I think it’s time we admitted that the credit card infrastructure is incurably broken.
Hey, remember back in January 2014, I was complaining about having to make the rounds of all the vendors whose bills are automatically charged to my credit card? Can you guess what I spent a large chunk of yesterday doing? I’m sure you can; I didn’t exactly make the question difficult.
Yes, once again my credit card information “may have been compromised at an undisclosed merchant or service provider.” So I was again given a new card with a new number. And off I went, updating the autopay information at all of the merchants and service providers. Again.
What’s wrong with this picture?
Well, for starters, since the vendor in question is “undisclosed,” I have no opportunity to take my business to a different company that pays more attention to security. Assuming there is one, of course.
Second, why should I be the one who has to spend hours* updating all of the records? Online payment is a conversation between two computers; it’s not a one-way message. If a charge comes in to the old number, why can’t the bank send back a message that says “The number you are charging has changed. The new number is…” It works for the web–there’s a whole series of codes that say “The URL you requested has changed. Here’s the new address.”–and it could work for the credit card system.
* Yes, it really was hours, even though I only had to update eleven vendors. A few of them made it comparatively easy: log in, add the new card, delete the old card, and log out. Most of them had additional hoops I had to jump through. “Your change will take effect on the next billing cycle.” “Please enter the billing address for this card.” (Can’t you assume that, unless I tell you otherwise, it’s the same as the card you already have on file?) “In order to enroll for auto-payment, use our simple five-step wizard.” (I was already enrolled, but I couldn’t update the card information, I had to cancel and then re-enroll.) “We can’t change the card on a pre-order. You’ll have to wait until the charge is rejected and then give us the new card information.” Only one vendor had no online update function, but there was also one who hid it so successfully that I had to call customer support and have a representative walk me through the menus to find it.
The banks spend millions on fraud detection systems that monitor the pattern of charges we make. They could tie those into the process. It wouldn’t be that hard* for the FDS to say “Hey, this is a recurring charge, and the customer hasn’t filed a complaint about it in two years. We can send the update message.”
* OK, it wouldn’t be hard technically. But it would cost the banks money, so it would be difficult politically.
There was something new in this mini-fiasco as opposed to last year’s. Last year I was able to activate the new card and then update the vendors at my convenience over a couple of weekend days. This time, the bank automatically canceled the old card three days after it arrived in the mail. So much for waiting for the weekend.
But the real problem, and the reason I say the system is incurably broken, is that issuing a new number doesn’t accomplish anything. Remember, this is the fourth time this card has been replaced for security reasons.
The new card is one of the fancy “chip and pin” cards with a chunk of circuitry embedded in it. This will make it safer to use at store terminals. It won’t do a damn thing for Internet sales. Give ’em the card number, expiration date, and (sometimes) the code printed on the back, and they can charge the card just as they always have. And store the information insecurely, just as they always have. And get hacked, just as they always have.
This card is good for more than two years. Anyone want to place a bet on how many new card numbers I’ll get before the expiration date?
Change of subject.
Speaking of things that are incurably broken, I assume you’ve heard about the protests in Baltimore. I’m not going to talk about the protests or the larger issues around them–at least not today. But I did want to say a few words about one of the side effects of the protests.
You may have heard that yesterday’s game between the Baltimore Orioles and the Chicago White Sox was played without spectators in the stands.
I watched the game on TV, and it was an interesting experience. I won’t say that the lack of crowd noise affected the players, but it did seem as though they weren’t as focused as usual. I can’t help but wonder if Samardzija would have given up six runs in the first inning if there had been fans present.
A while back, I said “It makes one wonder if the game would be called on account of disinterest if the last fan left.” We still don’t know, because we still haven’t had a game with no fans present. Despite the security concerns that caused the fan lockout, they still showed up. Portions of the field are visible from outside the stadium, and spectators were lined up along the fence watching the game and cheering the Orioles during that six-run inning.
Despite the chaos and destruction, some people played baseball, and other people watched. Religious fanaticism isn’t limited to destructive impulses.
I’m not going to suggest that baseball solved any of the problems the city of Baltimore is facing. Nor am I going to suggest that it could solve the larger problems facing the entire country.
But for a few hours, baseball allowed some people to take a mental vacation from those problems. And sometimes that’s all you need.