Month: March 2008

Changes in address, changes in risk management

This blogger recently updated his mailing address with two large financial institutions. Both residences were still in use, which allowed for receipt of the confirmation letters. As a general security precaution, it is standard practice to send a letter about the address change to both addresses. In case the change of address proves unauthorized this gives the legitimate owner a fighting chance to realize something is wrong. The two letters revealed a difference in risk management:

Institution A had a chatty, verbose style congratulating the account-holder on the recent move– which  was not the case here. “As an added safeguard, would you please take a moment to verify the address change you requested. New address: <…> “ The letter was interesting enough signed by Fraud Operations and concluded with good-luck wishes at the new address. (This being NYC it’s understandable all the luck is necessary.)

Institution B sent a more brief one paragraph message, with phone numbers prominently shown on the upper-right hand corner. “For your protection the new address is not disclosed on this mailing. If … this change was made without your authorization, please visit …. or call the numbers listed above.”

Is printing the new address a security problem? If the customer moved, the new occupant at the same residence probably knows at least their name because a ton of junk mail will arrive addressed to the previous, and sometimes even earlier residents. Junk mailers seems to be slowest in updating their databases probably because the data made its way there after going through a series of intermediaries. In other words it is ancient. Learning their new address on the other hand is not as easy, unless there was direct interaction: for example if the new occupants bought the house from the previous family in which case the address was likely disclosed as part of the paperwork. But there are cases when one family member or person moves out on less than friendly terms, and  wants to avoid being tracked.

cemp

Bank of America and know-your-customer

Financial institutions in the US are subject to know-your-customer regulations which requires them to verify the identity of customers. These rules are designed to identify money-laundering and terrorist network financing operations; in fact some provisions derive from the PATRIOT act.  This is one reason opening a bank account requires government issued ID and social-security number. Virgin Islands or Switzerland may be portrayed as havens for  hear-no-evil, no-name private banking in the average Hollywood crime caper. The strict banking regulations make it unlikely they will be opening a US branch anytime soon.

But when it comes to a more basic notion of knowing the customer– such as having a clue about them  before mailing out credit card offers– it turns out the banks could use some help. “Usted ha sido previamente calificado para una tarjeta de credito que podria ahorrarle dinero.” says the message visible in the envelope. Not a Spanish speaker? Neither is this blogger but that would not stop Bank of America from sending an unsolicited, pre-approved credit card offer in Spanish. Twice.

In fairness, after opening the envelope it turned out to be bilingual: there were two copies. That is a good thing: from New York subways to product manuals, there are good signs that institutions are adjusting to the reality of a diverse America. More importantly both versions appeared to offer the same basic terms: it would have been blatant discrimination if the APR were higher on the Spanish offer for example. It is a small error, but indicative of the impersonal nature of credit. One would expect that with a cottage industry in consumer data-mining and extensive dossiers compiled on all US residents, a bank would be able to determine the primary language of a customer they are trying to solicit business from. BoA, or more precisely the random company where they outsourced the credit-card offer carpet bombing operation, did make a decision in putting one of the two variants first, visible in the envelope window. From their point of view the recipient is not a person with a language preference but a one-dimensional statistic, reduced to the FICO score.

cemp

Default settings and ecological impact

Do application settings reflect choices made by the user or the priorities of the developer? This questions comes up again and again, as the settings are linked to yet another unexpected negative outcome. The latest example is from ChangeTheMargins.com, courtesy of Good magazine.

Almost any interesting bit of software comes with a set of switches and knobs. The more complex the software, the more switches to fiddle typically. Sometimes the developers in a good-intentioned attempt to conquer the complexity reduce it to a series of multiple choice questions. How secure would you like that router? Low/medium/high. More likely there is an escape hatch left open for the tinkers, a custom or advanced option hiding in the UI that unlocks the full array of all possible configurations, to create the software equivalent of an extra-hot, 2% double-shot half-decaf mocha.

