Discover Card Doesn’t Get It

The folks at Discover Card just announced that they are ending their Secure Online Account Number program. It was a fraud prevention system that allowed a cardholder to generate a different credit card number for each merchant. The card number was bound to the merchant with whom it was first used—any attempt to use the same number elsewhere would be rejected. It was different from some other virtual credit card systems in that it did not let you specify a dollar limit or an explicit expiration date. Despite those limitations, it gave me a fair bit of peace of mind.

In explaining their decision, Discover says

Since Secure Online Account Numbers launched over a decade ago, we’ve continued to add layers of fraud detection and prevention, authentication and ID verification to protect your account information.

and

Discover provides you $0 Fraud Liability Guarantee to protect your account from unauthorized charges.

The problem with that $0 guarantee is that it ignores a fundamental truth of the modern world: time is money. Because what happens if Discover discovers that someone who shouldn’t has hold of your account number is they cancel the card and issue a new account number. No problem, right?

Some years ago, I was traveling for work when my wife’s purse was stolen. The only credit card I had with me was also in the stolen purse, so the card had to be canceled. This created an unexpected problem when the hotel I was staying at demanded an alternate form of payment immediately: they would not wait for a new card to be delivered to me, which might not even arrive before my departure. I had to get a colleague to guarantee my room payment.

I’ve learned that lesson, and my wife and I each carry a card that the other doesn’t. But canceling a credit card can still have a substantial impact. The last time Discover decided to change my account number, I got a notice from the local public radio station that my monthly pledge was rejected. Various online accounts had to be updated. It took a while to track everything down and get everything sorted.

That’s why I have been a regular user of the virtual account feature: not to limit my financial risk, but to limit my non-financial risk. And that is what Discover Card does not seem to understand.

Update (2011-10-17): Discover just announced that they have changed their minds:

We recently announced the decision to discontinue the Secure Online Account Number feature.

Since then, we've heard customers like you tell us how much they love the added control of using Secure Online Account Numbers for their online purchases.

Based on the feedback we've decided to reinstate this feature. Beginning today you will once again be able to generate secure online account numbers for online purchases.

Somebody actually listened.

Front Page Lies (er, Misrepresentations)

Dear Mr Wolverton,

Look, if you want to write an article with the basic premise that Apple’s statement about the iPhone location database is false, you should really have the guts to lead with that assertion. Instead, you seem to have grossly misrepresented the Apple statement, giving your readers the impression that Apple “acknowledged” that the file is part of a system that reports the phone location to Apple. I read the Apple statement, and it said no such thing.

I found this statement especially egregious: “And the vast amounts of data being collected by application developers and mobile advertisers will continue, regardless of Apple's fix for the tracking file.” How can you reconcile that with Apple’s statement that “Location is not shared with any third party or ad unless the user explicitly approves giving the current location to the current ad (for example, to request the ad locate the Target store nearest them)?” Again, unless you claim Apple is lying, you have given your readers the false impression that advertisers are getting location data without users’ permission.

In fairness, you’ve carefully avoided making any statement that is actually false. But your repeated use of the phrase “tracking file” and the word “acknowledge” amounts to saying “Apple acknowledged this tracking file is not used for tracking.”

Maybe you should be writing about the president’s birth certificate instead.

Sincerely,

Update [2011-05-01]: A second article by Wolverton and Mike Swift arguably crosses the line from misleading to false in its opening:

The disclosure of a hidden file on iPhones late last month drew an outcry because it seemed to record users’ every move. But that isn’t the only way mobile phone users’ movements are being tracked.

While the first sentence weasels with “seemed to,” the second sentence has a clear, unambiguous meaning in context. It replaces the uncertainty of seeming with the certitude of fact. That lie spoils what would otherwise have been a worthwhile piece on what happens with actual tracking data.

The Inmates Are Running the Asylum

By reading this blog, you agree to be bound by all the terms and conditions contained in this agreement. Too late—you are already committed. You can terminate this agreement at any time by not coming back to this blog, but that won't release you from the agreement you have just made. Also, you agree that you will not violate this agreement (whatever that means).

Oh, and if you decide to come back to my blog, you had better re-read this posting every single time, because the terms and conditions may change at any time without notice. But you will still be bound by them.

I can't name the company whose website prompted this posting, because that might be a violation of my (involuntary) agreement not to use any of the information on their website in a defamatory way. Oh, wait! I have an out for that:

You agree to defend, indemnify, and hold harmless me, my agents, partners, and content providers, and their affiliates and their respective agents and assigns from and against all claims and expenses, including attorneys' fees, arising out of your use of this site.

There. If the lawyers who wrote that crap want to sue me for this posting, they'll have to prove that they never read it.

I'm probably in no position to sneer, since my employer has its own phalanx of lawyers. But I feel sorry for the folks I know who work at redacted.