I went to put in my Visa info on a site, as shown in the picture. Note that the MasterCard radio button is selected by default… though I didn’t see that at the time. I know my name, of course, and even the card’s expiration date, but I had to dig the card out of my wallet to put in the number. I did all that, filled in a few other items, and clicked OK.
The site told me my credit card didn’t match the type selected… and made me reenter my credit card number.
Dumb, inexcusably dumb on three-and-a-half counts.
1) You can algorithmically determine which card it is from the number itself; there is no reason whatsoever to ask someone to tell you want kind of card it is. (What, you think this will help cut down fraud? You don’t think fraudsters know the card algorithms better than any normal person?) Go here for an explanation of how it works. So stop asking for information you already have!
2) If you insist for some reason on a human being selecting one of these radio buttons, don’t start with one selected! Yes, that violates the normal rules for radio buttons… so see dumbnosity #1. Or don’t do it with radio buttons; make each clickable and put a big green border around the one selected, or something.
3.5) Why not make PayPal an option? I don’t want to keep giving all these websites my credit card info. Each time I do this, there’s an opportunity for a costly mistake, one more place a security breach can happen. With PayPal (or Google Checkout, I suppose), security is much more locked down. Sure, PayPal could have a breach also, but if I have 20 places that have my card number and can screw up vs. a single entity in that situation, the latter is a lot safer. (And it’s not like I’m increasing the risk of PayPal exposure, since I already have a PayPal account, as I suspect most regular Internet shoppers do. If PayPal exposes my data, the harm is the same whether I use them once or have 20 merchants that they serve.)
I do recognize that PayPal sometimes charges merchants slightly higher fees than the credit card companies, and that it’s a pseudo-bank that isn’t regulated like a bank. I’m not saying that merchants should absolutely offer a PayPal option, just that it’s well worth considering. It has pluses and minuses that I won’t go into here. As a consumer, I personally would like that option in addition to using a credit card. Indeed, I have backed away from buying at a few sites because they didn’t offer PayPal and I didn’t really want to give them my credit card… and I live part time on a small island in the Pacific Northwest with no retail stores other than food markets, a small auto- and boat-parts shop, and a lumberyard/hardware store, which means I need to either buy stuff on line or spend most of a day and $30+ to get on a ferry and then drive 20 miles to a shopping center. So I need to shop on line!
Lessons From Dumbness
1) Think first. If you’re asking for information from a user and the user believes you already have this information, the user will be angry and will trust you less. This principle holds whether you’re asking for data on the web, gathering IT requirements, interviewing (whether interviewee or interviewer), and so on.
2) Push back on dumbnosity asked of you. The developer who put together this page a) should have foreseen at least dumbnosities #2 and #3, and it’s not inconceivable he or she should have spotted #1. C’mon, even if you didn’t know about #1, didn’t you at least suspect that this was the case? Surely you’ve encountered sites that don’t ask you what kind of card you have! The developer should have questioned this requirement in the name of customer friendliness. Developers who don’t think beyond the strict confines of “I do exactly what the specs say” aren’t adding sufficient value in these difficult times, putting both their own jobs and their employers at risk. If you don’t push back when you spot little mistakes, you’ll have neither the practice nor the credibility to push back on the big ones. This isn’t just a problem for developers, either.
3) If you’re managing, remember to specify the problem, not the solution. Here the surface problem was “capture the dude’s credit card info,” not “step 1, put up three card logos and make the user choose.” But the larger problem was “find a secure way that the user can pay for stuff.” Stated that way, the PayPal strategy becomes an option in the solution space.
TTFN From My Island
Okay, it’s not my personal island, though often it’s quiet enough to pretend. But as I write this, the sun is out, I’m watching two sailboats make their way across the water in front of my deck, in the last hour I’ve seen a young (no white head or tail yet) bald eagle soar by less than 100 feet away, and I know I’ll get yet another spectacular sunset over the water this evening. And there’s no traffic, no traffic lights, no cell phone coverage or TV to clutter up the day, decent Internet bandwidth, and most of all a slight slowing of time, room for an “ahhhh” between some of the tick-tick-ticks. And now a raven’s calling. (They don’t say “Nevermore,” but rather sound like a crow with a cold.)
I only miss the city sometimes.
Have a great weekend.