For the past few months I've been awaiting the arrival of a killer new payment system, and in the back of my mind considering hatching my own. And so it was with delight, and slight annoyance, I learned of Barclays' new Pingit app for iPhone. At first I'd let it pass me by since I'm not a Barclays customer, but then I was informed that you don't need to be: it's actually available to anyone with a UK bank account. Good times ahead, though not for Barclays' PR agency perhaps. To the uninitiated, Pingit is a system that allows you to send cash from your mobile to another mobile. More accurately, Pingit is a system that allows you to transfer cash from your registered bank account from the Pingit app on your mobile to another Pingit user by referencing their mobile number. Brilliant for small cash transfers between friends, sorting out restaurant bills, and generally A Good Thing.

At least, that's what it says it does. I never got that far.

The main stumbling block for any peer-to-peer system such as this is user signup. Pingit is a convenience for quick cash transfers, but it will only be convenient if signing up is relatively simple, and if the recipient is signed up to the service (or you can convince them it will be worth it). The data associated with Pingit – bank account information – is very sensitive, and so the sign up system must be rigorous and secure. Here we have two opposing forces, as often is the case with constructing UX: the user signup process must be extremely secure to protect the information of the user, and yet it must be straightforward, or no one will ever bother.

So how to approach this problem? Personally, I would follow a few simple rules:

1. Explain at the outset what information will be required of the user.

2. Highlight any unusual, additional stages that may need to be carried out due to the the specific system being registered for.

3. Make the signup process as familiar as is possible.

And so it begins. I open the Pingit app, watch the pleasant but pointless (user guidelines, anyone?) loading animation, and I'm presented with a screen explaining what I will need before I get started on the sign up process. Excellent! Rule one covered! I will need, apparently, a UK mobile number (check) and a UK bank account (check). I click the big button.

The next screen requires me to create a 5 digit security number Wait, what? A familiar 4 digit security number? An alphanumeric password of at least 6 characters? A passphrase? Nope, a 5 digit security number. Right. I enter a familiar 4 digit PIN and add a zero, hoping to god I remember I was in a zero mood next time I need to log in.

The next screens are much more familiar. Personal details stuff. I nip through this section, happily noting it behaves exactly like all iPhone forms behave. At this point I'd like to say how nicely designed this part of the UX is. The next screen asks me for phone and bank details, again all laid out exactly how I'd expect it to be. I glide through.

The next screen requires my address. As I'd expect, there is a familiar postcode lookup facility. I enter "E1W XXX" (I don't really, I use the real second-half of my postcode). The service returns dutifully with most of my address pre-filled, and I add my flat number and fill in the Town field for completeness. I proceed to the bottom of the form, but for some reason "Next" is disabled. How odd. I go back to each address field and check for erroneous characters, and as I leave the postcode field it turns red. Here must be the problem. But, isn't that the postcode I just successfully used to find my address? I try removing the space just in case, even though the character is part of the postcode standard, but no joy. I delete it entirely, and type it out again. Still nothing. I delete again, and type in a different London postcode. Ping! The "Next" button is enabled, great! But that isn't my postcode. And then it dawns on me. The postcode field had been designed to accept only what the developer thought are valid postcodes. In the Pingit world, E1W clearly doesn't exist. Anyway, I re-enter my postcode incorrectly as E1 XXX. and through I go.

The next step is to validate my mobile number and ensure it is one I have access to. As normal, An SMS containing a code is used. I see it arrive almost instantly, and touch the notification to see the code. It's short, and so I memorise it temporarily, and switch back to Pingit. At which point I see Pingit's loading screen. Oh dear. It's not as bad as I fear: the app appears to remember that I'm part way through the process but requires me to enter my 5 digit passcode. I dutifully do so, and the app returns me to where I left off: the screen to enter the code from the SMS. B

y this point my five digit passcode has displaced the code from my short term memory, and so I switch back to messaging. This time I write it down using the pen and paper I was told I'd need. Wasn't I?

I switch back, watch the pairing animation again, enter my passcode again, and then enter the SMS code. Next!

Next is confirming my bank account details. Familiarity again, thankfully: a penny has been deposited in my account – a la PayPal – and I must report the transaction number. I launch HSBC's Fast Balance app, enter my 8 digit passcode (don't ask) and look at my previous transactions. Clearly being a slow learner, I attempt to memorise the code. Some app switching later, I write the code down.

This final code entered, I reach the end of the user journey. Or, it turns out, the end of my tether. As it transpires, there's one more step to go, a secret step so exciting that I wasn't told about it at the start, lest I couldn't contain myself.

The final step, it transpires, is to visit a branch of Barclays with two forms if identification. I close the app.

UPDATE:

I've heard of at least one non-Barclays customer not requiring the ID stage of the process, which is great for that person. If this means the ID is only because my address was not verifiable, good for some, even more annoying for others: I couldn't use the address that was automatically found for me by the app since the app said it was invalid; I couldn't use a simplified version of my address that the app said was valid, since the app would not verify it. There's a name for that.