To be fair, it's not only LIPA (Long Island Power Authority) who doesn't have a clue when it comes to online billing. Almost everyone who tries it gets it wrong. But, they are the ones who most recently and succinctly demonstrated their shortcomings
1. The email telling me I have a new bill should tell me how much I owe them.
It does not have to include my name, address or any other personal identification, but it should at least say what I owe this month. That's because it's almost always within a few dollars of last months, and I can just pay online like I did the month before. Instead, what they do (and this is less then useless) is mail me a link to their web site, so I can sign in and read my bill.
2. Either my email address OR my account number is my user id.
I speak for every customer in the world when I say that your business is not important enough to me for me to make up a new "user id" just for you. This is not Swiss banking. You are a service and I am a customer, you can call me Mr. Aiuto. And they way you can do that is to call me by the email address I gave you.
3. I don't care about your web site. It will never be a destination for me. I will make a new password for you site once, then promptly forget it and wait for your bill to arrive each month.
Now, let's add this up. Anything less than what I suggest is a lose-lose proposition. It is more difficult for me than getting a paper bill and it is more costly for the service provider. They will have to provision for more traffic and handle increased customer support for those people who can't sign in any more.
How is that, you ask? Well, let me give you an example from real life. I forgot my LIPA user id and password. The web site will not send me my password unless I know the user id, and there is no provision for recovering my user id based on my email address. So, I'm locked out of viewing my account until I call them and talk to a human. Huh? Don't they even try to think things through?
Wednesday, March 31, 2010
Monday, March 15, 2010
Could the phishers at least try a little?
I got this in the mail today. It's so obscure and confusing I don't think I would answer it even if I was a noob. I think my favorite part is "Please don't print this e-mail unless you really need to". Yeah. My bank always says something like that in their correspondence.
-------------------------------------------------------------------------------
From: "Paul N. Baroudi"
To: {me at one of my addresses}
Dear Tony,
Regarding below email, do you have any updates. I need the statements to
show the Kafalat audit team.
Best Regards,
Paul N. Baroudi
Junior Credit Officer| Zouk Commercial Branch
Bank Audi sal - Audi Saradar Group
Tel +961 9 226500/1 Ext. 253
Fax +961 9 226502
Val De Zouk Center
P.O.Box: 11-2560 Riad El-Solh, Beirut 1107 2808 LEBANON
P Please don't print this e-mail unless you really need to
________________________________
From: Paul N. Baroudi
Sent: Monday, March 01, 2010 2:01 PM
To: 'tony@ics.com'
Subject:
Dear Tony,
Following our conversation, here are the 2 check numbers: 562140 ,
562139. Could you send me a copy of bank statement showing these checks.
Best Regards,
... more of the same ...
---------------------------DISCLAIMER--------------------------
This e-mail contains confidential information or information
belonging to Bank Audi sal - Audi Saradar Group and is intended
solely for the addressees. The unauthorized disclosure, use,
dissemination or copying (either whole or partial) of this
e-mail, or any information it contains, is prohibited. E-mails
are susceptible to alteration and their integrity cannot be
guaranteed. Bank Audi sal - Audi Saradar Group shall not be
liable for this e-mail if modified or falsified. If you are not
the intended recipient of this e-mail, please delete it
immediately from your system and notify the sender of the wrong
delivery and the mail deletion. Consider the environment before
printing this email.
-----------------------END OF DISCLAIMER-----------------------
-------------------------------------------------------------------------------
From: "Paul N. Baroudi"
To: {me at one of my addresses}
Dear Tony,
Regarding below email, do you have any updates. I need the statements to
show the Kafalat audit team.
Best Regards,
Paul N. Baroudi
Junior Credit Officer| Zouk Commercial Branch
Bank Audi sal - Audi Saradar Group
Tel +961 9 226500/1 Ext. 253
Fax +961 9 226502
Val De Zouk Center
P.O.Box: 11-2560 Riad El-Solh, Beirut 1107 2808 LEBANON
P Please don't print this e-mail unless you really need to
________________________________
From: Paul N. Baroudi
Sent: Monday, March 01, 2010 2:01 PM
To: 'tony@ics.com'
Subject:
Dear Tony,
Following our conversation, here are the 2 check numbers: 562140 ,
562139. Could you send me a copy of bank statement showing these checks.
Best Regards,
... more of the same ...
