“Alexa, Donate $5000 to St. Jude” — a Chat with my Coworker’s Echo
Alexa makes it easier than ever to donate. This is a great thing! But you should also take these practical steps to lock down your Alexa account to prevent unintended payments.
A Real Life Test
Me: “Alexa, donate $10 to St. Jude”
Alexa: “Do you want to make your $10 donation now?”
Alexa: “$10 will be sent to St. Jude Children’s Research Hospital using Amazon Pay.”
Thursday morning, $10 was successfully transferred from my coworker’s bank account to St. Jude Children’s Research Hospital. Don’t worry — I paid him back… Mike and I work together at Vocool, a voice-tech company helping businesses engage with consumers on Alexa. As you might imagine, our office is littered with almost every Amazon Alexa and Google Home device. I had just learned about the new feature that Alexa rolled out that lets users donate between $5 and $5000 to charity simply by using their voice. I tested the interaction on Mike’s Echo (which is apparently tied to his personal Amazon Pay account). Surprisingly, it worked! If you are curious to see it in action, watch the video below for the full sequence (WARNING: mute nearby Alexas!).
But why was I never required to verify that I was the owner of the device?
Shortly after, I actually started again using the $5k amount, and nerve-wrackingly responded with a “No” when Alexa asked me to confirm the donation(silently pleading that she wouldn’t mistake my response for a “yes”).
Me: “Alexa, donate $5,000 to St. Jude”
Alexa: “Do you want to make your $5,000 donation now?”
Me: “No!” 😬
Voice platforms provide developers with opportunities to create refreshingly simple, yet powerful applications. Donating to charity using voice was exciting and the ease-of-use actually might make me do so more often. But how can we build conversational experiences that balance brevity with security in a development environment lacking a fingerprint reader?
Reducing Friction: What’s the right balance?
Finding the optimal balance between simplicity and complexity is a key issue for designers of all sorts. This is especially true for the emerging role of conversational software designers (VUI / VUX) as voice platforms such as Amazon’s Alexa and Google Assistant grow in popularity. (We’re actually starting to bring on English-majors to lead voice design.) From Amazon’s perspective, creating an extra authentication step creates friction, and may slow users down, reducing the likelihood of a user completing a donation. Yet, without this extra step in the conversation, we see potential risks like this.
“As you add capabilities to your skill, make sure you don’t introduce unnecessary pain points or friction.” — Alexa Skill Builder’s Guide
A Better Solution
Interestingly, Voice Purchasing is enabled by default when you set up an Echo device.
Given this, it would be nice to see Amazon:
- Adjust the default, prompting users to set up a pin code in the Alexa app upon attempting a payment for the first time. My guess is that most Alexa owners do not know this setting is enabled on their devices and would prefer it switched off. At this point, the additional 10–15 second delay to recite a pin-code seems like more of a feature than a burden. On the other hand, Amazon — primarily an online retailer — wants to make purchasing via Alexa as streamlined as possible. I assume Amazon is willing to refund users who have unintended payments occur.
- Increase the adoption of unique, per-person “Voice Profiles” to authenticate, in the same way smartphones use fingerprint readers. Amazon is beginning to use unique voice profiles to provide more relevant and personalized experience for multi-user households. In the long term, I’d be happy to ditch a pin code, if Amazon could reliably verify users and payments with voice.
What other ideas do you have to improve this experience?
Practical Steps to Tighten up your Alexa Account
If you would like to lock your account down to prevent unintended access, I recommend navigating to the Voice Purchasing section of the settings in the Alexa app and taking the following steps:
- Consider whether you want Voice Purchasing to be allowed at all. If not, toggle this setting off.
- Update your Voice Purchase Settings to add a 4 digit “voice-code”. This code will be required before making any purchases on Alexa.
- Setup your Alexa Voice Profile, so Alexa can distinguish your voice from others. If preferred, enable the setting which allows recognized speakers to purchase without the voice code after giving it just once.
After you’ve added some security, don’t forget to try out the feature (on your own device) and donate! Here is a list of the currently supported charities.
Don’t have a favorite? Try mine:
“Alexa, donate $10 to St. Jude’s”
Give hope to kids with cancer
Families never receive a bill from St. Jude for treatment, travel, housing or food - because all a family should worry…
TL;DR: If you have one-click purchasing set up on your Amazon account and own an Alexa, you should update your Voice Purchase Settings in the Alexa app now. Otherwise people can make large purchases from your account.