Nightmares of Paying Bills Online Caused by Silly Security Systems
Some security measures are just plain silly.
 
Please don’t get me wrong – I am as concerned about security as the next chap. I support, very strongly, all procedures taken to keep me, my dear ones, my surroundings and my money safe from the grasp of any genuine miscreant.
 
Like any other law-abiding fellow, I subject myself to all the weary security procedures that all of us have to endure in our daily lives, such as:
 
- Checking shoes at the airport security counter. As far as I can remember, the only known case of a bomb in a shoe occurred some 20 years ago. Technology has moved on since then, but the procedure is here to stay.
 
- The metal detector at the entrance to a mall. If anyone plans to bring a high-power machine gun to a shopping mall to kill people at random, will he wait for a weary security guard to wave a device around him?
 
When it comes to money, everyone is paranoid about security.  
 
Most of us have seen the TV series Jamtara in which felons with falsetto voices persuade innocent (and wealthy) people to disclose OTPs and thereby clean out their bank accounts.
 
Yes, I can understand that precautions are necessary when there is a possibility of crooks getting hold of your money.
 
But why the paranoia when there is no real risk involved?
 
Take the case of payment of electricity bills.
 
Do you think anyone, even the wiliest Jamtara crook, would go into the electric company’s website and pretend to be you?  After all, what can one do at such a website except pay money into one’s own account? 
 
If someone is foolish enough to pay my electricity bills... well, I would say to this person “Thank you very much, my friend, and please don’t forget to tell your fellow crooks to have a go as well!”
 
But no… The venerable Calcutta (not Kolkata yet, one of the old die-hards) Electric Supply Company, popularly known as CESC, seems to be very worried that some crook will pose to be me and put money into my account.
 
Hence, CESC’s website is full of security precautions.
 
Every month, I get an email enclosing my monthly bill. The email states the amount payable, and also has a link saying 'Pay Bill'.
 
Very helpful – so far.
 
I click on 'Pay Bill', and I get no less than 13 options, including 'burnt meter' and 'solar grid connectivity'.
 
Hello, I just want to pay my bill. If my meter had been burnt, I wouldn’t have waited for my bill to arrive before informing you, would I?
 
All right, all right, I decide to play along and click on 'monthly bill'.
 
Now comes the first booby trap.
 
I need to key in my 11-digit customer ID.  Not the consumer number, mind you, which is also 11 digits and starts with the same two digits as the consumer number.
 
If I key in my consumer number, the website says—gotcha!
 
I cannot but wonder why the smart geeks at CESC can’t figure out who I am by checking my laptop’s IP address, given that I pay my bill, every month, using the same laptop.
 
I cross this hurdle and face the next one—confirm that I am not a robot. 
 
In order to do this, I have to key in some letters and numbers. These are usually written in a somewhat confusing way, so that one can be fooled into keying in an upper case instead of a lower case, and thereby – gotcha, again!
 
More steps follow, such as confirming my personal details, and agreeing to all the 'terms and conditions'.
 
Hello, why should there be any 'T & C'? I am paying in money, am I not?  
 
The point is – there is absolutely no risk in this transaction, as far as CESC is concerned. It is receiving money, not paying out anything. If anyone is at risk, it is I, because I am trusting CESC to apply my money to my own account, and not credit it somewhere else. 
 
Moreover, I am paying by card, and thereby trusting CESC with all the vital card information, including the CVV.
 
Therefore, if there are any ‘terms and conditions’ they should contain provisions whereby CESC will pay me compensation if it erroneously applies my money to someone else’s account, or worse – do a “Jamtara” on my card using the information I have submitted.
 
But, no, that will never happen. 
 
CESC will always, but always, have a secure position, namely, it will be immune to any blame or consequence that may arise from the transaction going awry.
 
Let’s not forget that I am doing CESC a favour by paying the money through a website, because the company will be saving the costs of providing pay-in counters, employing cashiers, counting the money, carrying it to the bank, and all of that.
 
The bottom line is—when an organisation has zero risk in any type of financial transaction, it should not impose a whole bunch of processes, and many separate steps, which the customer has to undergo.
 
CESC, or any similar organisation, should be happy to accept money with the minimum of formality. Just a login with a username and password, followed by a payment mechanism, should suffice. Padding up the transaction with a whole lot of unnecessary steps just adds to the customer’s burden, without providing any additional value.
 
It is about time every organisation takes a critical look at its website and weeds out the unnecessary and pointless steps that have been laid down in the name of security.
 
If the website is meant to provide more convenience to the customer and, at the same time save the company money by automating many processes, why complicate the whole thing with silly security measures?
 
Do you agree?
 
Never mind. It doesn’t really matter whether you agree or disagree.
 
You have no real option, do you?  After all, electricity bills have to be paid.
 
Gotcha!!!!!
 
(Deserting engineering after a year in a factory, Amitabha Banerjee did an MBA in the US and returned to India. Choosing work-to-live over live-to-work, he joined banking and worked for various banks in India and the Middle East. Post-retirement, he returned to his hometown Kolkata and is now spending his golden years travelling the world, playing bridge, befriending Netflix & Prime Video and writing in his wife’s travel blog.)
Comments
pgodbole
3 months ago
CESC's web portal is evidently paranoid about 'security' but this procedure is not universal. In Mumbai, I pay electricity bills online with minimum fuss. Just login with password, my outstanding (and pass paid) bills are listed. I click on radio button against unpaid bill and click on 'Submit'. I am taken to payment gateway and make the payment.
ppindia18
3 months ago
IP address changes every couple of hours, same laptop can be used to pay bills of multiple users and is not a reliable way to check the user. Don't publish such bull shit articles. if you dont understand how online bill payment works then stand in line and pay bill at utility provider.
Array
Free Helpline
Legal Credit
Feedback