This week I went to AgileLondon which was hosted at McKinsey. It was a really interesting MeetUp-style event with a format I’ve not seen before.
There were seven presentations and we all voted for two of them after a short elevator pitch from the presenters on why their presentation was worthy of being included. The other five were ‘eliminated’ and the audience provided a topic for those presenters to work on while the two were being presented.
Earlier today I gave a short presentation to the Digital Finance Masterclass in London. I only had ten minutes, followed by 8 sessions of pretty intense ‘Digital Surgeries’ – a great format, but quite tiring.
Before the event, I had been told that the Digital Surgeries were like speed dating – thankfully I got married before speed dating, because I can’t imagine going through that process in a relaxed, sociable setting.
With only ten minutes for the first presentation, to a varied audience across Financial Services, I focussed on the following topics, shown in the attached Slideshare presentation:
Every year I forecast a number of predictions in the Digital Media/ Internet world, and at the end of the year I score those predictions to see whether they came true or not. Here are links to 2010, 2011, 2012 and 2013 predictions.
For the coming year, here are my predictions:
TV will change. In the next couple of years, television is going to change significantly in both content and technology terms. In the latter front, I reckon we’ll see 3D disappear altogether (bye-bye 3D channels), Ultra HD become production ready, Xbox One will become the central home entertainment device, and with television sets growing every year, we’ll see more transparent TV technologies for when the box is switched off. In content terms, Sky have lost the TV rights to the Champions League from the 2015/6 season. This will mean the next round of Premiership rights bidding will be huge, because Sky can’t afford to lose the Premier League. Unless they start significantly boosting the awareness of another sport, similar to what they’ve done with darts and cycling. The bad news for consumers is that TV is going to become fragmented – think multiple subscriptions from different providers to see all the TV content that your family wants to watch. The next two years of TV will see massive change.
Investment post-recession. Remember Facebook buying Instagram for a billion dollars? Or Google buying Waze for almost a billion dollars? As the world (minus Spain and Greece) dusts itself down and emerges from the recession, we’ll see the spending spree continue. I’d expect to see TV broadcasters and newspapers lead in this area.
We’ll see the pace of consumerisation speed up. Large companies will produce their own app stores, many more companies will move to BYOD (Bring Your Own Device) and finally improve the usability of their in-house apps. Across businesses, staff will demand more touch screens to work with Windows 8[.1]. All of this will mean that the business (i.e. non-IT departments) will be buying what we have always called ‘the technology’. And this will be challenging for established IT departments.
Security is going to move to the top of the agenda, specifically with Trust and Identity. This will become the big item agendas for IT departments. Historically we’ve seen hacking groups held up as revolutionaries and small time geeks who are bored. This public and media perception will change as more people’s identities are cloned and security costs for hacking intrusions are passed on to end customers.
From Mobile to Wearable. IT and marketing departments have focused on mobile devices for the last couple of years. We’ll see the focus shift to wearable devices as Google Glass, Samsung watches and Apple somethings all become mainstream. SMAC (Social, Mobile, Analytics and Cloud) will be replaced by SWAC (Social, Wearable, Analytics and Cloud).
2014 will be the year of the wallet. Visa released V.me at the end of 2013. PayPal already provides a wallet, and we’ll also see banks and payment systems releasing them. The good news is that it’s going to be easier to pay by card online – you’ll only need a username and password rather than your credit card number. The bad news is that we could end up with a number of wallets and many passwords. It will become a race for the first wallet.
Speech recognition to become more mainstream. I use speech recognition for Google searches on my phone and laptop. It gets my search correct most of the time, and for the other occasions, Google usually second guesses what I was trying to search for and gives those results instead. With Google’s speech API, almost any app can use speech recognition, and the more it’s used, it will become better quality.
Integration between services. When I received Google Glass in December I was impressed that as soon as you log in with your Google account, it shares phone numbers held on my Android phone together with my Google+ profile and so on. I saw a demo of Sharepoint 2013 recently with excellent integration between Yammer, Sharepoint, Lync, Exchange and Outlook. To date, social integration has been about finding Facebook friends on a new service or asking them to build new farms and vegetables. We’ll start seeing more clever implementations between applications – why does both Strava and my health insurance app need to follow me around when they can share data?
Endava has been helping a UK IT industry association with some thought leadership pieces recently, and I’ve been permitted to share my contribution before the report is published.
We’ve contributed to two essays, and I’ll post a link on this site when they are released in early 2014 . This is the second part of two posts – you can read the first one on user experience for banking customers here.
Identity & Authentication – Time for a Financial Services digital services passport?
The answer here lies in three distinct areas:
The Authentication Conundrum
The Internet Identity Crisis
The Organisational, Political and Social Resistance to Single Sign On.
The Authentication Conundrum
Let’s take one of the biggest retail banks in the UK. To log into their online banking systems they have a variety of authentication methods:
Website which requires a physical security device to create a one-time numeric password
Website for their credit card product which requires the user to enter specific digits of their password
Telephone banking which requires a requires the user to enter specific digits of their telephone banking password
Mobile app which requires a 5 digit numeric password
ATM machines which require a 4 digit numeric password
Message board/ forum which requires a username (none of the other services require this) as well as a password with a minimum of 8 characters with a combination of numbers, symbols and mixed case letters.
These methods are not only inconsistent, they negatively impact the users’ experience of the online servicing channels.
Organisations need a unified authentication standard. I understand that an ATM requires a physical card, so it can have the easiest authentication of only 4 characters, but why does the message boards (which have no account access) need to be more complex than the mobile banking app?
The Internet Identity Crisis
In order to trust online retailers with our private details, we use SSL security certificates. Certificates are not just for encryption, they are a means of ensuring we are buying from a company who is who they say they are.
It’s now time for the other way round – for customers to prove who they are.
