash withdrawals from banks because the public fundamentally does trust them.
In my view, to solve the Internet Identity Crisis, banks should build a Single Sign On system which uses similar OAuth based technologies to the social networks which can be used by any third-party website. The system provides authentication to the website, but won’t allow any other details to be exposed unless the user explicitly permits.
Only then will the Internet Identity Crisis be solved.
Technically, Single Sign On has been solved by a number of organisations. This leaves three resistances to Single Sign On: Organisational, Political and Social.
Traditional organisations are built in silos. When one part of an organisation builds a system, it’s uncommon for that part to comply with existing authentication systems unless specifically mandated, which is also uncommon. This leads to the issues outlined in the retail banking example above, with six systems, each with different passwords and password complexity.
Political resistance is encountered where a specific authentication system isn’t adopted because of perceived risk or perceived non-standard technical constraints.
Social resistance are attention grabbing headlines such as the one shown above. These headlines undermine the credibility and security of large-scale websites and digital service providers, creating resistance to adopt new technologies. And this doesn’t help anyone.
I’ve been applying a bit of Search Engine Optimisation to this blog over the last couple of weeks (successfully I should add – visits are already up over 30%) and one of the most recommended techniques is to assign authorship to articles.
What this does, is tells Google that the web site owner has trusted this particular person to add an article to the site. You might think that for this blog, the site owner and author is the same – but Google doesn’t mind this because it just wants to know there’s a human at the end of the keyboard, not another spammy robot knocking out (or copying) content. It’s the age old sign of trust of putting someone’s name at the bottom of a document adds credibility.
The way Google trusts that the person is a real human is by linking the ‘byline’ to their Google+ account. This is clever for so many reasons:
It’s the last point that is the most valuable. The Internet needs a single sign on, centralised user authentication system to prove who we are, so that businesses can trust who the buyer says they are.
A friend of mine sells furniture online. It costs him a small fortune to deliver it to customers, and with the distance selling regulations, he often gets customers who tell him after a week of delivery that they don’t want the item any longer. He reckons he can tell who is ‘trying it on’ to check whether he’ll offer a refund without bothering to collect the item again. He estimates that these “customers” go from site to site trying to take liberties from companies.
Wouldn’t it be a better system all round if a user bought an item from a website, and that site could look in a central place for delivery and payment information, and whether this user was trustworthy or not, before dispatching the item.
Another player in the market who might try to create this central authentication system is Apple. Combining Apple ID with fingerprint recognition and perhaps phone based GPS information could be a secure system.
I’ve been writing about the need for a trusted Single Sign On system across the web for some time now and I think I’ve seen it start to emerge.
My concept of the Single Sign On solution is similar to Facebook Connect, but from a trusted, strong, long term brand. Facebook still needs to prove its credibility in the trust arena. I only use Facebook Connect for some personal sites where I want to reduce, or even avoid, the time it takes to register.
Would I use Facebook Connect for tax returns, or my road tax, or my company’s payroll system? Nope.
I do a fair amount of travel and seem to need my passport number (and sometimes other passport details) from time to time. I once scanned my passport and I keep it as a digital image on some secure digital storage where I know I can access it everywhere (interestingly the UK Government also recommends to “store it online using a secure data storage site“). The same goes for my National Insurance card, photos of my bikes’ frame numbers and stuff like that. When I speak to other people about this, they have similar solutions, and I know some people who keep these solely as photos on their phone. We all have different levels of security that we’re comfortable with, but I really wouldn’t advise the phone method.
Last week I heard about a new service from Barclays Bank called Cloud It. Cloud It enables, well actually it encourages, users to upload important documents. It then adds additional functionality such as alerts for expiring documents, or regular renewals (e.g. MOT certificates and insurance).
I have no proof whether Barclays Cloud It is any more or less secure than say, BT, Google, Microsoft or Dropbox, but the fact that a bank is storing your document ‘feels’ more secure.
The next step of Cloud It really should be Single Sign On. I would trust my bank to authenticate me into other services.
I spoke about this concept of a bank offering Single Sign On at a conference earlier this year. Over lunch afterwards I was asked whether people really trust banks after the recession, and the bad press that bankers often receive. One person on the table categorically stated that he wouldn’t trust his bank.
My answer to this is simple: people still keep their money, one of our most valuable day to day assets, in banks once they’ve been paid and they still go to banks to borrow money for their houses and cars. Conversely, if people didn’t trust banks, we’d be hearing a lot more about mass withdrawals after being paid. But people don’t withdraw their money based on lack of trust (except Cyprus), and this proves that people do trust them, and in the future we’ll be trusting them to log in to all sorts of systems across the Internet.
In November last year I wrote about how Google Glass will destroy the trust that we naturally have between people.
Last month it was the Google I/O conference, a gathering of developers from all around the World. One of the best articles that covered I/O was from the NY Times, in which the journalist discusses the same issue, from a bathroom perspective (literally).