End of the Verified by Visa Saga

December 29, 2008

So last week, I attempted to buy the Fallout games from GOG.com again.  And guess what?  I was blocked by Verified by Visa again.  When I called them this time, however, things went a bit differently.  I told the CSR that this was the third time I had called to cancel it, and he said “Hold on a minute, I’ll be right back.”  About five minutes later, Verified by Visa was gone from my card.  I bought Fallout and had it installed and running in WINE a few minutes later.

So, clearly, the whole 48-hour wait time thing is completely bogus.  The CSRs at my credit card provider obviously have the ability to directly access the Visa system and flip the VbV toggle.  However, he also told me that I can never re-activate Verified by Visa on this card.  Heh, whatever, just another kink in an obviously poorly designed system.

What this whole experience has done is basically made me want to expend the effort to find a credit card company that isn’t stupid.  Or, more realistically, maybe just … stop using my credit card.

You see, my credit union is offering 5% interest on checking accounts now.  The hitch is that you have to use Visa Check or the direct ATM payment on your bank card 12 times a month, with a few restrictions (mostly dealing with arcane forms of on-line bill payment).  No problem for me, as I’m regularly getting lunch and doing small things like that, and my wife’s card counts too.  The card is protected/insured against fraud and identity theft problems, just like a credit card.  That still doesn’t help when you’ve got no money in your account to pay bills, but we pay a lot closer attention to our checking account, so something wrong is likely to be detected very quickly.

I Would Have Just Kept Driving

December 20, 2008

Just Keep Driving

Verified by Visa … Again

December 19, 2008

So last week I called my credit card company and asked to have Verified by Visa turned off.  They redirected me to another number, who said it would take two business days to undo.

I went today to gog.com to try to buy the games again.  Guess what?  That’s right, it wasn’t cleared off our account.  I called them back again, and … now I wait two more business days.  Meanwhile, no games, and no money to a worthy business.

This is nearing the point where I would gladly forgo the extra purchases at REI in order to get rid of this card.  I am extraordinarily irritated with this entire fiasco.

Crazy? Check.

December 15, 2008

w... t... f...

This image was in the December 2008 of Domino Magazine, a home decorating and improvement magazine.  The more you look at it, the weirder and more frightening it gets.  The hanging … things are supposed to be stuffed animals.

Verified by Visa

December 13, 2008

Not that Visa would ever listen to someone like me, but let us sum up the horrific problems with this plan to “improve” credit card security on the internet:

• Linking to random, unverifiable domains, in an iframe, during a purchase process, that a user can’t see in their address bar.  Worse, the registration has people enter part of their SSN, along with all the information needed to steal the card number.  This essentially trains people to be phished.  It is extraordinarily bad internet behavior for a legitimate organization, as bad as asking for account names and passwords in email.
• Here’s a hint, Visa: putting the word “secure” in a domain name doesn’t make it secure.  In fact, it makes it less secure, because it makes you seem like you are trying to convince me that it’s secure when its not.  Oh, and having a valid SSL certificate?  I can get one of those over the internet from GoDaddy for $19.99.  It doesn’t make you special.  You need something more than a domain name and an SSL certificate to prove your identity to your users, especially in the middle of a financial transaction.
• Because of the lack of domain verification and non-user-initiated processes, using an SSL proxy man-in-the-middle attack to steal the Verified by Visa password is trivial, especially for otherwise legitimate sites.  Of course, many phishers and spammers just use a form that looks exactly like one of the real ones.
• Thus, the effect of this program is to reduce the incidence of charge-backs.  The justification for denying the chargeback would be that the transaction was … Verified by Visa.  If they know your password, they must be you, right?  In other words, the only security provided by this service is to “secure” Visa from chargebacks.
• Added to this are all kinds of problems with registration,use, and verification.  More problems.  And did I mention the problems?

I mention this because GoG.com, an otherwise cool site, is using this nonsense.  I created an account there to buy Fallout and Fallout 2, but was unable to finish my transaction.  This was because my wife was apparently forced to register our credit card with this service when she traveled to Brazil in July.  I called my CC company to remove the “service” and protect myself from this threat, and they redirected me to another number.  The nice people at that number said they would disenroll me … after two business days.  The sign-up works in a few seconds, but it takes two business days to remove me?  Bullshit.  And there does not appear to be any way to make sure that this doesn’t happen again – you can’t block the card from being registered again with VbV.

This makes me want to break things.

This isn’t 1932, sir

December 9, 2008

If you haven’t read a summary of what President-Elect Obama’s plans are, the Bloomberg story is as good as any.  What his proposal boils down to are these main factors:

• investing in infrastructure such as roads, bridges, water and sewer lines, dams, etc
• repairing and modernizing public schools
• repairing and modernizing public buildings
• upgrading Internet infrastructure
• modernizing health care, specifically switching to electronic records
• expanding green energy construction

The problems with this approach:

• modern infrastructure construction and repair requires the constant attention of engineering professionals, who cannot simply be created in a short amount of time
• that means that projects cannot be designed and engineered quickly enough to keep a vastly larger workforce busy
• the number of skilled workers in this field is very small – and will have to be split between working and training
• modern infrastructure construction is not an unskilled job, so workers will have to be trained – this will take months, years in the case of bridges, locks, dams, and green energy projects
• if workers are not properly trained, they will make things worse instead of better (think about pothole repair and how often it doesn’t fix the problem)
• infrastructure requires a consistent effort over time rather than a huge surge of building – this plan will create a boom-bust cycle in infrastructure employment
• there is so much money involved that politicization is inevitable
• large-scale computerized systems that are developed in a hurry almost always have crippling bugs and serious security issues
• green energy technology is still in its infancy – technology deployed next year will likely be replaced in only a few years with far more efficient technologies

Given those fairly indisputable issues, making predictions about what is going to happen is fairly straightforward.  At first, things will seem to be going well.  There will be jockeying amongst the states to get the most money, with governors making fantastic promises about how many projects they have “shovel ready”.  The vast majority of the money will not be allocated to the most needy projects, but to the most politically-connected projects.  It will take 1-3 years for people to realize that most of these projects were not actually ready to be built, or even necessary.  The workers assigned to these programs will either lose their jobs, or will be paid to sit around.  At roughly the same time, some of the unethical tactics employed by the states to gain the federal money will come to light, but it will be too late – the money will be gone.

Much of the work done will be of poor quality, because of the rush to “use it or lose it”.  This will really come to light in about ten years, though it will have been known before then.  Designs will be poor, and repairs will be ineffective or actively worse.  Environmental regulations will have been  ignored in the rush for project approval.  Whistleblowers who point out the problems will be derided as either unpatriotic or lazy, unwilling to help rebuild the country.

In the meantime, the demand for infrastructure professionals will have been recognized.  More people will enter civil engineering programs and the like, because the jobs will pay well and will be in high demand … for a few years.  As the bust hits, it will coincide with a wave of professionals coming out of the educational system, compounding the problem.  Wages will drop because demand will drop, and there will be college-educated engineers jobless because of the short-term boom in demand created by this program.

And of course, the main issue: all of the money used for these projects will have been borrowed at interest.  These projects don’t have direct returns; the money will go straight into the economy, and will probably be used to buy necessities and pay down debt, not to increase consumption, as Obama and his team hope.  Given the issues with rapid construction projects, even more money will have to be spent to fix the problems created by the first round of building.  The money available at that time will be much less, and infrastructure spending will either go back to its current level, or even drop lower than it is now.

This is a predictable failure, right from the start.  Faith-based economics strikes again.