But then, something amazing happened. The owners sent me messages on Yelp, and they were entirely apologetic, ready to make things right – they won a repeat customer. They snatched victory from the jaws of defeat, and used social media to do it. Critically, they did not diminish the validity of the review, in fact they acknowledged the problem and shared the steps to improve it. This is in sharp contrast to a few stories I’ve heard of proprietors bashing a negative reviewer.

So here is the point, the Net isn’t going away, social media isn’t going away, and companies can either participate and win customers over, or chose to ignore it and lose customers due to lack of responsiveness and participation. I upped my review from 2 to 3 stars on Yelp purely for the effort to respond and personal attention that went in to the response (not a canned email). I am also now far more likely to come back, and soon, as the owners have demonstrated they care and are invested in their business, and by extension my experience there. In fact, I’ll make an effort (after my meal) to talk to the proprietor(s) if I can and thank them.

Another great example is Get Satisfaction – I hold no love for Comcast, but they are active on Get Satisfaction and Twitter to resolve customer problems. Companies large and small who embrace and leverage these tools will be much better off. You can bet Gen Y and younger will be expecting it rather than surprised and elated when they do.

“Times they are a-changin’” embrace it an grow, ignore it and wilt. I can say that I will be back to Sally’s in San Francisco sooner than later, will further update my Yelp review, and will certainly tell others the owners give a damn and recommend that others go there on that alone.

I’ve talked to too many people who have said that online banking has two factor authentication because you “have” the user name, and “know” the password. This is complete bunk. You “know” both of them, which leaves most online banking logins as single factor, multi-layer solutions. Compare to the ATM card and PIN – you “have” in physical possession the ATM card, and you “know” in your mind the PIN. This is two factors, and you can’t get cash without both. Of course there are white card/skimming schemes of encoding a fake card with legit info, but that doesn’t change the context of multi-factor authentication – there are still have and know components.

As the prevalence of mobile phones has grown over the last decade, it seems nearly everyone has one (or two!), and certainly, nearly everyone prone to using online banking has a mobile phone. So, why hasn’t using the mobile phone become a key part of financial institutions’ approach to implementing FFIEC guidelines on multi-factor authentication?

The most simple answer is that the average online banking transaction (balance inquiry) doesn’t require two factor authentication, and the hit to consumer convenience isn’t worth it. But I’m not satisfied – I’ve yet to see an online banking property that applies vastly different authentication strategies to different sorts of online interactions. I’ll take myself as a use case – I’d be pissed if I needed to respond to a text message every time I logged in to online banking, I’d even be frustrated if I had to do so for every transfer between accounts I own. But, I wouldn’t mind if I had to for transfers to outside accounts. Yet, I haven’t seen or heard about any financial institutions requiring different levels of authentication for different types of transactions. I’m sure someone is and I just haven’t heard about it – let me know in the comments – I can’t have an account with every FI

This all points to aligning security, authentication, and authorization methods to channels/transactions that present the greatest risk to the consumer and the financial institution. A balance inquiry is low risk, a person to person to transfer is high risk. We must authenticate and authorize appropriately for these things. I’d be more than happy to authenticate via SMS or IVR for P2P or P2B transfers via online banking, or for password changes, address changes or any number of infrequent high risk transactions.

The beauty of the multi-layer, multi-factor, multi-context approach is that the convenience need can be met while also meeting the security need. Inconvenience is increased as risk increases, and most consumers will accept this as they know/feel they are being protected.

I think this must be a systems problem in that online banking portals that are in place today just don’t have the flexibility to authenticate/authorize at enough levels to support the granularity required. What do you think?

Since this was my first time, I didn’t know what to expect beyond what I’d read on the BarCamp wiki and some blogs. At first blush, it seems that it just can’t work – put 40 – 50 people in a room and try to get an agenda for a whole day – but it does. I think much of this is due to the fact that the sort of people who give up their Saturday for something like banking topics are highly motivated and smart. And throughout the day this proved to be true. Topics are posted up on the wall and the group quickly sorts through them, splitting them in to breakout sessions and spending an hour or so discussing the topic. It was just amazing how diverse the crowd the was, and how intelligent and engaged the folks who came out are.

There are many take aways from such an event, but a few for any newbies who may be interested in what BarCamps are all about:

• It is what you make of it – interact, question, speak up – the format of the event strongly favors interaction – there are no talking heads, no keynote speakers. You are the speaker, listener and critic.
• Understand the crowd – somewhat related to the point above, it isn’t about smart people talking to you, it is about smart people talking to each other, and recognizing that everyone has different strengths, background, expertise and experience – and those are valued.
• Get out the cards – bring plenty of cards, and if you don’t have your blog and Twitter URLs on your card, write them on the back ahead of time (I didn’t do this, but should have). Exchange cards liberally
• Follow up – send out some emails following up on conversations, hit LinkedIn for strong connections, subscribe to people’s blogs and follow people on Twitter. There is more to learn.
• Just Go – I’m extremely shy, and any conference is tough, especially one that is highly interactive, but go anyway. The crowd that shows up for this sort of event is really open, and you will likely have people coming up to you, or you can just walk up to a group and start listening. Good things happen either way.

Specifically related to this incarnation of BarCamp Bank, a few thoughts:

• Financial services doesn’t seem sexy and exciting, but there were a ton of ideas in a vast variety of areas. Financial services in the US (especially) are tired and boring. There are so many opportunities globally to do new things with financial services, I have the feeling the US will be a slow follower.
• Mobile payments are the way of the future. Mobile banking and payments will quickly be the norm in emerging economies where wireless, handheld internet access is the norm. Globally, mobile phone internet access is more common than computer based access.
• Crazy ideas are innovation – and by this I mean the difference between a wild and crazy idea and an innovation is that innovations catch on and make money. Just because an idea is crazy doesn’t mean it won’t succeed.
• For one day, set aside “the curse of knowledge” (explanation here of all places). Financial services is one of the industries that is most afflicted by this curse. It needs to be set aside by those who are in the business to open up to new ideas and find new ways of doing things.

OK, that’s it for me on BarCamp Bank SF for this year. If you have any questions or want to connect, send me a note at ben atsign oustidelook dot com or on Twitter.