Sam Brown

Online and Telephone Banking Security Gone Crazy

When I recently created a new account with the bank I have been with since I had my Super Squirrel Saver Account 18 years ago I had to go through the laborious task of answering some “Security Questions” for telephone banking that I would later use to identify myself should I use this service, which in all honesty, I don’t. Now, let’s be fair, these supposed secure questions and answers are completely bullshit:

  • Please name your first primary school?
  • What is your mothers first name?
  • Where were you born?
  • etc.

Anyone with half a brain or even a friendship with me on Facebook could find out most of this information – what’s more worrisome is that these are the same types of questions that I have to answer to log on to my Internet Banking including – “What is your fathers first name?” – with me being Sam Brown III (the third) that’s probably the least secure thing they could have asked.

I must admit that because I rarely if ever use telephone banking I actually wrote the answers down, just in case. This week I had the unfortunate need to phone my bank to activate something and had all my necessary security answers in front of me ready to give only to be thrown a curveball by the girl on the end of the phone:

  • Do you have any regular credits coming into this account and from whom?
  • What was the last transaction on this account?
  • Do you have an overdraft on this account?

The first answer is no, my credits are from different clients and not at regular intervals (not a monthly salary for example), the last transaction I had absolutely no idea – I could remember taking money out the ATM but that turned out not to be the last thing on the account and I somehow managed to incorrectly guess that I didn’t have an overdraft when I in fact do – I’ve never needed to use it and thus had no idea it even existed. Their response was blunt:

“Unfortunately you have incorrectly answered these security questions and I have blocked access to your account, you will now need to go to your local branch with three forms of ID to reset telephone banking. Have a nice day.”

A bit of an inconvenience to say the least but I did as requested only to be asked by the teller to reset the very same security questions I originally answered when creating the account. I just arrived at square one.

The biggest issue here is not just that these questions are ridiculously insecure but instead of even asking me those – they ask me about recent credits and transactions on my account, which is like aiming at a moving set of goal posts. Without actually having that information in front of me I’m essentially just playing a guessing game – much like one could do to answer their secure questions.

We are a service industry

“Let’s get one thing straight, we might be creative, artistic, any other word that fits your persona but we are in a service industry. However we dress it up, we are a service industry. … I have had two incidents crop up in the past month, both have been from clients who think they can just not pay their invoice. Can I have a refund on the time I spent on your project please, then you can have a refund.”

Sarah Parmenter wrote an interesting rant this weekend on the problems faced by web designers getting their clients to pay their bills. Don’t forget to take in the comments.

How to improve 37signals.com with 1 line of CSS

Dear 37signals — You can have this one for free. — Love Sam :)

  1. a:hover {opacity: 0.75;}

The boys at 37signals have clearly forgotten they are designing for an interactive medium and have instead redesigned with a great looking site that’s about as flat and static as you can get.

7 ways to stop alienating your Twitter followers

Here are a couple of tips you need to employ right now to stop your Twitter followers from becoming disinterested in you.

1. Keep your tweets on topic

Twitter’s primary purpose is to keep people connected through 140 character answers to a simple question; What are you doing?

2. No more WANT updates followed by tinyurl links

Please adhere to Simon Collison’s advice:

WANT: People to stop writing “WANT” and making me follow tinyurls to CRAP. And “WIN” and “FAIL” and LOLROFLIMAOASSWIPE shitty LOLcrap. RAGE” – @collylogic

3. Keep self promotion on the down low

If you have a site that you update regularly and you want to let people know about it on Twitter create a separate account specifically for that site. People are following you because they want to know what you are doing, not that you think they should read your each and every blog post. I’m sure they’re already subscribed to your RSS Feed anyway!

4. Twitter is not the new MSN Messenger

Plain and simple, a couple of @ replies here and there are fine, but if it starts exploding into a full blown conversation best keep that for your IM client. Not everyone following you needs to know the exact details of you and your mates Friday night plans!

5. Perhaps Twitter should employ a Drunk Filter also

Friday night might have been a blast but come Saturday afternoon when you finally roll out of bed you may very well regret something that you posted to Twitter in your drunken stupor. Be very careful, the world is reading.

6. Use hash tags to tag appropriate updates

Written something about a particular topic that you think others will find useful, even those not following you? Tagging your tweets allows for others to easily search for similar topics using sites like hashtags.org. For example:

“booking my hotel for UX London, The Cumberland Hotel discount makes it very worthwhile staying there. #uxlondon”

7. Keep an eye on your signal to noise ratio

Posting updates about every single thing you do during the day may very well be a great way to keep track of your life, alas people don’t need to know that you are heading to the bathroom for your daily business or that you are picking your nose, alright?

Keep your updates relevant and interesting and your Twitter followers wont grow to hate you.

Unnecessary action elements in user interfaces

This screengrab from Matthew Smith’s Flickr stream reminded me of a pet hate of mine, unnecessary action elements in user interfaces.

