Monthly Archives: March 2012

Here we go again

It’s that time of the year again; Apple announces a new product – in this case the new iPad – and the “gotta-have-it” mob collectively lose their ever-lovin’ minds. They get all excited and caught up in the stampede to have the latest-and-greatest new toy.

All for a product that isn’t actually out yet.

The hucksters are out in force too, hurrying to the front of the line, then offering that place for a small fee.

And so are the shady operators who buy them up and ship them off to countries where the new shiny isn’t out yet. The worst one is China, whic is ironic, considering that the iPad was made there, shipped here, and then shipped back there. Ain’t globalization wonderful?

It’s not all bad news, though. Many of those happily forking over between $500 and $800+ for a new iPad will be upgrading from their older model, which means that they will be trying to unload the old one on Craigslist, This means that those of us who have our heads screwed on right can snag a previous-generation iPad for half the price of a new one.

Me? I’m perfectly happy with my Nook Color running MIUI Android. For $130 + a microSD chip and a couple of hours of my time I have 80% of the capability of an iPad for 20% of the price.

Hobson’s Choice

I recently tried to send some money overseas through Western Union. I went to their website and put in all the requisite information, including my Credit Card information. At the end of the process, almost as an afterthought, I was presented with this dialog.

That’s right, folks… MasterCard wants to improve my security. This is a good thing. Visa have a similar feature – “Verified by Visa” – which I have been offered several times in the past and politely refused on every occasion. Unlike them, however, MasterCard would not take “no” for an answer – there was no way to decline this “feature” and still continue to execute the transaction.

Security is a good thing – I am all about security – but issuing me with yet another PIN that I have to remember is not security. Most people will probably write it down, and some will probably write it on the back of the card, which nullifies the security in the first place. On an infected computer, the PIN can be sniffed or keylogged, and be on the other side of the world before the customer has lifted their finger from the mouse button.

If MasterCard were really serious about security, they could have a person or a machine call or text the customer on their cellphone. This could be inconvenient, but I would rather have real security, even if it meant a little inconvenience. Or they could use a hardware key like the Yubikey. But that kind of solution costs money (about $5 per key, when purchased in thousand-up quantities), which makes it unacceptable to the banks.

Some of you may remember when Bank of America offered Credit Cards with the customer’s picture printed on the card. Now that was good security, at least for retail transactions – a quick glance was enough to see that the person was at least superficially similar to the picture. But they don’t make them like that any more. Why not? Because of two small problems: the first was that many cashiers simply did not look at the card, but that could be cured with training and penalties.

The main reason was that the pittance that it cost to put pictures on cards added up to many millions of dollars. Since neither the customer nor the bank was on the hook for fraudulent transactions, this was a cost that the bank was unwilling to bear. So rather than bear the cost of security, they scrapped it to save a dollar and a half per card… and offloaded the cost of the fraud on to the merchants. Problem solved.

And there, as Jack Sparrow might say, is the rub; the only security that is acceptable to the bank is cheap security. And yet another PIN for you to remember is cheap security indeed.

So what did I do? I closed the browser and, after verifying with Western Union that no transaction had occurred, I installed their app on my smartphone. Ten minutes later, the money was on its way, paid from the same card. Quickly, conveniently, and without the usual kerfuffle or flummery from MasterCard.

Cos that, dear reader, is how we roll…