The registration process was going smoothly. I just had to enter a password and I would be able to download my last superannuation statement. I entered the same combination of letters and numbers that I always use for my passwords and hit ‘Submit’. Suddenly, red text flashed up and informed me this password was invalid as I needed to include a symbol. Was I meant to be psychic? With a twinge of annoyance, I added a symbol and again clicked ‘Submit’. No luck. This time it told me I had to include two symbols. With gritted teeth, I persevered. After three more attempts, I ended up with a password that vaguely resembled “saRA80#!”.

Although I had no hope of remembering this password, I didn’t bother writing it down because I had already decided out of sheer annoyance to never to use this online process again. Why was my generic password sufficient for online banking but not for this relatively risk-free task? And come to think of it, why should they get to dictate how strong my password should be? As a customer, this should be my prerogative!

Requiring complex password policies not only frustrates customers; it results in higher costs for organisations. Customers will generally either stop using the online process and revert back to more costly customer service processes (increasing call centre demand with their multitude of forgotten password requests) or  write the password down, thereby defeating the purpose of this security measure altogether.

When security policies have such a negative impact on usability, it’s time to rethink priorities. What’s more important to your customers: an impenetrable password or easy access? Incorporate this into your research to find out, or let the user decide for themselves.

The process was slower than I had expected it to be, but the real crunch came at the point of making a payment; my credit card signature needed to be assessed by the self-serve assistant.  It was apparent after a moment or two of scratching my head and looking about like a idiot, that it was I (rather than the system) that was required to notify an assistant that they were required to complete this transaction.  As the assistant was busy attending other customers I had to wait, for what seemed a long time, for my turn.  This seemed completely counter-productive.

I have used my credit card in a number of other comparative self-serve systems recently including car park and public transport ticketing machines.  In these instances signature validation was not required.  Of course, Woollies level of security with signature assessment is a notch above these systems, however, this experience for a first time user will undoubtably put many off from self-serving again.

When you consider how vital credit cards are for self-serve transitional purchasing, surely some revision is required to aid consumer adoption of the service?  I would encourage Woollies to consider one of the following: