For those of you that are not aware, these card readers look like a calculator with a slot for your card at the top. You enter your card, enter your pin, enter a code from the website and receive a code to type back into the website.

A number of years ago, while working for an upcoming warehouse software company, I came across a somewhat paranoid but fascinating solution one of our clients used to protect their network. We often had to access databases remotely and in this case we did so via a VPN (a VPN is basically connecting to a private network over the internet).

The added twist was that we had to enter an extra code. This code was shown on a little keychain dongle that had been sent us – while I don’t remember the name or details, the dongle gave us the password and it was different every time. We had excited conversations between ourselves on how this thing worked and how the algorithm could possibly be cracked. Soon enough we realised that the whole idea was a huge burden – many people needed to access the VPN from many different places and we only had one.

We toyed with the idea of setting up a webcam and broadcasting the readout via a webpage, undermining the security. Fortunately the client scrapped this security.

I write this because this is exactly the frustration we all face with bank card readers. Currenty I am in Asia (Koh Chang, Thailand to be precise) and I am carrying no less than three of these readers, one of which I had to have shipped from the UK after they replaced it.

The Barclays PINSentry Card Reader. I H8 U.

Why else are these readers a burden?

• They prevent multiple users accessing the account simultaneously (think business accounts and shared accounts)
• They require your card, so two items need to be carried at all times. Some people never use their cards and have no reason to carry them
• Card readers can break
• Card readers need batteries
• They are not convenient to carry

It is no doubt a big priority that these systems remain secure. Ultimately, that security is irrelevant if the customers do not use the service or transfer to banks that have a more user friendly security method. So, in my opinion, number one priority for bank and customer is the usability.

Unfortunately, the card readers are just the icing on the cake for me. Some of the other frustrations I find with online banking:

• Non standard login methods, preventing your browser or plugin (LastPass!) from working
• Incomprehensible design and technology decisions, causing major usability problems. (e.g. browser back/forward buttons causing logging out)
• Lack of stored data (most of my accounts only hold a couple of months statements)
• Lack of browser/device compatibility (no chance of banking online with my phone)
• Lack of reliable notifications for payments (did they receive it? what is the status?)

The Light

Fortunately, I have seen recently a couple of examples of great forward thinking in the online banking arena. Of particular note is Barclaycards excellent new online interface, launched around July 2009. As the screenshot below shows, you can see up to date graphs on your spending categorised by groceries/fashion/travel etc.

Barclaycard Online Interface - Click to Enlarge

As Barclaycard have pioneered, what else can we look into for our online banking solutions?

• Notifications – RSS, Text, Email and/or desktop messages showing transactions, balance, charges, statement available
• Phone integrations – an iPhone app for my banks, with push notification, would be immense
• Integrations – Achievable via notifications for a programmer, but some kind of integration with invoicing software or personal finance systems would be a big time saver.
• Better exports – ability to export all information, from all date ranges
• Better use of information – Imagine the information that must be available on each transaction? Location, company details, exact time, balance at that moment etc.
• Standardisation across banks, allowing the ability to view finances together (perhaps only realistically achievable by integrations)

Existing Integrations

I intend to investigate further, although it seems that existing websites bringing finances together in a truly automated way are still in infancy, probably due to our banking system here in the UK. It is only last year that the banks upgraded their systems to allow instant money transfers (instead of 3 to 5 days delay) – from a reliable rumour I heard, this was due to some banks using the equivalent of spreadsheets to organise these transactions.

Some of the sites that are worth investigating (thank you to Emma Davies of LoveMoney for her contributions here):
Mint.com – currently seems to be USA only
Money Dashboard – looks slightly amatuer, although claims to integrate automatically. Try with caution, I saw them spamming on money forums. Still in Beta with no launch date.
LoveMoney.com – A new UK only company launched in April 2009, with online banking launched in December last year. Constantly improving with updates every two weeks. Check out the Love Money Blog.
Kublax – a 2007 seedcamp winner, but faces closure due to lack of funding. Could be saved by Simply Finance so still worth keeping in mind.
Wehuhu – No integrations yet (manual uploads) but this is a new service and could be expanding soon.

With some digging around, there appears to be a resistance from the UK banks which is delaying these types of systems. Quote regarding Mint.com “They’ve said they aren’t going to launch a UK version for the forseeable future. None of the major UK banks have gotten on board to allow sharing of transaction data.”. Source: Money Saving Expert forums.

Imagine the Future

I am an optimist. I picture a time when I wake up in the morning, check my emails and see that I have received three payments with details of who from and the exact date/time they sent it. This summary also shows that of the five payments I sent yesterday night, three have been received successfully and two are still pending. My invoicing software is notified of the payments and marks the relevant invoices as paid.

Sat in my favourite coffee shop, I check out my iPhone banking app. I can quickly see the balance of all my accounts, credit cards (including available spend) and also that the two pending payments are now confirmed.

That evening I travel out of my home town and pay for petrol on my card in somewhere I have never been before. I instantly receive a text message to notify me of this transaction, due to its slightly out of character nature, with a web link and number to report the fraud and instantly freeze the card if necessary.

It is is the end of the month and I am checking my credit card statements. I can see easily what I have spent compared to the past 6 months, by category of expenditure. I can see a graph showing my expenditure over the month and realise that the first week I went a bit overboard on clothes shopping. My account shows that all bills are scheduled to be paid and calculates that there is enough money to pay them all, giving me a total of “free cash” that I can withdraw during the month.

This is just a sample of how much control we could have and how convenient banking could be. How nice would it be to see a cheap Macbook Air in the shop, check your finances instantly on your phone and only buy if you can? Not very nice for the banks it appears, which may be a reason they are dragging their heels when it comes to providing us with convenient information.

Why Banks should Embrace

More control over our finances should theoretically mean less mistakes, less people overdrawn, less interest and less fines; all this equals less profit for the banks.

The reality is that not everyone will embrace these new features. Offering this technology does not instantly make everyone in the country good with money – those who are too busy, too scared and otherwise not motivated will still make the mistakes they always have. The ones who are craving this power will reward the banks with more business.

Advancing the online banking technology will not put more money in peoples pockets, remove their greed or fix their lack of money skills.

Let me indulge you with an example. I always play it safe – if I have any doubt over how much money I have, I won’t buy. I am not tricked by overdrafts, high credit card limits or buy now pay laters. I like to think I know about money and I don’t like paying interest – I always pay in full and on time.

If I am given more control and information, I am likely to know exactly what I can afford and spend more. As a bonus, if I am told that buying a new espresso machine this month will only cost me £7.24 in interest if I put it on card and pay it the month after, I will be tempted to do so.

There is opportunity here for financial institutions to get a head start on others. I am not afraid to change to a bank that offers me more information, better access, more convenience and is more forward thinking. As banks know, an existing customer is more likely to take a loan or a mortgage or other products.

Better tools to access information and monitor information means people will be using the banks systems more. More usage means more potential for advertising, up selling and gaining customers trust.

If my bank embraced technology even slightly, I would respect them more and listen to what they have to say.

Solutions to Security

There still lies obstacles with security, put in place by self-righteous technology consultants and the paranoid media. Due to this mindset, usability is often completely ignored.

I admit I am not particularly security focused, but I believe finding a solution that is convenient to the user is essential. Regardless, here are some potential security starting points:

• Instead of card readers, how about additional security only when unusual activity occurs? (e.g. different location of login)
• Grant lower security to those who want it. Give us a choice! I will take the risk, because I know I won’t enter my details into www.barclaysbank.somerandomdomain.com/login
• Custom security levels. e.g. by default require additional authentication only when money is transferred (customisable by the user)
• Bio-metrics – some way off for mainstream (who of you has a fingerprint reader?), but should be implemented when feasible
• Trusted machines – link my laptop or desktop to the website, meaning I only have to jump through a hoop once

What do you think?

Are you happy with the banking system? Are you inconvenienced by the security, or do you not mind and prefer the peace of mind? Do you have any alternatives or ideas?

If so, comment below!

It is clear that this solution goes a long way to dealing with the spam problem and the webmaster is happy, but at what cost to the user? At best there is another field to fill out. At worst, if the image is hard to read or the user has some visual impairment it is a barrier for the user to completing the form.

Most good CAPTCHA implementations will include a visual (image with text) and audible (audio playback of the text) meaning that even those struggling to read the image will be able to complete the form. There are also usually options to “refresh” the image, creating a potentially easier to read image.

All of this helps but does not avoid the fact that the user is having to do more work to complete the form. We are always looking to increase conversions and should be looking at reducing the actions a user has to do (such as avoiding duplicate email and password fields) in order to increase the chance they will fill out the form.

So what about alternatives? A great example of spam detection is the excellent Akismet as popularised by WordPress. Spam is automatically detected by algorithms and tests on the Akismet server and this reduces manual checking to pretty much zero as well as leaving the user experience untouched.

So a use of Akismet or similar service is the ideal solution – the user does not see a change and the spam problem is still solved. The service should err on the side of caution, to prevent losing genuine information. Regular checks of the “spam” content should also be considered.

The second best solution, which can also be used in conjunction with an Akismet type integration, would be to improve your admin systems. If your form is submitting directly to email then it will be difficult to check and remove large amounts of spam. Having a tidy admin area with the ability to view/edit/delete data all together will reduce time spent on checking for spam.

Many CAPTCHA implementations are unnecessary and are done as either habit or due to some idea that it is a professional thing to do – question whether you will actually receive spam and is it better to deal with it manually?

