Monday, July 17, 2017

Too Much Security at USAA

Click to enlarge the USAA mobile app security steps.
Typically, security is a tradeoff with convenience. But, it doesn't have to be. However, it's far too easy for lazy companies to fall back on poor user experience by citing security or some other limitation while pointing fingers. One thing I love about companies like Apple is that they're fantastic at handholding a customer through a support issue, even if it's beyond their area of responsibility.

I've been a USAA member for 25 years. USAA began in the early 1920s as the United States Automobile Association offering insurance to military officers. About 20 years ago, the company expanded their services to enlisted service members and also offers insurance to other federal special agents. In 2009, USAA was one of the first companies to allow consumers to deposit checks by taking a photo of a check via a mobile app. One of the problems I've encountered with their mobile app is authentication.

The USAA mobile app utilizes a Quick Logon and Touch ID as a means of authentication. Instead of entering my password, the app can scan my fingerprint much like my Schwab mobile app. But, unlike my Schwab mobile app, it seems that when my USAA app is updated, I must re-enter my username, password, PIN, and then answer a security question. After that's completed, I have to re-enable Touch ID.

Here are the steps to enable these features...

Quick Logon
1. Enter Logon and password.
2. Enter ATM PIN.
3. Answer security question.

Hurray, I'm logged in and I can deposit a check, view my balance, download insurance documents, etc. Next step is to re-enable Touch ID.

Touch ID
4. Tap your profile image to get to your profile.
5. Tap Settings and Profile.
6. Enter your mobile phone number to receive a temporary passcode via SMS text message.
7. Enter the temporary passcode.
8. Activate Touch ID by tapping the Activate button.
9. Check the box to confirm finger print consent.
10. Tap View Document (PDF) to read the USAA Fingerprint Consent form.
11. Click the final button to activate Touch ID.

Hurray, the "You've successfully enrolled in Touch ID" message confirms that you can logon using your fingerprint until the app is updated. Yes, that is a huge pain to do every couple months, or so.

But wait, there's more. I contacted USAA via Twitter about this issue. As you can see from their reply, they said, "Yes and thanks for the update. Please reach out to tech support at: 877-632-3002 They are able to troubleshoot and provide help."

Calling USAA Tech Support

I called USAA tech support. "We’re currently experiencing a high number of calls. You may have to wait longer than normal," was the recorded message that I heard. Whenever I hear that plain vanilla (sometimes default) message I know that less-than-stellar customer service awaits me. A few minutes later a CSR picked up and I explained the issue. She told me that she'd have to escalate the issue to their web support team. After a couple more minutes of "We’re currently experiencing a high number of calls. You may have to wait longer than normal," another CSR picked up. I told her that I was transferred to her and asked her if she had been briefed on my issue. Unlike Schwab customer service which does a warm handoff, she had not been briefed; so I quickly explained the issue. She told me that I should delete the app and reinstall it. She added, since I was on an iPhone, that I'd have to uninstall the app from iCloud, too. Uninstall the app from iCloud? Now this was something I never heard of, before.

"How do I uninstall the app from iCloud?" I asked.

"Unfortunately, we're not trained in how to uninstall an app from iCloud," she responded.

I suddenly felt like I was talking to Microsoft tech support hearing the typical uninstall and reinstall instructions and "Oh, that's not my problem" deflection.

So, I asked if I did that, then would I still need to reauthenticate Quick Logon and authorize Touch ID. She said, once I uninstalled the app, deleted it from iCloud, and reinstalled the app, that I'd need to re-setup my Quick Logon and biometrics (Touch ID). So, my unasked question, to myself, was, "What problem did we just solve by deleting the app from my iPhone, iCloud (I still don't know what that meant), and reinstalling it?" But I realized, at this point, that asking would be fruitless since USAA CSR training is not up to par, much like their mobile app UX.

Is this blog post complaining, on my part? Yes, it sure is. But I'm hoping that it's coming across as constructively suggesting what USAA can do to improve their customer service for their military members and veterans. With a little luck their UX will be similar to Schwab.

No comments: