Monday, November 06, 2006

"For your convenience"

It is a common joke here in Greece the story about a boyscout who desperately wants to do his good deed for the day and helps an old woman cross the street although she preferred to stay on the other side. The last few years many services online tend to do things for us, before us.

For example, today I received a World of Warcraft 10-day free pass from a friend of mine. According to the instructions all I had to do was install the game and create an account using the key written on the pass to play for free on the WoW servers. Right? Wrong! During the account creation process Blizzard asked me for my credit card number. Why? So that should I wish to continue my "online experience" I won't have to go through a new registration process and possibly don't make it in time to keep my current character in the game. In fact the disclaimer insists that this is for my own "convenience" and that if I make that choice (to renew my subscription), my credit card will be automatically billed every time my pre-paid time expired to ensure "undisrupted gameplay". The above are an essential step in the "free" account registration process. If I want to get a free account, I have to fill in my credit card number. I may stop playing at the end of the 10-day free period and never get a new subscription ever again. It doesn't matter for them. They still need my credit card information. Of course I do not believe this is a scam and that I'll be billed but what a minute.

The problem is that Blizzard will store and manage my sensitive credit card details according to its policy. Well, I do NOT trust that policy. Having that information available in some hard disk somewhere in the world does NOT make feel safe. And what if some cracker manages to compromise the safety of their systems? Certainly no one can claim they have a "hack-proof" system. You never know the next point of penetration until you are penetrated in that way. So why do I have to worry about that?

Giving your credit card for an one-time automated billing process is one thing and keeping it stored for the future is quite another. The people who use the second policy have to say in their defence that the user does not have to go through the information fill-in process again and again. I don't mind. As long as we are talking about SSL sessions I really don't mind typing in a few letters and numbers every time I want to buy something.

So this is a classic case where they make me give up my information for them to store in order to make a single purchase. I may never get anything from them in the future. That doesn't matter. For my "convenience" and "service" they'll keep that information. Well, if they care so much about my "convenience" why don't they take the time to ask me what I really want?

How safe do you feel about your online accounts? Right now, this moment, assume your identity is compromised. What would you lose? Do you have your credit card details stored somewhere? Assume they are compromised. How much money do you have in your bank account? Think about it.

These things scare people off the net. It's not me or any other guy talking about security and possible attacks. It's the marketing departments of companies providing "digital ease" and then when someone hacks in one of these databases and it hits the newspapers everyone is terrified and talking about how vulnerable we are against these "criminals".

Let's go back to the Blizzard case. I did not give my credit card. For a moment I considered opening another bank account and having a second credit card, linked to that account, so that I can contain a possible disaster (I would keep a very limited amount of money there etc). Then again why should I do it? Why should I get into paperwork and banks and ultimately employ a very "inconvenient" way in order to register in a system designed for my "convenience"? And what if I do not have a credit card? World of Warcraft subscriptions may be payed with the use of pre-paid cards sold in stores. Many people, especially teenagers, use them. So there's an alternative payment method for full-time subscriptions but not for guests.

To sum up, the "free guest pass", designed to bring people in the game, worked exactly the opposite way for me. And any other "smart" system that works for my "own good" without asking me what I really want will never have me as a customer.


Dear Blizzard,

I am not technophobic or anything. In fact the majority of my purchases are placed online. I am into technology and that's why I want to see things getting more secure and therefore more user-friendly. I JUST DO NOT TRUST YOU GUYS.

1 comment:

Jax Briosh said...

Its not very healthy to read about credit cards and credit card frauds just when you wake up but I couldnt resist to read an other post of my dear friend's, Leg.

I totally agree with Lego and of cource disagree with this 'universal' policy. More and more companies adapt to that system.

Actually I dont mistrust companies like Blizzard. I just cant trust people who have Blizzard in their black list of "free income". And these people are quite more than you might think...

Imagine what could happen if one day, one man, accessed the e-Bay's account data base with not only the card holders' details but the credit card verification codes too. e-Bay couldn't possibly recompence all the people who'll get robed...

Anyway, have a nice day and buy online! Shopping online is healthy. 'Living' online is not...