The final alternative would be to make the CAPTCHA less obtrusive, more fun or easier in some creative way. Microsoft have the initiative ASIRRA which shows promise – the user is asked to identify pictures of dogs and cats. A simple click by the user is all that is needed and in tests many found the exercise fun.

Some websites also offer simple random questions (e.g. what is 3 plus 5?) although these are potentially circumvented as well as lacking the fun appeal to most users.

In conculsion I stress that you should consider first and foremost whether you need spam protection. If you need to, try to ensure the spam protection does not intrude on the users experience – your conversion rates will reward you.

Do you have any CAPTCHA tips, tricks, advice or questions? Get involved and comment below!

photo credit: karstenkneese

“Tag cloud”

This phrase was once so sexy. Instantly you can picture a block of random words with varying sizes and/or colour in a random order. Now it seems to have fallen out of favour – since the initial conception, nobody is talking about how to improve or advance this technology.

A Tag Cloud was once talked about as a perfect example of Web 2.0 – user generated content, funky design and alternative UI navigation. Many sites quickly jumped to using Tag Clouds and even now most new sites that can use them will.

What caused the hype with Tag Clouds? They ticked all the right buttons:

• User Generated – The idea that your website visitors will tag everything and save you time in organising content.
• Alternative UI – Finding better ways to access content is a good thing
• Modern Design - As a new but widespread idea a Tag Cloud gives visual appeal and association with high profile sites
• User Interaction - Allowing user contribution improves community and repeat visits

For me a Tag Cloud has been a paradox. When discussed in planning a new site they are always a good idea but in practice they often fall down or cause problems. The initial designs benefit from them but in practice they are rarely clicked and often ignored by visitors. The prospect of self-organising content is tempting but often more administration is created.

Why is this? From my own experience as a user, tags are just too fuzzy. I often waste more time trying to think of the right tags and as such I am most likely not to tag them. I always turn off tags in WordPress installs and have never taken to delicious properly because the tagging seems like hard work to me.

Essentially there is too much freedom and ambiguity. Do you tag an SEO tool website as “SEO”, “Tool”, “SEOTool”, “SEO Tool” or all of the above? Do you use singular or plural? If your searching for content, can you guarantee it has been tagged with the right keywords or could you be missing some things?

Here is a breakdown of my issues with Tag Clouds:

• User Generated – Your users can and will do what they like. While you will get some great users who tag perfectly others will make spelling mistakes and not care. Others still might bicker over pointless details such as the user of captilisation or singular/plural. Users will use a mix of different ideas resulting in a total lack of cohesion.
• User Interface – While the Tag Cloud looks good to an experienced internet user, to others it is not self explanatory. More importantly even experienced users will ignore a tag cloud for the reasons above (basically inaccuracy). The Tag Cloud relies on the idea of “casual browsing” or in other words a user who doesn’t know what they want to see next. In reality we  mostly browse with a purpose or goal in mind with little room for suggestions of what to look at and therefore little room for a tag cloud.
• Modern Design – While initially it might have been beneficial to be associated with the Tag Cloud crowd, it no longer stands out and your users will be blind to it. Even if your website implements tags in a flawless and useful way, the association with bad implementations on other websites will ruin your hard work.
• User Interaction – If your users don’t understand the need for tags and you make it an integral part of the system (like delicious) then you risk making your service seem like hard work. For me tags don’t flow easily and therefore it seems like hard work to bookmark a site with delicious.

To illustrate my point, here are a couple of examples of how Tag Clouds are frustrating to me. These two examples show how this applies to group tag clouds (i.e. where many people can tag the same thing) and individual tag clouds (i.e. where the content owner/publisher only can tag).

Flickr – The original tag cloud user, Flickr allows their users to tag photographs with whatever they want. The result? Ambiguity (search for cheese and you get a dog). Overkill (tagged with many variations e.g. “samui”, “koh samui”, “kohsamui”, “thailand”, “chaweng” etc. etc.). Innacuracy (wrong spelling tags). Spam (Using a “Michael Jackson” tag incorrectly to get visitors).

Delicious – This bookmarking tool tags in a different way by allowing all users to tag the same website. The main problem is the variety of tags that are used. Take the excellent Penny Arcade web comic – it has a vast amount of different tags including the ambiguous “fun”, “art” and “monday”. In reality this offers no value for navigation and creates a headache for when you want to tag the site (oh should I tag it “fun” or just “comic”? or maybe “webcomic”? Or how about “gaming web comic”, or is that too specific?). The result is simply a mess of disorganisation.

Unfortunately for all the promise I cannot see a benefit to using Tag Clouds in this way. I can understand tagging content in a controlled and structured environment, but on the web in community websites it would be impossible to organise and manage.

Once you start using Tag Clouds it is hard to go back. Users will be used to them (some will of course like them) and your navigational structure will no doubt be based around them.

So in reality your Tag Cloud could actually be doing your website some harm. Don’t simply follow the cloud crowd – think about if this concept will work and know for sure before it is too late.