Unlike the whimsical Starbucks creations, application settings can have a wider reaching effects then the next caffeine buzz. Power settings are the obvious example: machines equipped with power management features that can either slow-down the CPU speed or hibernate altogether in response to low utilization can cut down on energy consumption. ChangeTheMargins picks a different battle; the choice of margins in Microsoft Word. Set to 1.25″ by default for left-right, the website argues for cutting that generous allotment of white-space down to three-quarters of an inch instead. There are detailed figures for exactly how much in paper, trees and dollars that will save.

All good advice. As for the interesting piece: the author is calling on Microsoft to set the defaults to 0.75″ in Office out-of-the-box. This raises an interesting question the extent that the current wasteful use of paper can be blamed on the developer and to what extent on the customers using that software. (Not to diminish the influence of middle-man along the way: the OEMs who install and configure that software on brand-new machines where it is bundled, the enterprise IT departments responsible for rolling-out Office to 10K desktops etc. In fact the website does have a stated goal for converting 5 corporations to sanction the narrower margins.) The issue of default can become a major headache to the vendor for three reasons:

  • There are too many conflicting interests– including occasionally that of the vendor itself– and out-of-the-box settings must strike a balance that can not please everyone
  • Anecdotal evidence suggests some fraction of users will not change settings. Especially anything marked “advanced” or “custom.” This makes it very hard to take the position that settings reflect user choice as opposed to user complacency. (This fact was impressed on the blogger when he worked on the P3P privacy settings for Internet Explorer 6.)
  • Most applications must ship with some defaults at least. For many years UI designers hated the idea of forcing a decision on the user at first-run or installation time, because it was disruptive to their Platonic ideal of user-friendly software. They pointed out, quite correctly, that such a question materializing out-of-context, when the user is already occupied with a different primary would simply be perceived as a distraction, leaving everyone looking for the “OK” button to make it go away. Without any basis for weighing the options the user might as well flip a coin. Fortunately UI designers have become more pragmatic about this over time, especially in the context of security. IE6 XP SP2 “Information Bar” and more recently in IE7 phishing filter do in fact prompt the user to make a decision the first time when the choice would have a material impact.

Yes, the default width of margins matter. But to put this in perspective: it matters much less than other options. Printing double-sided can cut down paper waste by 50%. What about configuring printers to default to double-side? Not that easy it turns out because most of them can not do auto-duplexing. This blogger cared enough about the functionality to find one that could, but there were few viable alternative for home-office use: Brother DL-5250DN handily won out. Manually printing double-sided is very slow and often impractical for large documents because the secondary feed tray can not accommodate very many sheets at once. But the high-end multipurpose scanner/fax/color-laser printer/photocopier machines the size of washer machines found in large enterprises can and ought to be configured to default to double-sided and not waste paper printing out cover pages to distinguish the jobs.

Finally there is the question of trade offs: using smaller fonts, using single-spacing instead of double-spacing or printing two pages on one side (50% magnification) can all cut down on paper wasted, but the expense of readability. One reason conservation efforts have not resonated with the American public in the past is that they evokes images of huddling together in the cold –reduce heating to curb carbon emissions– in a dimly-lit space whit with pale glow of florescent lights– more efficient than incandescent– after taking a cold shower. At some point the quality of the printed document may not meet the strict standards used for academic or legal correspondence for example. That brings us to the most promising solution: minimizing the need to convert electronic documents into hard-copy.

cemp

What is wrong with this UI?

Time-Warner New York / New Jersey proving that their website design is just as cutting edge as their service reliability. Below is a screen-shot from the password reset flow. In fairness this may not be TW: the website for online account payments appears to have been outsourced as evidenced by the URL. But then again getting your broadband service and possibly VoIP from a company without the inhouse expertise to build a payment processing website does not inspire confidence.)

