Start with the way people behave, not how you design

Thinking about process redesign, I remember when the ATM was invented. I wasn’t there – I’m not that old – but I remember reading about the great debate they had as banks didn’t believe people would be able to remember a PIN.

The BBC reports that “Mr. Shepherd-Barron came up with the idea when he realized that he could remember his six-figure army number. But he decided to check that with his wife, Caroline. ‘Over the kitchen table, she said she could only remember four figures, so because of her, four figures became the world standard,’ he laughs.”

That was in the mid-1960s. Now we still use PINs, but have layered more over the top. I blogged about this recently, and do so often

So, I don’t want to go down that route again. Instead I thought I would pick up on how we have now made things so complicated, most people don’t know how to use their bank accounts. We used to underestimate people’s abilities – there’s no way they could remember six digits for a PIN; now, we overestimate their abilities – who can remember a password they used more than 30 days ago, that has to have a numeric, a special character, be longer than 8 characters and isn’t used on any other website?

The problem is that we cannot simplify this without technological innovation.

We started by asking for more difficult passwords. That failed. We then sent out SSO tokens and asked people to enter random screen numbers and PINs for online access. That didn’t work. Even things like Face and Finterprint ID’s can fail if you’re asleep or drugged. More recently, I’ve also noticed that some internet browsers offer access using their own strong passwords. The trouble is how would I then use those services on other devices when I don’t recognise an strong auto-generated password?

In other words, what has happened is we started in 1967 with a four digit number, that people believed we would not remember, and added 55 years of innovations to end up with hundreds of inconsistent ways to access banking that no-one can remember. And then we closed all the branches and said you had to do it this way. Tough.

What is the solution?

I think the solution is biometric today, but it needs one extra feature. An understanding of how consumers behave and what they can remember. So, I like the idea of a biometric with a PIN, but it gets clunky. I like the idea of a biometric with an SSO, but that’s even clunkier. My favourite idea is to have some DNA, as I’ve always wanted to spit on my bank, but the tech doesn’t offer that innovation today. Therefore, for the moment, the answer is a PIN, biometric, SSO, mother’s maiden name, inside leg measurement, blood type and name of the school your fifth cousin attended.