Security and Service Design
This weekend as I browsed through Bruce Schneier’s 2003 book Beyond Fear: Thinking Sensibly about Security I realized that it’s full of interesting bits about services. For instance, here’s some insight into why airports ask for a photo ID:
The photo ID requirement is presented as a security measure, but business is the real reason. Airlines didn’t resist it, even though they resisted every other security measure over the past few decades, because it solved a business problem: the reselling of nonrefundable tickets. Such tickets used to be advertised regularly in newspaper classifieds. An ad might read: “Round trip, Boston to Chicago, 11/22-11/30, female, $50.” Since the airlines didn’t check IDs and could observe gender, any female could buy the ticket and fly the route. Now that won’t work. Under the guise of helping prevent terrorism, the airlines solved a business problem of their own and passed the blame for the solution on to FAA security requirements.
I never really flew much before airlines started asking for photo IDs and I had never heard of the classified ads; I suppose it was like stubhub.com for the jet-setting crowd.
Schneier’s book addresses a wide range of services in the context of security analysis. His blog is another great source of information. Security is one of the key outcome components of service quality on the SERVQUAL scale (along with reliability and competence) so it makes sense for service designers to have a grasp of the fundamentals. Schneier offers a helpful framework for evaluating security measures based on an analysis of assets, threat, risk and cost.