Skip Navigation Links
How to make it easier for the public to access websites for online transactions
17 May 2017 (99 views)

The public finds it difficult to access the websites of most government agencies and large organizations to make online transactions. Some of the common difficulties are:

a) Difficult to find the login page
b) Forgot their user ID or password, or not sure which ones to use
c) Difficult to go through the 2FA process, i.e. token or mobile phone not working or not available
d) Difficult to search for the right page for the online transaction

This link shows an example of a terrible experience that I had to go through with Central Depository of SGX. It is quite typical of the experience with many other organizations.

Here are my suggestions on how to improve the online experience for users.

a)  Differentiate between access to information and online transactions.
b) For access to information, give the option for the user to use or avoid the 2FA. Most websites around the world do not insist on 2FA, even for trading platforms.
c) The use of 2FA can be mandated only for online transactions.
d) For 2FA give the option to use the One Key token (from Assurity) or the OTP from the mobile phone. If a bank issue their own token, their customer should be given the choice to use the bank's token, One Key and SMS options.
e) Give the option for the customer to encrypt emails with a password or to leave it unencrypted. Do not specify the format of the password used for encryption. Allow the user to choose any password. 
f) If the website sends a regular reminder to change the password, they should provide the option for the existing password to be retained. 

We must recognize One Key from Assurity as the standard token to be used in Singapore.

Most of the current processes are mandated by a government agency, such as the Monetary Authority of Singapore. The regulator should be aware that the onerous steps that they have mandated are causing a lot of problems to ordinary users (who have to maintain dozens of passwords from different websites). The frequent changes of passwords and the inconsistent 2FA processes are making it very difficult for the public to make online transactions.

There is a risk of hackers gaining unauthorized to accounts. In most cases, the risk is immaterial. For example, I do not care if someone finds out my email address or mobile phone, or know that I have a balance in my bank account. In any case, hacking is a crime. If the hackers are caught, they will go to jail. This risk is similar to a burglary into a house where property is damaged or stolen. We should treat hacking as similar to burglary.

If the regulator adopts my "common sense" suggestions, they will improve the user experience significantly and make it possible for more people to use online transactions.





 


How to make it easier for the public to access websites for online transactions
[Back] [Print]


The public finds it difficult to access the websites of most government agencies and large organizations to make online transactions. Some of the common difficulties are:

a) Difficult to find the login page
b) Forgot their user ID or password, or not sure which ones to use
c) Difficult to go through the 2FA process, i.e. token or mobile phone not working or not available
d) Difficult to search for the right page for the online transaction

This link shows an example of a terrible experience that I had to go through with Central Depository of SGX. It is quite typical of the experience with many other organizations.

Here are my suggestions on how to improve the online experience for users.

a)  Differentiate between access to information and online transactions.
b) For access to information, give the option for the user to use or avoid the 2FA. Most websites around the world do not insist on 2FA, even for trading platforms.
c) The use of 2FA can be mandated only for online transactions.
d) For 2FA give the option to use the One Key token (from Assurity) or the OTP from the mobile phone. If a bank issue their own token, their customer should be given the choice to use the bank's token, One Key and SMS options.
e) Give the option for the customer to encrypt emails with a password or to leave it unencrypted. Do not specify the format of the password used for encryption. Allow the user to choose any password. 
f) If the website sends a regular reminder to change the password, they should provide the option for the existing password to be retained. 

We must recognize One Key from Assurity as the standard token to be used in Singapore.

Most of the current processes are mandated by a government agency, such as the Monetary Authority of Singapore. The regulator should be aware that the onerous steps that they have mandated are causing a lot of problems to ordinary users (who have to maintain dozens of passwords from different websites). The frequent changes of passwords and the inconsistent 2FA processes are making it very difficult for the public to make online transactions.

There is a risk of hackers gaining unauthorized to accounts. In most cases, the risk is immaterial. For example, I do not care if someone finds out my email address or mobile phone, or know that I have a balance in my bank account. In any case, hacking is a crime. If the hackers are caught, they will go to jail. This risk is similar to a burglary into a house where property is damaged or stolen. We should treat hacking as similar to burglary.

If the regulator adopts my "common sense" suggestions, they will improve the user experience significantly and make it possible for more people to use online transactions.