If a user books a room on Air B&B, they don’t want to stay at a mass murderer’s house, and the house owner doesn’t want a mass murderer staying with them either. Both need to have a level of trust on the network – usually achieved by previous transactions being validated.
I have an eBay account with 100% positive feedback amassed over a few years and over 500 ratings, both buying and selling. So when I join a site such as TripAdvisor, or Air B&B, that eBay ‘score’ should count for something. I’m the same person. And this is the Internet’s Identity Crisis.
The Internet needs a centralised Single Sign On system to link all accounts into a common identity. Facebook and Twitter both have their own systems in place (Facebook Connect and Sign in with Twitter), but the issue here is about Trust. I don’t trust those two organisations to log into my bank, tax or healthcare providers.
I do trust my bank though. And so do most people. Whilst the media attempts to discredit banks, there aren’t mass cash withdrawals from banks because the public fundamentally does trust them.
In my view, to solve the Internet Identity Crisis, banks should build a Single Sign On system which uses similar OAuth based technologies to the social networks which can be used by any third-party website. The system provides authentication to the website, but won’t allow any other details to be exposed unless the user explicitly permits.
Only then will the Internet Identity Crisis be solved.
The Organisational, Political and Social Resistance to Single Sign On.
Technically, Single Sign On has been solved by a number of organisations. This leaves three resistances to Single Sign On: Organisational, Political and Social.
Traditional organisations are built in silos. When one part of an organisation builds a system, it’s uncommon for that part to comply with existing authentication systems unless specifically mandated, which is also uncommon. This leads to the issues outlined in the retail banking example above, with six systems, each with different passwords and password complexity.
Political resistance is encountered where a specific authentication system isn’t adopted because of perceived risk or perceived non-standard technical constraints.
Social resistance are attention grabbing headlines such as the one shown above. These headlines undermine the credibility and security of large-scale websites and digital service providers, creating resistance to adopt new technologies. And this doesn’t help anyone.
I’ve been applying a bit of Search Engine Optimisation to this blog over the last couple of weeks (successfully I should add – visits are already up over 30%) and one of the most recommended techniques is to assign authorship to articles.
What this does, is tells Google that the web site owner has trusted this particular person to add an article to the site. You might think that for this blog, the site owner and author is the same – but Google doesn’t mind this because it just wants to know there’s a human at the end of the keyboard, not another spammy robot knocking out (or copying) content. It’s the age old sign of trust of putting someone’s name at the bottom of a document adds credibility.
The way Google trusts that the person is a real human is by linking the ‘byline’ to their Google+ account. This is clever for so many reasons:
Improves Google+’s own PageRank of more incoming links (theoretically, and probably practically within Google’s control but it is now proven through this method)
Gets more people using Google+ (all those authors, who don’t want readers to land on an empty Google+ profile page)
It has moved Google along the journey of becoming the user authentication on the Internet.
A friend of mine sells furniture online. It costs him a small fortune to deliver it to customers, and with the distance selling regulations, he often gets customers who tell him after a week of delivery that they don’t want the item any longer. He reckons he can tell who is ‘trying it on’ to check whether he’ll offer a refund without bothering to collect the item again. He estimates that these “customers” go from site to site trying to take liberties from companies.
Wouldn’t it be a better system all round if a user bought an item from a website, and that site could look in a central place for delivery and payment information, and whether this user was trustworthy or not, before dispatching the item.
Another player in the market who might try to create this central authentication system is Apple. Combining Apple ID with fingerprint recognition and perhaps phone based GPS information could be a secure system.
My concept of the Single Sign On solution is similar to Facebook Connect, but from a trusted, strong, long term brand. Facebook still needs to prove its credibility in the trust arena. I only use Facebook Connect for some personal sites where I want to reduce, or even avoid, the time it takes to register.
Would I use Facebook Connect for tax returns, or my road tax, or my company’s payroll system? Nope.
I do a fair amount of travel and seem to need my passport number (and sometimes other passport details) from time to time. I once scanned my passport and I keep it as a digital image on some secure digital storage where I know I can access it everywhere (interestingly the UK Government also recommends to “store it online using a secure data storage site“). The same goes for my National Insurance card, photos of my bikes’ frame numbers and stuff like that. When I speak to other people about this, they have similar solutions, and I know some people who keep these solely as photos on their phone. We all have different levels of security that we’re comfortable with, but I really wouldn’t advise the phone method.
Last week I heard about a new service from Barclays Bank called Cloud It. Cloud It enables, well actually it encourages, users to upload important documents. It then adds additional functionality such as alerts for expiring documents, or regular renewals (e.g. MOT certificates and insurance).
I have no proof whether Barclays Cloud It is any more or less secure than say, BT, Google, Microsoft or Dropbox, but the fact that a bank is storing your document ‘feels’ more secure.
The next step of Cloud It really should be Single Sign On. I would trust my bank to authenticate me into other services.
Trust a bank?
I spoke about this concept of a bank offering Single Sign On at a conference earlier this year. Over lunch afterwards I was asked whether people really trust banks after the recession, and the bad press that bankers often receive. One person on the table categorically stated that he wouldn’t trust his bank.
My answer to this is simple: people still keep their money, one of our most valuable day to day assets, in banks once they’ve been paid and they still go to banks to borrow money for their houses and cars. Conversely, if people didn’t trust banks, we’d be hearing a lot more about mass withdrawals after being paid. But people don’t withdraw their money based on lack of trust (except Cyprus), and this proves that people do trust them, and in the future we’ll be trusting them to log in to all sorts of systems across the Internet.
Last month it was the Google I/O conference, a gathering of developers from all around the World. One of the best articles that covered I/O was from the NY Times, in which the journalist discusses the same issue, from a bathroom perspective (literally).