Security vs. Usability

September 23, 2008

I have been using my ICICI bank credit card for over thryears now. I encountered this weird error this morning while paying my bills on visabillpay. (Click image for a larger view)

ICICI credit card error

Alright let me set context.

This is a page which ICICI bank brought up while doing a credit card transaction on Visabillpay. This page asks me to register my credit card online with ICICI bank using a Internet banking pin number.

So I have seen this page multiple times on this site but always opted out as I don’t have my interent banking pin number. So today I did the same thing and opted out of registration by clicking on the “No, thanks Don’t activate my card now” link, but this is the message I got.

“You have exceeded the number of opt-outs for this card. If you decide to opt-out even now then bank will decline your transaction.”

I was astounded. I had no clue of what was happening. The bank never told me that I had a fixed number of opt-outs from registration. Now I can’t pay my electricity and water bills.

Here’s how this scenario could have been handled using better product design

  • ICICI bank should have told users the number of opt-outs they have. This could have been in the form of a counter which is very prominent on every registration request screen.
  • Educating the user about the advantages of registering their credit card. In fact ICICI bank is mandating this for higher security and to prevent online credit card fraud. Educate your users by telling them the benefits of doing a particular action and then lead them to this action.
  • Forgive your users which they don’t do something that’s needed, after all they are users!
  • Send users warning alerts as their opt-outs are nearing to zero. ICICI bank has my email address and my mobile number.
  • Get customer care to call users.

Forgive, educate and lead to action – simple but powerful.

What do you think ? What you faced this issue ?

Advertisements

5 Responses to “Security vs. Usability”

  1. csk Says:

    Only your debit card is linked to your bank account, not the credit card. So what you are asked is a separate password you should have had for the credit card, and not the internet banking password. this is how it is for my citibank debit and credit cards.

    Also, verified by visa program has been there since many years now, has greatly improved in user experience, but has a long way to go as you pointed out!

    Nevertheless, it is recommended you take the pain, understand it all, and register for it. After all it is for your own safety.


  2. Yes, I realize that this is a separate pin which was given to me sometime when I got my credit card. I have no clue as to where it is right now.

    If you wanted me to register make me do it the first time I use my card, not after 3 years of having used my credit card 🙂

  3. Umesh Says:

    I had linked my credit card to my icici online banking account long back itself. Also i have never used my credit card to pay bills on online banking so have never come across this scenario.

    Its totally weird. Also i dont even think there should ever be a max opt out number (????) again which is more than 100 times (havent u used it more than 100 times?). Its totally absurd.


  4. Yes, no doubt it’s totally absurd and wierd. The reason Visa is doing it is so that they prevent credit card fraud, but why bring it up to me suddenly ? and stop me from doing a transaction!

  5. Sathya Says:

    Whoa, I had _no_ idea there was a fixed number of opt-outs! I encountered these recently, I guess I better not opt out again!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: