Copyright © What The Hell? Security
There are 3 kinds of security in business: Good security, acceptable security and bad security.
Good security is the kind that works for the business and for the people who work in it. It aligns with universally known objectives, and is communicated in a way that motivates people to do the right thing without instilling fear or evoking rebellion.
Acceptable security is the kind that everybody would rather not bother with, but are willing to because it’s necessary for the good of the business.
Bad security is the kind that irritates the hell out of everybody for no good reason.
Some airline that I mostly like recently charged a couple of flights to my credit card. Flights that I assume had somebody’s butt in a seat. Only because I claim that it wasn’t my butt, they won’t tell me whose butt it was, or in what city the butt walked off the plane. Better yet, their website claims not to even have the credit card on file. So I’m having to work this through the issuing bank, which happens to be Chase.
Is it fraud? Who cares. There’s no evidence to support I made the purchases so I won’t be paying for them. But you wanna know what really annoys me? Twice Chase has sent me an email (see picture) that says click here, then login there using such and such username and a password sent in a separate email.
Twice I have not received this separate email. Why? Again, who cares. There’s no evidence to support it was delivered. What I care about is why Chase bothers with two email security strategy at all. It’s not like they’re sending it from a different source, or to a different destination. It’s not like with snail mail, where they send two letters a few days apart, figuring the likelihood of your mailbox being robbed on both days is lower than it being robbed on one day.
So let’s take inventory. Customer (me) is irritated by unauthorized charges. Chase repeatedly devotes the time and energy of their stern-of-voice staff to phone me wondering why I’m not paying the charges. Customer (me) is more irritated by the phone calls. So far it’s a lose-lose stalemate.
All in the name of security. What the hell?