Friday, November 28, 2008

Under the heading, I MUST try every new payment thing...(& plenty of them do not work)

I read this week about the new PayPal Mobile Security Key. Rather than having to carry around one of those annoying key fobs, I could simply register my cell phone with PayPal and they would send me a 6 digit text message for me to enter when doing a transaction. So, I went to enroll. Well, I am now waiting almost 8 minutes for my initial enrollment text message to arrive. No sign of it. Oh well, so much for progress.

This reminds me of when I signed up for the original AMEX BLUE card that came with that free Smart Card reader. I could not wait to set it up when I first got it. This was the 1st generation unit from Gemplus and it plugged into the serial port (pre-USB days). No luck getting that thing to work. It was in conflict with also using the port to synch my PDA (PDA!, remember those...). I spent the next 30 minutes on a call with their tech support rep trying to figure out what was wrong. It would not have mattered even if I had gotten it to work, there weren't any merchants set up to accept it.

p.s. It is now 15 minutes and no sign of the text message. I have clicked the "Resend SMS" button 4 times now. Tomorrow I will probably get 4 SMS messages. Luckily I am on an unlimited SMS plan!!
p.p.s. I have one of those annoying $5 key fobs from PayPal already, had to have it as soon as they became available, but of course I never activiated it since I know how annoying it is when you want to do a transaction and don't have the token with you. :-)
p.p.p.s Wait, just got a text. Nope, just my 17 year old letting me know he was leaving the party he was at and about to drive home before the 11pm curfew!

All to save $8, the risks we will take...(oh wait, I have no risk!)

Upon return to the 5th and Mission St garage in San Francisco today, after an enjoyable visit to the SF Auto Show, I was about to pay for parking at the machine in the lobby. But, wait, there was a woman with a Visa logo on her jacket offering to comp my parking. All I had to do was have a Visa Signature branded card and let her slide it through a hand held card reader. So, putting my fears aside that she was actually a crafty card skimmer, I handed her my card. I am quite confident this was legitimate but this is the classic "cheap T-Shirt shop in the vacation spot" scam scenario where the whole purpose is capturing card numbers for resale. I wonder if the Visa security department knew what the marketing department was up to. Of course, knowing I had nothing to worry about (ie; $0 liability guarantee), I went ahead with the transaction. At today's prices, I can buy 4 gallons of gas with that $8!!!!!

Sunday, November 16, 2008

Challenge Questions --- CHALLENGED!

I am sure you have all experienced recently a new phenomenon where you are regularly being asked to pick challenge questions as part of a new or existing username/password login. In and of itself, this isn't completely useless albeit insulting when the site claims that this is dual factor authentication which it is not.
Having a little bit of experience in this area from my Passmark Security days, it is simply amazing to me how inept most companies are at choosing what challenge questions to offer.
What is your favorite __________________?
Are they kidding?
In 12-36 months from now when the site needs to ask me one of my challenge questions, how likely do you think my favorite ___________ is still going to be the same?
The other thing which will usually render the whole purpose of these questions moot is the need to make an absolute match. Let me see, was that "School #25" or "School25" or "School#25" that I answered to the question about what grammer school I attended?

Saturday, November 15, 2008

What does this have to do with payment?

So where does my skepticism come from? Having majored in marketing, I learned to question every marketing message. What I did not realize back in college is that "news" about some magic fix for problems such as SPAM would also typically be filled with a lot of wishful thinking and result in lots of unfullfilled promises. How many times have you seen articles about some consortium of big name brand companies coming together to solve the big problems of Phishing or Spam? I found it quite entertaining the other day, as an AT&T/Yahoo customer, that the Spam filter associated with my AT&T/Yahoo email account placed a promotional email from none other than Yahoo Greetings itself in the Spam filter bucket. Yup, this is art, not science and it likely always will be. GET OVER IT!!!

How does this relate to payment? Payment is all about trust. We have to trust our systems and providers. However, it is very difficult to get the general public to realize that no system is ever going to be perfect and that they have to accept some responsbility and take some risk in order to have access to various payment products and services. Instead we bombard everyone inside and outside the industry with messages about magic fixes. In the end, all this does is perpetuate a larger and larger gap in expectations versus reality and reduce the notion of what Trust even means. Thus we have a vicious cycle and no end in sight.

Oh well, back to watching college football...