Showing posts with label trust. Show all posts
Showing posts with label trust. Show all posts

07 December 2010

Amazon Route 53: Trustworthy?

As a "user" of Amazon's Web Services (I've kicked the tyres on S3, but not much more than that) I received an email from Amazon punting their new DNS service, dubbed "Amazon Route 53".

I wonder though, in the wake of their termination of WikiLeaks, whether I would trust any part of my DNS infrastructure to Amazon. Suppose I did something to piss off the US governement - hosted a DNS entry for WikiLeaks, perhaps? at, say, - and some US government official notices (pretty unlikely, I know, but...) and whispers into Amazon's ear, would I, too, lose use of this critical infrastructure without review, recourse or refund?

So, no! I don't think I'll be using Amazon Route 53 much...

21 June 2010

Nedbank Service Fail

<span style="font-style: italic;">Rant ahead. Feel free to leave now.<br /><br />No, really! This is just whining in public about the unbelievably crapulatious service Nedbank dishes out to its customers.</span><br /><br />A service I recurringly buy, and have repeatedly bought for... oh, probably more than 5 years, now... using the self-same <span style="font-weight: bold;">Nedbank</span> credit-card... came up for renewal yesterday. Mysteriously the transaction failed, so the vendor sent me an email to let me know. Very odd! As I say, it has worked fine for years. The card has not expired - the only reason transactions have failed before now.<br /><br />Oh well, off to pay the invoice manually. Using the same card, naturally. (It's the Business card, you see, so simpler for tax and accounting than using a personal card.)<br /><br />Next thing, I find my browser redirected to some foreign website "" for "verification". <span style="font-style: italic;">Oh yeah?!</span> There's a crappy, pixelated copy of a Nedbank logo at the top. <span style="font-style: italic;">That sure looks convincing!</span> And they're asking me for all sorts of account details, including my CVV number, ID number, and some arbitrary and mysterious field labeled only "Personal".<br /><br /><span style="font-style: italic;">What sort of phishing operation is this?</span><br /><br />Actually it turns out to be an alleged "Fraud Prevention" thing called 3-D Secure. I've only heard of it because I know people who have had the pain of implementing payment solutions that use it.<br /><ul><li><span style="font-weight: bold;">Question</span>: Why did Nedbank not <span style="font-style: italic;">bother</span> to communicate to their customers that they would be requiring this much-changed payment process?</li><li><span style="font-weight: bold;">Question</span>: Why do Nedbank not do it on <span style="font-style: italic;">their own website</span>, instead sending me to some website who's identity is a complete unknown to me?</li><li><span style="font-weight: bold;">Question</span>: Is this not the most incredibly stupid thing to do in a web where phishing and identity theft is rife?</li></ul>Later, a call to Nedbank's unbelievably crappy customer "service" centre illuminated a whole lot of these details. The bottom line is that:<br /><ol><li>Nedbank <span style="font-style: italic;">absolutely require</span> us to use this 3-D Secure thingie.</li><li>The shitty 3-D "secure" thingie absolutely requires that I enter my cellphone number to complete their process. Unfortunately, where I live, cellphone reception simply does not exist, so <span style="font-style: italic;">not an option</span>.<br /></li><li>So: I have no way to complete their crappy process, and</li><li>Nedbank has no other process.</li></ol><span style="font-weight: bold;">Fail!</span><br /><br />The 3-D Secure form did not even have a field labeled "Cellphone number". How is anyone supposed to guess at this?<br /><br />Then, too, there is no way to opt out. They claim that the 3-D Secure process is to "verify my
identity". This despite the fact that they have all my FICA docs on
record. They have my other business account details on record (because
that's how they get paid every month) and they manage to successfully
send me statements every month, and a new card every couple of years.<br /><br />And the process <span style="font-style: italic;">absolutely requires</span> that I be reachable by cellphone. What if I don't have or want one? What if I have one but can't get reception? Has anybody pointed out to the shit-heads at Nedbank that <span style="font-weight: bold;">SMS is not a secure nor reliable channel of communication</span>?<br /><br /><ul><li><span style="font-weight: bold;">Question</span>: Why would I <span style="font-style: italic;">jump through all these hoops</span>, put up with really shitty service and all this pain from Nedbank when Standard Bank (my other, other bank) have been trying to give me a business credit-card for years, only to be turned down (because why would I want <span style="font-style: italic;">another</span> credit card?)</li><li><span style="font-weight: bold;">Question</span>: <span style="font-style: italic;">How quickly can I close this Nedbank account?</span></li><li><span style="font-weight: bold;">Question</span>: Did anybody at Nedbank <span style="font-style: italic;">bother to turn their brains on</span> when thinking about this process, or were they - as usual - operating with their heads stuck so far up their own arse that they could see out their own throat?</li></ul><br />Oh! I paid the invoice using my personal credit-card (Standard Bank.) Payment went through flawlessly, painlessly and instantly with no hoops to jump through.

