Lots of companies make the mistake of believing that just creating an online version of your services is enough to minimize costs, increase ROI and expand your market share.  What they forget is that bad implemented solutions (or weakly integrated channels) can hurt the customer experience more than the lack of service in the first place.

Today I experienced an attempt from American Taxi (americantaxi.com) to offer an online service with a process so loosely thought out that is leading to the “Perfect Storm” of bad customer experiences.

Being a satisfied American Taxi customer for the past 4 years, I did what I always do when in need to schedule a Taxi to the airport:  I call the number I have stored in my Cell Phone contact list and provide my on-file information to the attendant.  This time a new offering deviated me from my usual process right on the first step…

Here’s a description of what happened:

• I call the number and get a very long automated message announcing the availability of their new online service and  enticing me to use the site instead of the phone to order a taxi.

Hmmm…  Interesting… I didn’t know they had a way to do that online.  It may be useful to have it all set up so I can use it later if needed…  Let’s test it!

• I immediately hang up the phone without hearing any other options and type “www.americantaxi.com” on my browser.

Not very pretty.  Looks kind of amateurish, but the options are clear, no doubt what I need to do… Let’s move on!

• I click on “Order a Taxi” and then “Sign Up“
• I enter my phone number and click “Continue”
• The system shows me my Last name and address and 2 buttons: “This is me” or “This is NOT me“

Not bad…  Very easy and simple to use… The displayed information is a bit weird, part of the address (City, State and Zip Code) is truncated showing only the first letter and my last name is slightly misspelled…  Well,  despite small errors, this is clearly all my information so no big deal, I can always fix the information after I  register…

• I click the “This is me” button
• The systems returns a message “User Already Exists” accompanied by “If you forgot your password, please click here“

OK.  So it’s saying that I already have an online account (despite the fact that I never created one) with no help or hint on how that could have happened.  My only option from this screen is a link to retrieve my password, so let’s try it! (Who knows, maybe they created the account automatically and this is the only way to reset the password for first time users… hmmm…)

• I try the “forgot your password” link
• It leads me to a page asking me for my email

hmmm… How can they have my email if I never registered before.  Well, maybe I provided it over the phone at some point although I can’t remember anything like that.  Well, It won’t hurt to try and now I invested way too much time on this to give up…

At this point it is pretty clear to me that the process is flawed and that they’d probably migrated their call-center database to the internet without considering how the lack of user information in one system would affect the customer experience flow online.  Or, even worse, they created the new feature online and integrated their systems without mapping how their customers would navigate from one channel to the other and how they would interact with the new service for the first time, thus not planning accordingly for it.

Even though I know what is going to happen from this point on, I am now curious to see how far the problem goes, so I shut off my technical side, put my “User Tester” hat and go ahead as a regular internet user would.  I try all my emails and keep getting the same expected answer:  “the email provided could not be found”

OK… Nothing else I can do here.  Better get some help”

• I grab my cell phone and redial American Taxi’s number.
• The automated system AGAIN recommends me to use the website (I’M TRYING!!!!) and instruct me to press 1 to never hear that message again.  I press “1″ immediately and the system forwards me to a live person.
• It takes me a while to explain what’s happenning and even more to understand what the Call-Center rep is saying to me.  He  seems to have no idea the website exists or how to help me.  He gives me the company’s main number (the one I had just called) and asks me to call and press the option to talk to a representative (which is what I had done).

Ok.  They probably outsourced their call center operations to India, since the guy on the other side of the line has an accent so heavy I can hardly understand, but that is not an excuse for not knowing about the service that their own system was trying to sell me…
Disclaimer: I am Brazilian and also have a thick accent that a lot of people have trouble understanding, but then again, I’m not working on a call-center trying to explain to users how to register on my website.

• I decide to test my luck and call again, hoping to get some other person that can help me.
• The automated system YET AGAIN recommends me to use the website and instruct me to press 1 to never hear that message again…  I press 1 AGAIN and once more the system forwards me to a Call-Center representative
• I explain my situation to this new guy (apparently in India again, with a slightly heavier accent than the first one), and he tells me that I am having this problem because I already have an online account that was probably automatically generated at some point by their system, but without any real information besides my last name, phone number and address (which is exactly the information I provide every time I schedule a taxi pick-up).
• I ask if it’s possible to delete this account to create a new one or to provide me with the system generated login and password so I can go online and fix the information myself.
• He says he cannot help me since I am calling from my cell (which is not on file) and asks me to hang up and call again from my HOME phone number (the number on file).

I’m getting tired and very stressed with all these steps…  I can understand the need for security that forces me to call from a number the system can recognize and allow them to accurately identify me before providing access information to the site, but I don’t think any other customer would have tried that hard!!  I’m very persistent…

• I hang up,  grab my home phone and call the number again.
• SURPRISE, SURPRISE! The automated system once more recommends me to use the website and instruct me to press 1 to never hear that message again…  Once more I press 1 and this time, instead of forwarding to a live person, it goes through a never ending stream of options.  I press 7 for help.
• Another guy in India answers with heavy accent (I swear this was the worst one of all) and asks me something I really couldn’t understand.
• After repeating myself a few times (and asking the guy to repeat himself a few more) I was able to explain the situation.
• The guy first recommended me to do what I had already done (try to sign up), then to use the “Forgot your password” (which I couldn’t) and finally asked me to just login because I already had an online account (that’s what I’ve been trying to explain all along!!!).
• After a few more communication misunderstandings, He finally told me that my both my login and password were in fact my phone number

Wait… What???? All this security procedures and hoops they made me jump when their system generated login and password are the dumbest and most unsafe credentials EVER??? I don’t know what to think anymore…

Any perception I had from their 4 years of good service is being quickly erased and it’s all downhill from here.

