A few months ago, our client had a ‘Compliance’ team visit. It was a nightmare. Worse than the general guff Marketing / Sales Departments come up with… or those nasty little changes that are all designed to improve the user experience (you know the ones; where you have to turn some design or code on its head, just because the users are apparently totally unable to understand ‘X’ or ‘Y’*). Anyway, I’m not exactly sure what we were meant to be complying to, but some of the changes were so arbitrary that we could not think of a single justification for them.
Case-in-point. We had to change our screen where customers sign their agreement. Some of the changes I suspect were for the better. But the one we could never get our head around was the addition of a field for the customer to enter their mother’s maiden name. This was, apparently, going to be a security feature.
Just in case anyone is reading this from outside the Western culture, a ‘Maiden Name‘ is most usually a woman’s family name before / if she got married, and thus it really can’t change**. Another, more explicit term is to use the phrase ‘born name’; that is to say, the name that she had when she was born.
Now the first bit of suck about this change was that there was no way we could verify it on first input. So… first time round, people were prevented from entering nothing, but we could only do extremely basic tests to check that something had been entered (no digits, or whatever). If the customer entered ‘testingonetwothree’ we probably would have accepted it.
Of course, the next time round, we were told we should naturally cross-compare their input on this field to what they had input before. Now it seems our client is receiving numerous calls from customers who are unable to sign an agreement, as they don’t remember what they entered last time. Because of course, they didn’t trust us to enter their actual mother’s maiden name! So they tried something else, forgot all about it, and bugger me then they realised that they’d need to remember it – all too late, of course.
I’d speculate that some customers are choosing not to enter their mum’s name because it is their own surname and thus might seem obvious. Some might not enter it because they know other people know it. Some people may not understand why you need it, so choose to enter a ‘password’ instead (I know one of my friends has done this in the past). And some may literally be trying to defraud you, so they won’t want to put real information in either. And finally, perhaps this ‘Maiden Name’ concept does not exist across the globe, and in our multi-ethnic country, maybe not everyone even understands what a maiden name is?
So, considering that we could not check the input on the first time, it was deeply flawed to implement it in that way in the first place. Instead, I feel we would have been better off to implement a ‘secret question’. Give the user a choice of questions, let them pick one, and enter an answer, and then you can use that later on to verify something personal about them. Now that, of course, would be equally unverifiable at first, but would be substantially more direct in terms of security and personal identification later on.
Anyway. A couple of days into the new feature being live, and just out of interest, I thought I’d check if this facility had been used at all. I hasten to add, it was not a change I made… but like they say; if one of us loses, we all lose.
So, wait for it, the most common name change is…
Person's Mother's Name is changed from to
Now that is something we can’t blame the client for… and another little piece of me dies inside.
* Of course, I really do believe in making a usable system. Making a foolproof system. And yes, doing stuff in code to prevent people making mistakes and making life easier for them. But sometimes these changes come when you’re in the wrong mood!
** I guess potentially a woman could remain unmarried, have a child, bring that child up, then change her surname by deed-poll, and have a child willing to honour their mother’s wishes and change their preferred new surname. Possible, but a little unlikely.