It's not all sexy stuff
By Dave Birch posted Sep 28 2010 at 12:50 PM[Dave Birch] I'm giving a talk on identity services as a potential new business for mobile operators, and I'm trying to make the point that there are routine, everyday, prosaic applications for this kind of thing: it's not all about opening bank accounts and reporting deaths. Every single day I take part on transactions that are made complicated, expensive and unsatisfying because of the lack of an identity infrastructure. How many times in an average week do you press the "forgot your password" button? I do it all the time. Here's the standard pattern:
1. Get e-mail from British Gas asking for a meter reading (we still have dumb meters -- more on this in a future post).
2. Read meter.
3. Click on link in e-mail to submit reading.
4. It asks for e-mail address and password, so enter e-mail address and then click on "forgot your password".
5. It says I'm not registered, so then I have to go and register. I use the same password that I use for everything else.
6. But my password has to be between 8 and 16 characters (they take security seriously) so then I have to think of another one (which I am certain to forget again next time).
6. Then I can log in and give the reading.
7. But I get "We're sorry but access to your online account is temporarily unavailable. Please try again in a few minutes."
8. Next day get an e-mail from British Gas apologising for problems with online system. (This isn't really anything to do with identity, but it was nice of them, so I thought I'd report it.)
The process should have been:
1. Get e-mail to remind me to read meter (British Gas must have my e-mail on file somewhere to do this).
2. Read meter.
3. Clink on link in e-mail to submit reading.
4. Since the system knows the e-mail address it can prefill this and then ask for my login code from my Barclays dongle (or mobile phone, or whatever).
Bingo. Secure log in, with no effort, since my card and dongle are next to the computer.
Incidentally, and apropos of nothing, I was curious why the system was a bit crap, so I googled British Gas CRM to see if other customers were complaining, and I found this:
A good CRM system can provide automated, reliable and accurate billing and cope with high levels of customer switching and multiple service offerings. This is what British Gas set out to do with Project Jupiter in 2001, when it commissioned Accenture to install a new £317 million SAP billing system. Unfortunately, the well-documented problems with Jupiter resulted in a spike in customer complaints, loss of market share and a £182 million legal battle between British Gas and Accenture that looks set to rumble on for several years.
[From British Gas sorts out billing issues and prepares for smart metering - Interviews - Features : Utility Week]
Anyway, back to the topic. We must, as a matter of urgency, start moving to an identity and authentication infrastructure that puts a stop to this time- and money-wasting replication at every service provider.