From the Mind of Trevor Stone

This short article about credit card companies getting rid of customers doesn't say anything new, but it catalyzed an interesting analogy for something I've been thinking about for a while:

Free Marketeers like to talk about the tragedy of the commons. Suppose 100 people live in a village and their local pasture can support 220 cows. Everyone can graze two cows and things will be fine. But then some clever fellow realizes he can get ahead by grazing an extra cow that slips under the radar. But then everyone does that and the pasture can't support that many cows, the grass dies, and then the cows have nothing to eat. Free Marketeers say that the solution to this problem is to privatize the commons so that an individual has an incentive to ensure the pasture survives.

Now suppose we replace "pasture" with "American consumers" and "cows" with "nonessential goods and services." The recent decade of boom, domestically and globally, was largely driven by cows nonessential goods and services foraging on grass American consumers. Big houses, expensive electronics, SUVs, sneaky fees, and other products made huge profits by stretching the resilience of American consumers. And while one or two industries stretching consumers beyond good fiscal discipline could be sustainable, when everyone piled on, the resource was tapped out and everyone's cows business ventures starved.

The Free Marketeer solution of privatizing the resource obviously doesn't work in this analogy -- private ownership of another person's economic activity is slavery. The other main resolution to the tragedy of the commons is regulation: the people organize a governing body which can prevent or punish those who try to graze more cows endanger the ecosystem for personal gain.


Remember: Be suspicious of anyone who has a vested interest in you making poor decisions. Credit card companies don't like people who pay off their full balance every month (the responsible thing from the card holder's perspective). Rather, they prefer people who make the minimum payment each month, but a couple days late so they can rack up interest and fees. (Except now they're trying to get rid of those people to reduce their risk exposure. Oops.) Therefore, the credit card company does everything it can to get you to make poor economic decisions. A commercial bank wants to make as much profit off your deposits, loans, and fees as possible, but a credit union wants to provide the most benefit to its depositors and lenders. Therefore, a credit union's policies are more likely to be in your favor.

This is a rambling description of my attempts at purchasing items online. It could probably be tightened up a bit for humorous effect, but my main interest was in documenting frustration so that I can refer back to it if some random charges appear on my card tomorrow. If nothing else, it serves as a reminder that nothing is quite as simple as handing some paper currency to a person and walking away with a bag of stuff.

Dear Visa,

You are, in many ways, in the businesses of electronic financial security and customer convenience. The following, therefore, should not happen:

1. I select my online purchase and enter my credit card information and shipping address.
   
2. I look away and look back to see a mostly-white window with a "Verified By Visa" logo and my credit union's logo and (as I recall) some text indicating that JavaScript wasn't enabled.
   
3. I enable verifiedbyvisa.com and mycardsecure.com (IIRC) via NoScript.
   
4. The page asks me to enter my security code, and the last four digits of my SSN and phone number.
   
5. I submit such information.
   
6. I am asked to create and verify a password.
   
7. The next page shows the Verified By Visa logo and the logo of my credit union. And a message that a popup was blocked. And nothing else.
   
8. I allow the popup window.
   
9. The main Firefox window is no longer active, but no popup window is visible.
   
10. I activate exposé and see the popup window and select it.
    
11. I still can't see the popup window. I select Zoom from the Window menu and it sizes itself.
    
12. The popup window has a submit button informing me that I should update my profile.
    
13. Clicking the submit button does nothing.
    
14. Back to the main window, there's still nothing but two logos.
    
15. I turn on Firebug and start inspecting JavaScript functions and the DOM.
    
16. I figure out which function was supposed to be run when the page loads and execute it through the console.
    
17. I am redirected to an IIS error page at verifiedbyvisa.com
    
18. I try the main page of verifiedbyvisa.com and receive another error page.
    
19. I wonder what kind of credit card company doesn't maintain the home page for their security service.
    
20. Um... have I made a purchase? Or am I in post-purchase/pre-receipt transaction limbo?
    
21. I check my bank balance. My current and available balances are within two dollars, so the site hasn't charged me yet.
    
22. I WHOIS verifiedbyvisa.com. Looks legit. I google verifiedbyvisa. The first page is on visa.com and has the same logo I saw before. It links to FAQs, "Solutions," places to shop, and more. Clicking on any of them leads to an error, though. What kind of credit card company has dead links all over their security system section?
    
23. I return to the site and add my item again. Now it thinks I want two. Yay! Reduce quantity.
    
24. I hit check out. Again.
    
25. I enter my billing and shipping information again. Note that the credit card number and security code fields are not of type Password, so Firefox suggests them.
    
26. I get redirected to a verifiedbyvisa page again.
    
27. I note it has a "Personal Message" which reminds me that I came up with a different password for this service a few years ago when buying tickets for a concert.
    
28. Based on the message, I try two variations on a password. It asks me for the card's security code, expiration date, and the last four of my SSN and phone number. Then it asks me for a new password.
    
29. I enter what I thought my password was before and jot down a super secret note which has enough information for me to guess the password again.
    
30. I am redirected to my original site of purchase.
    
31. I print a copy of my receipt.
    

Internet Explorer is still used by over half of web users, but I think Firefox is around a quarter. NoScript is one of the most popular plugins for Firefox. Other browsers let you turn off JavaScript as well, just not as flexibly. Many users concerned about security browse with JavaScript turned off. It would behoove a credit card company to design their secure payment system in such a way that security-minded users don't have to disable enhanced security in order to make online purchases. This game is 12 years old. You'd think somebody would have figured it out.