Why do banks still have no way to send us confidential messages?
This is part one of a series on e-delivery: <%- partial_page(‘_partials/edelivery-index.html’) %>
We’ve crossed into 2012 yet banks and health care are still putting us through contortions to retrieve confidential electronic messages. Why? Paper and FAX were the accepted practice in the old days, but when it comes to electronic delivery there really is no push delivery replacement. E-mail sounds kind of like the right solution, but it’s not secure.
In the absence of a trusted electronic delivery system what we consumers are getting is an ePickup system. The bank sends us a content-sterilized email message, such as the one shown below, notifying us we have a confidential message. To view the actual message we must go pick it up at the bank’s web site! Not to dissimilar to Fedex leaving a sticker on your door telling you where to go pick up your parcel.
The obvious first problem with this approach is the potential for phishing or email spoofing. We should all know not to click on links in email messages, but it’s pretty easy to craft a message that will fool a great many of us into clicking the link anyway. A second problem is that email delivery is unreliable because of email spam filtering. These issues cause banks to be reluctant to even send ePickup notices via email.
This pie chart shows that more than half of phishing attacks masquerade as PayPal links, followed by eBay, HSBC, and Facebook, according to a new report from Kaspersky Lab.
Beyond this there are just too many steps involved in retrieving the message. Some sites aren’t bad. The notice above from E*Trade only resulted in six or seven superfluous steps to retrieve the actual message contents. I’ll enumerate them here so you get the idea:
- Read original email message instructions on how to retrieve the message contents
- Navigate to the E*Trade web site via a bookmark or by typing the URL
- Enter username and password and login; wait for page to load
- Take a detour by clicking the message in the Alerts section (a quirk of a slightly confusing E*Trade web page implementation)
- Hunt for the Customer Service button and click
- Hunt the customer service page looking for the list of messages
- Click on the message: it is now ready to be read
Each business web site is a different experience and many sites or flows are more confusing or dumbfounding then E*Trade’s. Citibank and Bank of America have ePickup processes that in the past were so convoluted that I’m not sure I’ve ever followed through to actually reading a message from either party.
In eCommerce we talk about conversion rates, with the general idea being that the more friction required to make a purchase, the less people follow through with the purchase. Thus the motivation behind Amazon One Click. Obviously then lower friction systems should be the goal and it’s pretty obvious that we don’t have such a system today.
I don’t fault E*Trade or any other company for using ePickup because alternative standards for confidential push delivery do not exist. The current situation results in these problems:
- Using email for ePickup notifications opens consumers to phishing/email spoofing.
- Having a unique navigation experience at each bank’s web site increases friction, resulting in every message from every business being a new episode in message retrieval. If the content being retrieved is not valuable enough, you can be sure conversion rates will not be 100%.
- The ePickup process has so much friction that businesses only send the most important messages, leaving behind the opportunity for continual engagement.
- Consumers are not kept as up to date with their accounts because, with banks avoiding sending email except when vital, their only updates come when they visit the bank’s web site.
- Banks have spent big bucks on secure delivery solutions, but none of these solutions has made life any better for the consumer.
And of course it’s not just banks that suffer from the lack of a secure delivery channel. Billers, health care, insurers, payroll are all reluctant to send messages via email and must rely on regular customer visits to their sites.
This is the first of a series of posts on the problem of secure delivery. Watch for later posts where I look at eDelivery of statements, various solutions on the horizon and hint at an even better solution.