11 February 2010

User Interface Redesigns

I love this quote by E. A. Vander Veer in "Why Does Facebook Keep Redesigning?"

typically users aren't considered at all when it comes to software redesigns. I wouldn't have believed this if I hadn't seen it in action on countless projects in several different companies! The attitude is, "We're the experts, we know what you want and need, our redesign is making it better, and it won't take more than a few minutes for you to get up to speed."

This is more true than I care to think about! Case in point: the SA Weather Service's abomination of a website. They went from a site that, while it had its faults, was uncluttered, easy to navigate, and pretty useful to an astonishingly broad range of audiences whose weather-and-climate-information needs are wildly different: from farmers to firefighters, airline pilots to town-planners. The new site provoked such a backlash when it was first released that the Weather Service website developers were forced to put in links back to the old site in order to provide the vast swathes of information that was missing from the new one.1

Rather than ragging any further on the shitty Weather Service website, allow me to point out one fundamental driver of user-interface redesigns that E A Vander Veer seems to have missed... a reason that goes, in fact, far further than UI redesigns, but is all too often a well concealed motivation for many, many software rewrites and redesigns: We redesign and rewrite because the developers want to play around with a bunch of flavour-of-the-day, oooh-shiny-new-toy technologies.

Not knocking E A's basic insight, though... The motivation seldom comes from the users (or their legitimate representatives) themselves, but almost always from the technical insiders who want change for change's sake.

Like those who thought that adding autoboxing and varargs to the Java language was a value-add...

[1] At the same time the SAWS web designers tried to do the whole "Social Weather 2.0" thing. Sadly they missed the point completely. Any negative comments on the forums regarding the new site were silently deleted. Way to build trust, guys!

29 April 2007

5 Trust Points for Website Usability

For a while now I've been working (slowly) on a new web application; the details are unimportant; I'll talk about the specifics in a couple of months when I'm ready to show something.  I have about 60% of the backend written, and am just starting in on the web frontend.

I am far from being a good "web designer", having the graphic-design and artistic skills of a newt.  The best I can hope for is creative imitation.  It worked for the Japanese car manufacturers, didn't it?  Consequently, I am paying close attention to what works and what irks on other websites, particularly the flow around initial engagement and user sign-up.  Here are the most irritating and unnecessary five things I've figured out.  These are all prompted by stuff I see over, and over, and over again on website after website.  It's getting old.

1. Don't Make Me Jump Through Premature Hoops

Allow me to explore the website. I am entitled to poke about and get some reasonable idea of what the site does, the why and how, before you ask me (or require me) to create an account.

I grant its really not a big deal creating an account, especially since most/all of the details I'll give you initially will be bogus because I have no reason to trust you at first. IBM still, about ten years after filling in a webform on their site, send junk mail (the paper kind) to "Lord Mike" :-)  But there's still some small effort involved in entering a Login-ID, email address and whatever other bits and pieces you require me to fabricate before you allow me into your walled garden.

