Nathan (gemsling) wrote,

My feedback to Westpac

The sign-in page for Westpac Online Banking has red message saying "Security Update: [today's date]". Here's the unsolicited feedback I sent to them:

Internet users typically become blind to ads ("banner blindness"). The villagers stopped believing the boy who cried "wolf!". How long till people stop using the "Security Update" link on the Westpac Online Sign-In page?

The warning lies: it ALWAYS displays today's date, implying that a NEW security risk has been identified TODAY. But that's not the case. I follow the link and get an update from another date. Then I think "that was a waste", and I learn to ignore the message. Even the gullible people whom your security warnings need to reach are going to stop falling for this little trick after a while.

It might seem like good CYA security: if someone falls for a hoax, you can say "we warned you - every day in fact!", but wouldn't it be better to highlight each new security threat or hoax as it comes along? You want people to think "oh, there's a new warning - what's it about?" instead of "been there, clicked that". Another way to highlight warnings is to display a little snippet of it on the sign-in page, with a "Read More" link. That would both convey information, and be visually different from one warning to the next, reducing the chance that it will blend into the background.

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 1 comment