Wed

May 31
2006

Marc Hedlund

Marc Hedlund

The Ten-Year Fallback?

Somewhat early in Amazon's life (I don't remember when I first saw this), I noticed that the Amazon shopping cart had an option which allowed you to place a credit card order without sending your card number over the Internet. When you checked out, you would indicate you didn't want to enter your credit card number, and then you would get on the phone and read the card number to a person at Amazon. They made a special point of noting that you could not place a phone order -- you had to check out with the online shopping cart first -- but you could opt out of entering your card number in your web browser. When I first saw this, I thought, what a great way to get over people's fears. Realistically, reading your card number to someone over the phone who then enters it into a database for you is probably no more secure, and possibly quite a bit less secure (since you introduce a human into the path between you and the database -- that is, you ask for a "man in the middle") than just entering the number yourself. That, though, wasn't the point -- the point was that Amazon customers could speak directly to a real person who would help them overcome their fears about Internet security. Brilliant.

Over the years, I noticed that this fallback feature worked its way down in prominence, and today I thought that it had disappeared entirely. Nope, it's still there -- it's just so buried that anyone who would want to use it is pretty unlikely to find it. To use it today, enter the last five numbers of your credit card and the expiration date, then check out, and you'll be given a special phone number to call and read a person the other 11 digits. (Splitting the number this way makes it a lot less likely that the person could make off with your card number -- and maybe that's the point?)

This made me wonder about the decay period of a fallback feature like this. Amazon has been around for a little more than a decade -- is there a ten-year effective life for transitional web technologies? How many people used that feature when it launched, and how many people still use it today? If anyone knows the backstory on this, I'd love to hear it.


tags:   | comments: 6   | Sphere It
submit:

 
Previous  |  Next

0 TrackBacks

TrackBack URL for this entry: http://blogs.oreilly.com/cgi-bin/mt/mt-t.cgi/4702

Comments: 6

  Yvette [05.31.06 09:22 AM]

My personal opinion is that features decay over time with the introduction of "the new hotness" as one of my fellow Amazonian employees would say. "The new hotness" in this case would be a new payment method that the public already views as "secure" and that the company wants to promote (ie - we as the public are being trained into paying direct from our bank account by banks, utility companys and e-commerce sites, thus the rise in prominence of the eChecks feature).



But this opinion is based on what I've seen in the web industry as a developer. It's not actually based on any backstory or metric from my Amazon employment. And it seems to be true for anywhere in eCommerce or even on the web... I've noticed a decline in options for people to view pages without JavaScript, or without Flash as broadband becomes more common. Companies make assumptions about their customer base and hope to find "the win" or the right balance between attracting new surfers to appealing to the internet-savy who think "that's just silly".



YMMV.

  Marc Hedlund [05.31.06 09:25 AM]

Ah, excellent point. I hadn't noticed that particular new hotness. Thanks for the pointer.

  Clark Slater [05.31.06 10:04 AM]

This comment has very tenuous relevance - but the problem with eChecks is that they are a gaping hole in the wall of modern banking security.

Every time you write a traditional check to somebody, they have ALL the info they need to run as many eChecks against your account as they wish.

Unbelievable but true. And perhaps most surprising of all, once you start seeing fraudulent eChecks appearing in your account, there is *NOTHING* the bank can do to block more eChecks from being presented to the same account and PAID!!

When (not if) this happens to you the only option is to close your account and open a new one. I speak from experience about this new Hotness.

  pwb [05.31.06 10:43 AM]

It's ironic since as you (sorta) point out that giving your card number over the phone is quite a bit *less* secure than putting it in online.

Regarding echecks, as I'm sure everyone is aware, Clark's experience is extraordinarily rare.

  M. Whitener [05.31.06 03:43 PM]

I co-developed an "e-commerce" website in 1996 that had the same feature. I don't know where the owner of the project got the idea, though. AOL visited us with the idea of buying the system, but later simply copied parts of it.

  Mia, e-shop owner [06.15.06 01:49 AM]

I think that the safest way is to send money orders via ensured mail. But then you'll have to pay for it and all the sence of e-commerce (it saves time and money) will be gone.

Post A Comment:

 (please be patient, comments may take awhile to post)






Type the characters you see in the picture above.