If I cannot fathom enough detail about the site, if it does not help me to figure out the value proposition it offers me, I will just walk (well, click) away to somewhere else.  The Web is, for all intents and purposes, infinite.  For me to have stumbled across your tiny patch of virtuality was nearly a miracle in the first instance.  Don't block me from finding out whether I want to actually give you my time and attention.

2.  Don't Assume a Trust You Haven't Earned Yet

When I actually do sign up for an account, don't ask me for my whole life history, food preferences, sexual orientation and DNA samples.  I'll just lie, anyway.  I don't really trust you yet.  I only think that your site may have something I want.  This ties into the previous point: The more information I am able to glean before signing-up, the less likely I am to lie to you about myself, the more trust you will have created between us.

For the site I am building, I will be asking for:
  1. Your choice of Login ID
  2. Your email address.
Nothing else.  I don't need to know anything more about you yet; why would I assume that you're willing to give me any more?  I will generate a password and send it to you; I need to confirm that your email address works anyway, and, since I want to be able to send you email, I need you to confirm that you're OK with that, so I may as well send you a password at the same time.  You can always change it to that standard password you use everywhere later, if your browser doesn't remember it for you, anyway.

Incidentally, I just made the sign-up process as quick and painless as it can possibly get, didn't I?  There's only one way to make the process shorter.  Do you really, really need people to sign-up?  I know its an attractive proposition to a certain mindset, but is it really, truly necessary?

As I gain confidence in the site, I may go back to my profile page and fill in missing details, and correct some of the more egregious inventions.  This may take months or even years.  This brings me to my next point:

3. I Am Human, Ergo I Forget.

OK, so you don't burden me by asking for too many personal preferences and details early on.  Well done!  On the downside of that, I will repay your consideration by almost instantly forgetting that I left out details, lied about my birthdate or typed jarblewarblefarble into that form-field.  I know that you can actually make your site more useful and usable to me if I do give you those details, I just was not ready yet.

I suggest that you remind me occasionally.  Perhaps every second or third time I sign in, put a little reminder message on my landing-page, and ask me to fill in one specific piece of missing data.  And make it dead easy for me to do so, either by linking to my profile-management page, or by placing a relevant edit-field right there on the page.  Don't get tiresome by nagging me every time.

And while we're talking about reminders, if you're running any kind of email service, do remind me that I am subscribed, together with my subscription details and your unsub-algorithm periodically -- not more than once a month, but not less than quarterly.  Perhaps in the form of a newsletter.  (You did get my explicit permission to send me email, didn't you?)

4.  Don't Make Me Sign In Again

I'm talking about the phase immediately after initial-sign-up.  I've made the emotional commitment (however small!) to sign-up with your site.  Don't immediately demand that I do more work by signing-in.  I've just told you all that stuff -- login-id, password (twice, no doubt) -- don't make me type it all in again.  You're just being tiresome.

What?  Did you think somebody may have hijacked my IP address in the intervening two second?  That some malware may have sucked your session cookie out of my browser for nefarious unpredictable purposes?  Get over it: you already know who I am (for some value of "know".)

And then, once I am "signed in", don't forget it. (Hello, Feedburner!)

5. Reciprocate My Trust

  1. signed-up for an account, possibly
  2. jumping through the confirmation email hoop, and then
  3. signed-in to that new account
Don't pretend you don't know me!  Don't present me with a page that says

Get an Account with Us!
Here is how:
Step #1: Create an account at
Step #2: Blah, blah, blah.
Step #3: Blah, blah, blah.

That's it!! What are you waiting for? Get major benefits, make money, win friends, influence millions! Create your account now!
Didn't I just do this?  Who are these idiots?
You just trashed my tentative trust in you.  Goodbye.
Related Posts Plugin for WordPress, Blogger...