---------------------------DISCLAIMER--------------------------
This e-mail contains confidential information or information
belonging to Bank Audi sal - Audi Saradar Group and is intended
solely for the addressees. The unauthorized disclosure, use,
dissemination or copying (either whole or partial) of this
e-mail, or any information it contains, is prohibited. E-mails
are susceptible to alteration and their integrity cannot be
guaranteed. Bank Audi sal - Audi Saradar Group shall not be
liable for this e-mail if modified or falsified. If you are not
the intended recipient of this e-mail, please delete it
immediately from your system and notify the sender of the wrong
delivery and the mail deletion. Consider the environment before
printing this email.
-----------------------END OF DISCLAIMER-----------------------
Monday, March 8, 2010
Does Cablevision's WiFi service actually work?
Cablevision (http://cablevision.com) offers WiFi service on many municipal areas around Long Island. It's freely available to their Optimum Online customers - you just have to provide your user id and password to their login page and you're in. Read their spiel on the Optimum Online site.
Except it doesn't actually work. I have tried it from a number of locations in the past few months and it consistently fails in 3 ways.
1. It requires a new login each time. This is just silly. They could authorize you once and register your MAC address in their DHCP database.
2. Half of the time, you might get signal and an IP address, but they don't assign you a DNS server. This is just plain old fail.
3. When you do get a connection, IP address and DHCP server, their transparent HTTP proxy which redirects you to their login page is rarely responds. You just sit their waiting. My guess is that this is just severe under-provisioning.
But, it's a wonderful service on paper. It sounds useful, and as long as they don't deploy enough resources to make it work, it doesn't cost anything to provide!
Except it doesn't actually work. I have tried it from a number of locations in the past few months and it consistently fails in 3 ways.
1. It requires a new login each time. This is just silly. They could authorize you once and register your MAC address in their DHCP database.
2. Half of the time, you might get signal and an IP address, but they don't assign you a DNS server. This is just plain old fail.
3. When you do get a connection, IP address and DHCP server, their transparent HTTP proxy which redirects you to their login page is rarely responds. You just sit their waiting. My guess is that this is just severe under-provisioning.
But, it's a wonderful service on paper. It sounds useful, and as long as they don't deploy enough resources to make it work, it doesn't cost anything to provide!
Saturday, March 6, 2010
Don't touch that USB dongle that came in the mail
My wife found an advertising insert from a AstraZeneca (pharmaceuticals) in a recent medical journal. It was a little USB dongle that promised to tell you more about some recent drug they were pitching.
It turns out that the dongle is quite a nasty piece of work. It's not a USB drive at all, but it impersonates an Apple keyboard (ID 05ac:020b Apple, Inc. Pro Keyboard [Mitsumi, A1048/US layout]). When you plug it in, it attempts to type a command line to direct your web browser to their site. I little research uncovered that American Express was doing this last October. This appears to be an identical device. Read more here: http://seclists.org/risks/2009/q4/3
And that is an interesting story too. I broke open the shell to find a small board with a KYP logo and a model tag "Web Key". KYP is a marketing company, rather than an electronics firm, and they seem quite proud of this little baby.. You can read more here: http://www.kyp.com/Our-work.aspx?tag=Webkey
It turns out that the dongle is quite a nasty piece of work. It's not a USB drive at all, but it impersonates an Apple keyboard (ID 05ac:020b Apple, Inc. Pro Keyboard [Mitsumi, A1048/US layout]). When you plug it in, it attempts to type a command line to direct your web browser to their site. I little research uncovered that American Express was doing this last October. This appears to be an identical device. Read more here: http://seclists.org/risks/2009/q4/3
And that is an interesting story too. I broke open the shell to find a small board with a KYP logo and a model tag "Web Key". KYP is a marketing company, rather than an electronics firm, and they seem quite proud of this little baby.. You can read more here: http://www.kyp.com/Our-work.aspx?tag=Webkey
Subscribe to:
Posts (Atom)