While Matthew’s shot may be a cheap tactic for Emusic to try and keep their customers on their site, my example is equally cheap, annoying and a potential security issue. When wanting to sign out of particular online banking service I use, clicking the “Sign out” link simply isn’t enough, one is then sent to a page which asks you to confirm that you would like to log out of their site.

“Hi, yes, that’s why I clicked the sign out link in the first place! FFS.”

If your UI is that bad, that people accidentally click this button or misinterpret what it actually does, you need to hire somebody to work on your shit. It peeves me to every single time click once in the top left, and then move to the centre of the page to perform a simple action.

Most web users are not as stupid as you may think, get rid off useless and unnecessary action elements, make it easy for your users to perform simple tasks.

.sc Country Code Top Level Domain price hike

I purchased the domain sam.sc last year for the grand sum of $34.99 from my domain registrar, a RegisterAPI (Dotster) reseller. I fully understood the country-code for this domain was for the Seychelles but did like the fact that it reminded me of Scotland.

Skip forward a year; I was just about to re-register the domain today only to baulk at the new price of 1 years registration, $115! I like this domain a lot, it’s my name, it’s short and super easier to remember, but $115 a year is ridiculous, especially considering that is 3 times more than what I initially registered it for last year. Even after my registrar kindly offered to give it to me at base price, $100, it is still too much. Time to wave good bye to that domain.

Interestingly, a few people have been asking why I registered and use brown .tc. The .tc ccTLD stands for Turks and Caicos Islands which is a group of tropical islands in the West Indies. I wanted a domain where I could have the email address sam@brown.whatever, at the time there was only two ‘brown’ domains available, .tc and .tv. As is still the case, registering brown.tv will only cost you a mere $50,000 per year. brown.tc it was…

Texting Twitter could be costing you £££!

It appears as though the mobile phone number Twitter has employed to allow UK users to text updates to the service is operated by a company based on the the Isle of Man and is costing certain UK network customers money to text. Cole Henley has come to learn this the hard way:

It transpires that the mobile number UK twitter users use to send messages to – 07624801423 – is not included in my plan because t-mobile regards this number to be an international number. Why? Because the company that operates the number is based on that bastion of insularity, the Isle of Man.

It turns out that T-Mobile and Three do charge this number as international, where as O2, Orange and Virgin do not. It would be nice to see Twitter update their vague help page with this information.

Amazons World Wide Prices, Epic Fail

I have previously written about Amazon being a pain when it comes to having to run Multiple Amazon Associate Accounts, but today I was setting up some small ads on the newly redesigned Posh CSS only to realise that the below prices were not a typo!

Amazon Prices

The cost of this particular book is more expensive in pounds than it is in dollars! This equates to us in the UK having to pay almost double the price for this book than our fellow friends across the Atlantic! These extortionate prices carry over all of the books that I have just added to the Recommended Reading section of Posh CSS.

I recommend that any Brits looking to purchase these, or any other web related books consider the cost of buying and getting them shipped from the Amazon US store.

This is confidential and not to be published.

Is the lead-in to an email I received last night from my biggest advertising companies President that will, for the time being, remain nameless. The email goes on to state that the company are going out of business and that they need to negotiate with their creditors and advertising publishers (of which I am) to settle all accounts.

The email goes on to say that I will be lucky to get paid 10% of what I am owed and that the balance will and I quote “have to be forgiven”. Fair enough if we are talking about pennies but we’re not. It’s thousands of dollars.

Mr President asks if this 10% payment is acceptable and offers a pipe dream of working with him again in the future. I’m at a loss as to what to do, does accepting the 10% waive any right I have of trying to receive the other 90%? Do I have to fight this to the death? There is a contract, but they are in the States and I am in the UK and I am not sure what my rights are. Any help or advice?

What is also strange is, as of yet, I haven’t heard much else on the web about this company going belly up and I can’t seem to get in contact with either of my Campaign Managers at said company for confirmation. It all seems a bit sudden and I’m slightly worried.

Update: I received a follow up email today from my Campaign Manager who must have CC’d his boss, from whom I later received an email stating that the Company is closing their doors but that the email was sent to me in error and I will be paid 100% of the monies owed. Thank goodness for that.

No, you can't have some or any of my design!

Interestingly I was just about to start writing this here little rant, when a new item popped up in my feed reader from Wolfgang Bartelme titled Design Theft. Not exactly what I was about to write but its pretty similar. Why do people think its ok to steal someone else’s design?

What is really irking me lately is the amount of emails I have been getting ‘asking’ me if I can give them part or all of my design. “If you could just zip up the html, css & images that would be great”. Uhm.. what? Hello? No!

It’s not cool. I spend time and effort making all of my work specific for my sites and I’m not in a hurry to just package it up and give it away, those are templates and there are plenty of them out there. Is it just me, or are the design thief’s getting lazy, I can’t believe they have the tenacity to ask for my work! Harsh words, I know. But it needs to be said.

Sam Brown co-founded Iterate, and was previously VP of Design at Foursquare. Based in NYC.

DribbbleEndorseFacebookFoursquareInstagramTwitter