Friday, March 04, 2005
more tales of "blame the user"
It's no fun trying to get something to work, only to get the cold shoulder from some "helpdesk" type who views you as an security risk.
A colleague today tried to get some credit card details online. She had to go to a bank branch to present her credentials. Fair enough, except after she had done that, and was told to contact the customer service phone number once more, she was told by the call center that the branch should have provided another authentication key prior to calling customer service. Not very joined up.
Today I tried to access a computer account I should get as part of enrolling at Victoria University for an industrial design course. The account procedure should be simple enough, but for some reason it didn't work in my case. I emailed support about the problem, and instead of an acknowledgement something was amiss, I get a response saying they won't look into the matter until I supply various "security details," none of which are needed to set up an account in the first place.
Yes, identity theft is a problem (I was a victim several years ago.) But often "security" is a catch-all excuse for inventing new requirements for users, to make it unattractive for them to bother the support staffs. It is no secret that organizations desperately want to reduce support staff costs. What better way than to make it seem like it's all for the benefit of security?
A colleague today tried to get some credit card details online. She had to go to a bank branch to present her credentials. Fair enough, except after she had done that, and was told to contact the customer service phone number once more, she was told by the call center that the branch should have provided another authentication key prior to calling customer service. Not very joined up.
Today I tried to access a computer account I should get as part of enrolling at Victoria University for an industrial design course. The account procedure should be simple enough, but for some reason it didn't work in my case. I emailed support about the problem, and instead of an acknowledgement something was amiss, I get a response saying they won't look into the matter until I supply various "security details," none of which are needed to set up an account in the first place.
Yes, identity theft is a problem (I was a victim several years ago.) But often "security" is a catch-all excuse for inventing new requirements for users, to make it unattractive for them to bother the support staffs. It is no secret that organizations desperately want to reduce support staff costs. What better way than to make it seem like it's all for the benefit of security?
Link to this article. posted by Michael Andrews @ 7:39 PM 
