Log in

No account? Create an account
Previous Entry Share Next Entry
My feedback to Westpac
The sign-in page for Westpac Online Banking has red message saying "Security Update: [today's date]". Here's the unsolicited feedback I sent to them:

Internet users typically become blind to ads ("banner blindness"). The villagers stopped believing the boy who cried "wolf!". How long till people stop using the "Security Update" link on the Westpac Online Sign-In page?

The warning lies: it ALWAYS displays today's date, implying that a NEW security risk has been identified TODAY. But that's not the case. I follow the link and get an update from another date. Then I think "that was a waste", and I learn to ignore the message. Even the gullible people whom your security warnings need to reach are going to stop falling for this little trick after a while.

It might seem like good CYA security: if someone falls for a hoax, you can say "we warned you - every day in fact!", but wouldn't it be better to highlight each new security threat or hoax as it comes along? You want people to think "oh, there's a new warning - what's it about?" instead of "been there, clicked that". Another way to highlight warnings is to display a little snippet of it on the sign-in page, with a "Read More" link. That would both convey information, and be visually different from one warning to the next, reducing the chance that it will blend into the background.

  • 1
I'm not sure if this has anything to do with my feedback, but the sign-in page does not have the Security Update message on it right now:

  • 1