Sunday, September 12, 2010

So much work for so little information

Every time someone purchases our Document Explorer – ProLaw Edition we get an email from our e-commerce site asking us to confirm the purchase. It is a simple “yes or no” question, but here are all the steps someone needs to take to get it answered properly:
  • First of all, we visually check the email to make sure the order is not a fake. We get many fake emails and failing to identify even a single one could mean the bad guys get access to our e-commerce account. Not good, so this step is crucial.
  • Once we are sure the email is not a fake, we click on the link provided. That takes us to our e-commerce website login page.
  • Now we look up our password and type it in. As easy at this sounds, for security reasons we try to use very strong passwords full of numbers, letters, and other characters. So typing them is not that easy.
  • Our password takes us to our e-commerce main page, where we now have to locate the appropriate order. Sometimes it is listed right there, sometimes we have to perform a search.
  • Ultimately, we get to the order details page, which contains 2 big buttons: “Confirm” and “Cancel”. We are finally in a position to answer the original question. 
But none of these steps are essential when all I want is to provide a simple answer to a simple question. All these additional steps are just unnecessary fluff.

For all the benefits that hosted SaaS websites bring to us, interacting with many of them can be time consuming and –perhaps- even dangerous. Why do we have to keep repeating all these steps just to answer a simple yes/no question? Why do these applications keep using email and thus putting at risk our company's financial or confidential data?

If that was not enough, consider that by their very own nature these SaaS websites tend to change their looks, their menus, their navigation, the look and content of their emails, etc. on a regular basis. This means we have to spend even more time and effort to keep up with them and avoid succesful phishing attacks.

At Bellefield we keep imagining ways in which these micro-exchanges of information (a micro-transaction, if you will) can be made safe, quick, painless, and above all not fluffy.

No comments:

Post a Comment