I take a deep breath and continue…

• I ask him to wait on the line until I try it.
• I try.  It didn’t work…
• The system returns “Invalid Username or Password“
• I tell the guy what happened and ask him if I should maybe add dashes or dots to the number for it to work.
• He says: “hmmm…  Just a moment please…” and HANGS UP!
• My phone goes mute for a second and then I hear the automated system telling me “You’ve. Been. Disconnected…  Goodbye.“

Ok.. Now I really give up!

No need to say that, for all purposes, I am an unsatisfied customer who is never going to use their service again and has vouched to tell everyone how much their service sucks… (even though my problem wasn’t with their core service but with an extra feature I never thought to use until then)

The real issue here is:  By advertising a new (simpler) way to do something at the exact moment I intended to do it, they created both the need and the expectation of the service in the customer’s mind.  From that point on, my experience is defined by their PROMISE of an improved experience and not by any past good experience.

Past good experiences will fill up users’ reservoir of goodwill and allow you to make a few mistakes without jeopardizing the whole experience, but no amount of goodwill lasts forever and badly planned experiences can start a chain of events that will burn your users’ goodwill as fast as a Hummer burns gas.

If you don’t have the budget to correctly plan and implement the user experience, you are better off not offering any new online feature at all.  And if your competitors are starting to do it and you are afraid of being left behind, then MAKE THE BUDGET.   Either they will be successful and increase their market share (at the cost of yours) or they will fail to provide a good experience after creating a new demand and expectation in their customers’ minds.  Either way the bar will be raised…

…Does anyone know a good taxi company to recommend me?

Security has always been placed in the opposite side of usability.  By default, when you think about adding security measures to a website, you are talking about creating extra processes or at least adding an extra layer or complexity to existing process, so invariably the site usability suffers.  Several promising researches were conducted in the past few years using graphical passwords, nonverbal memory systems and biometrics, but nothing seemed quite ready for immediate, cost-effective or practical use.

Well, ready or not it seems we are about to witness those solutions coming to market very soon.  Vidoop, a technology innovation company, is rattling the security cage by promising to definitely merge security and usability with their new product, soon to be launched on a Fortune 500 bank website not yet disclosed.  If they deliver what they are promising (and demonstrating on a 12 minutes video presentation), it will surely be a big step on the right direction.

Of course, after seeing the video and testing the Demo, I realize that the solution is not perfect (how could it be?).  Although they’ve probably addressed 9 out of 10 of the common usability problems and close to all - if not all - security known issues, from a customer experience perspective there are still 3 main unaddressed concerns.

Accessibility - I can’t say for sure, but I saw no practical option for users with disabilities (impaired vision).  A work around can be devised, but not without impact to the usability and somehow disregarding the use of images, thus throwing away the main advantages of the solution.

Cross-Channel Consistency – The solution works perfectly for the web channel and could be easily adapted for ATMs and Face-to-Face Interactions, but is moot over the phone.  That means one needs to have different passwords for those channels, so the phone will still be the weakest link of the security chain.  Given the old maxim that a system is only as safe as its weakest link, Vidoop may guarantee a better easier web security process, but not a safer process overall (not to mention the fact that one still have to memorize two sets of passwords for the same bank). 

Password Portability – Graphical passwords are way easier to memorize, even with long gaps between uses, but it is still something one have to commit to memory. If each website adopts a different password process (graphical or not), at some point the users won’t be able to remember all sets of passwords for individual sites and will start writing them down, thus eliminating the point of having a safer/easier to remember password (they are already working with OpenID, which might just be the solution for that).  Anyway, for this to work as projected,  Vidoop’s solution (or OpenID) must become a standard rather quickly, but I don’t think they mind that part.  :)

All in all, it is a great step in the right direction and opens a lot of new possibilities. If Vidoop keeps working on those points and acts quickly on their users’ feedback, they should be able to rapidly change the bank industry scenario.

In my opinion, a little bit of change is always a good thing. 

Several shocking security breaches, compromising the personal data of millions of customers, have been reported lately.
Below are just a few of the most flagrant cases:

- Chase trashes 2.6M customer files
- Second Lifers’ ‘first life’ hacked
- Wells Fargo leaks personal data
- AT&T deceptive on data theft

What amazes me about these breaches is not only the scope and impact of the leaks, but the way in which they occurred. Most of them have been caused by an improper use of data by employees (like the now infamous case of the US Department of Veteran Affairs). Others were caused by losing control of how personal data was handled by companies’ partners or vendors. Chase’s customer data was mistakenly thought to be trash and thrown out. Quite a treasure trove for identity thieves.

Although most corporate reactions to leaks have improved by becoming more forthcoming and transparent, the breaches are still a huge blow to costumers’ trust. How can anyone believe a website’s Privacy Policy or the company’s Safety Statement when such egregious security gaps abound.

Transparency is good, critical even, but is not enough. Sooner or later, companies will have to start taking security lapses seriously. And it better be sooner, because as the saying goes: “The road to hell is paved with good intentions.”