Whilst I’ve clearly over-complicated my own online life, a recent article on the Fox Small Business Center website highlights that this password fatigue is endemic throughout the online community. A survey of 2,000 adults showed that 30% have over 10 unique passwords to remember, and I’m one of the 8% with more than 21 passwords.

From an eBilling and eStatement viewpoint, there are 2 main issues with this: customer experience and security.

Customers would rather clean toilets!

While you may feel that your new eBilling portal is a paragon of best practice online design and ergonomics that your customers will enjoy using every month to pay their bills, there’s a good chance that your customers actually see it as just another ID/Passwords challenge.  In the aforementioned survey, almost 40% of respondents said they would rather clean the toilet and try to resolve world peace than create and remember another unique IDs/Passwords combo that meets the ever-expanding security requirements in the online world.

That’s an amusing statistic, and if the customer really requires the service being offered online (maybe online banking, or they’ve seen a must-have handbag bargain on EBay), they’ll probably forego domestic chores and follow through to create/manage another password. But when you’re trying to change your customer’s behavior – switching from paper based bills/statements to electronic versions, the choice in their head is between doing nothing and keep getting paper (which does the job), or to voluntarily do something that’s less appealing than cleaning the toilet!

That goes a long way to explain the poor adoption of portal eBilling solutions around the globe, and is backed up by numerous other reports and surveys. For example, Infotrends’ Future of EBPP in North America Report in 2010 found that 61% of respondents cited remembering multiple IDs/Passwords as the reason for not going paperless.

The security Catch 22 situation

Unfortunately, modern password guidelines have created a Catch 22 situation when it comes to online security. The more organizations ask us all to create secure, long passwords with upper and lower case characters, numbers and punctuation marks, but excluding names and words; the more we all need to write these down and/or re-use the passwords on multiple sites. This inherently makes them less secure. Another recent article by ARS Technica highlights and discusses these issues. And unfortunately, password management solutions only partially solve the problem.

However, at Striata, we have a very strict Security Policy that prevents staff members from making use of these to access any of our servers.

Good news – there’s a way to maintain security AND keep it convenient

Can we, as billers, provide the convenience required for the customer, while still maintaining the level of security commensurate with the information risks contained within our documents?

A move from a centralized portal to individually encrypted PDF documents delivered to customers via email dramatically reduces the risks, as access to one document is all that could ever be gained (after days of brute-force attack) should the email somehow fall into the wrong hands. Hence a simple shared secret – this could possibly be a combination of a few characters of the customer’s name plus their date of birth. This is a great solution and it could possibly provide enough security, without the customer having to remember or write down a new password, which is very convenient and a better customer experience.

One more digital service delivered; one less stamp used; one less bit of forest cut down; no new password created. Everyone’s happy! Want to know more? I’m happy to stop cleaning my loo, so get in touch!