It works! Another title bait. Perhaps it should have been written as “Oslo’s Flytoget: a good UX/Security balance?”. Anyways, since you are here, I hope you enjoy the read.
Besides visiting many places, meeting interesting people and experiencing different cultures, working as a consultant provides you the possibility to face unique human–computer interaction experiences.
I actually started my career as a web designer and since then, I’ve been into this UX thing, so it’s great to spot different User Experience (UX) implementations.
San Francisco’s BART
BART stands for Bay Area Rapid Transit and is probably the most used public transport between SFO and the city center. If you ever been there, you will probably recall its ticket machines from the images below.
Look at how many buttons, slots and signs! That’s scary. My first time there I felt stupid trying to get it working. After a few attempts I decided to step away and check someone doing it correctly (or becoming embarrassed as well).
But rather than describing how
it sucks it’s a struggle to buy a ticket for BART, which seems to be well known, I will simply compare it to another experience I’ve had in another country with similar goal: airport ↔ city ride.
In case you don’t know BART or haven’t checked the videos, please take a moment to imagine how to operate this thing from the pictures below. And have in mind we are into IT/Computers, let alone elderly and other humans not so tech savvy.
At this point, we should agree the city of Golden Gate bridge – where a lot of startups and great minds are constantly coming up with cool ideas – deserves a better interface for its rail/subway system.
How does Oslo’s Flytoget work?
Basically, you swipe and go.
Well, all you need to do is swipe your credit card at one of the “ticket machines” and enter the train. That’s it. Done. End. No plastic/paper ticket, no ticket gate/ratchet/turnstile.
Apart from the fact BART is located in a country where a lot of people do use cars rather than public transportation (sources: Vehicles per Capita and Public Transportation usage), and that it is not an Express service like Flytoget, I am simply comparing interfaces for a train ticket system.
Here are the pictures from the simplest ticket interface I have ever seen:
An additional step is needed after swiping the card, in case you are departing from the airport. There’s a touch screen (image below) where you tap the icon corresponding to your final destination. Since the ticket price is fixed, I guess that’s for Analytics reasons.
There’s also an app for mobile phones, no swiping card needed, but I’ve never tried though (perhaps less CC data exposure here?). That’s not an exceptional UX example, but better than most systems being used out there.
Everything comes with a price: Security x UX
How are they handling or storing my credit card data? What about a receipt? How can I expense the cost of the travel journey if my company does not consider credit card reports? Here Security/Privacy might become an issue.
A receipt is available at Flytoget’s website within 24hs after the journey. First, you create an account and then you link your CC number to your profile (!).
Now, needless to say they must be storing some credit card data, likely including parts of the CC number. If you know how it works, please leave a comment below.
It’s easy to suggest we need a balance between UX and Security when there are actually so many variables involved. But IMO, we need to think about the business success first, which is directly tied to UX (way beyond Security?).
If following the rules (laws, regulations, etc) does allow such an option (Swipe and Go), it should be considered. Also, users should know their CC might be exposed since the time it’s shipped, as they should know about refund policy in case of CC theft or fraud.
From the user’s perspective, depriving yourself of those solutions sometimes make little sense. That becomes even more interesting from the UX designer’s perspective, considering most users will not even bother evaluating those risks.
Should we provide an unique user experience (UX) at the price of an increased risk? Or should we provide better Security at the price of an average UX? That’s just one of the dilemmas UX/Infosec professionals face.
UX pros should consider Security as part of their design as we, Sec pros, should consider UX when planning our strategies and actions.