Password reset flow

What is the point of prompting for something that you have just printed on the same page? Because our customers need frequent practice with their copy/paste keyboard shortcuts.

cemp

Macbook Pro frustrations

  1. Unreliable coming out of hibernation: occasionally a blank black screen after opening the laptop. Power button has no effect, as does the rest of the keyboard. Closing the lid, re-opening and then hitting power button brings back the unlock screen.
  2. It gets worse from there: occasionally the password prompt never appears, instead there is the endless spinning cursor suggesting the UI is blocked on something. The first attempt to unlock the screen by typing enter after the password has no effect: the dialog box remains, with the password highlighted this time. Pressing enter again– on the exact same masked password– unlocks the screen.
  3. Problems associating to draft 802.11N networks. There are general usability problems in connecting to any wireless network: the wireless icon that lists available networks is very slow to respond, has difficulty locating networks etc. Draft-N appears to pose particular problems because it will not automatically re-associate after coming out of hibernation– something it has no problem doing on ordinary B/G networks. Instead it prompts with the same question about joining a random open network because no trusted networks could be found. Maybe try harder next  time?
  4. For that matter the entire user-experience around wireless needs tweaking. The top right-hand corner icon which opens the menu listing all detected access points is very slow. Occasionally the menu freezes, again suggesting that the code is getting stuck somewhere in the depths of the 802.11 stack.
  5. FileVault prompt during restart: informs the user each time that FileVault, the file-system encryption feature on OS-X, is taking up too much space, some of this can be reclaimed, proceed/cancel etc. “Reboot” means reboot without lame questions.

cemp

Credit rating system and meaningful choice

A story from NYT Real Estate section about a British expat’s search for an apartment in Manhattan reads on different levels. Describing the interaction with a real estate agent:

“Almost by way of small talk, she said ‘Where are you from’  and I said ‘I’ve just come over from London yesterday,’ … She asked whether he had a credit history in the Unites States or a bank account or a Social security number, all of which he would need to rent an apartment. No, no, no. … But his employer would provide initial financing and act as guarantor.”

What would be the expected response from the realtor? In this case walking out on the client:

“She completely lost interest and just left,” leaving him standing on the pavement.

Welcome to the Big Apple. It would be easy to dismiss this as yet another rude-awakening in the ways of Manhattan for a new arrival– an experience this blogger can relate to. But there is a more subtle point about the pernicious growth of credit rating systems here. It’s not an oversimplification to say that without a social security number, a US consumer is just a nebulous and largely invisible presence in the eyes of lenders.  Most of the data compiled by data-brokers such as Acxiom, Choicepoint and the more familiar credit-reporting bureaus such as Experian and TransUnion are indexed by the SSN. To oversimplify in database terms one could say SSN is the primary key to the database. In this case the expression “key” is quite appropriate because it unlocks all the reputation information required for a significant transaction: buying a car, leasing an apartment, even getting a cell-phone contract. With the credit history available, consumers stop being blanks faces, they acquire useful numbers: Alice has 700 FICO score, Bob has an 8-year mortgage in good standing etc. Everyone is now a three-dimensional character jumping out of the page, shrouded in precise numbers.

One of the arguments in defense of massive data collection is that it enables credit: individuals can go anywhere around the country and still enjoy the same access to credit as if they lived in a small-town where everyone knew first-hand about their impeccable track record in paying back debts. (The flip-side, never mentioned in the same sentence, is that nobody can start over: the scarlet letter of bankruptcy or foreclosure also follows people around. It is true that in this case there are no second acts in American life.)  The more wide-spread and inflexible our reliance on credit history, the more difficult it is to get started and the greater discrimination between those who have an extensive dossier verses those with a blank slate. NYC may be an extreme example. In keeping with its completely ludicrous and preposterous state of affairs, some landlords demand to see bank statements,  employment verification on official company letterhead and even past tax returns before approving a lease. But stories like the one above are far from unique: if the agent had any shred of common sense, she would have realized that a decent sized company–implied by having offices in London and New York– as a guarantor is much better than one would expect to get from most consumers: while individuals can go bankrupt or disappear, a company with deep pockets can be litigated to the last penny. The story did have a happy ending because at least one rental agency was sane enough to accept his application with six month deposit– but only after running a credit check on this person’s manager. There is no escaping the system.

cemp