A couple weeks ago you may recall a column I wrote about how Orbitz, the Internet travel service, lost all my personal data including my on-file credit cards. Well most of this lost information is now back and I want to update the story.
I’m a long-time Orbitz user with enough frequent flier miles that they ought to care about keeping me happy. And it turns out a number of Orbitz employees are also my readers, so that helps, too. After that column appeared the company put some real effort into figuring out what had gone wrong and trying to fix it.
What happened, it turns out, is that I had tried to book a flight without first logging-in to my account. The way the system works Orbitz would very much prefer if you sign-in first, but if you don’t they don’t require a sign-in, though in retrospect I wish they did. Forcing me to sign-in would have saved a lot of trouble.
If you try to book without first signing-in, Orbitz will let you go ahead, but wisely won’t allow you to use any credit card data that’s already in the system. This is intended to keep someone with a little bit of knowledge from using my credit to pay for his or her spring break.
This all makes sense but the way the credit card data is held in encrypted form the only way Orbitz can get rid of it is by GETTING RID OF IT — nuking forever the payment data held in their system for, in my case, maybe 10 years. It’s gone and they can’t get it back.
I’m not so bothered by this because I now use only a debit card (living in the real world) so there was only one card number to replace, which I had to do personally.
But remember that I lost other information from the system, too, like my seating preferences (window) and frequent flier numbers with four airlines. Losing THAT data was a bug according to Orbitz. It shouldn’t have happened. They are working on it.
So I started the dominoes dropping by trying to make a reservation in a hurry, but among the repercussions of my actions was a real bug that has probably affected other people, too.
My preferences and numbers are all now restored (by Orbitz) though I now seem to prefer aisles.
Things are almost back to normal in my travel world.
The proper way to write software is to always assume that users will do something wrong. You should use variouis traps to catch these mistakes (invalid input). Then, and only then, should the validated data be submitted to the main program.
It is also part of the “user friendly” concept to help users enter the proper data. So you give examples of the proper format for certain items, provide context sensitive help, and so on.
I use several e-commerce sites that will let you fill your shopping basket without logging in. However, they all force a login when you go to the checkout if you haven’t already logged in.
None of these sites throw your card details, etc, away as part of their delayed login process, though one or two got really confused when I was forced to use a different card when my original was invalidated by gas-station card skimming. Consequently, I’m really curious to know why Orbitz think trashing your card details is ever a good idea.
BTW, what happened to part three of Smith/Krugman?
Hey Todd, Bob should vet all his columns with you before posting. You went to the trouble of typing what we were all thinking.
Bob,
I agree with all the above comments regarding the statement of
> the way the credit card data is held in encrypted form the only
> way Orbitz can get rid of it is by GETTING RID OF IT
My reply to that is (family version) HOGWASH. If they have no other means of ‘protecting’ your data then to remove it from their system(s), they need to hire someone who has enough tech security to show them at LEAST 5 other options. The easiest is really simple, if you try to book a flight, they ask if you want to sign in. If you choose not to, any credit card info you choose to use cannot be in their system, they respond with a message of ‘invalid credit card number, please call ….’ message and let the user get to a person to sort out their issue.
If it is truly a stolen card, and the person calls in, the ops don’t get any other message either. If the consumer is the right individual, the op can ask them if they have signed in to their account, but nothing else. Additionally, an email can be sent to the cardholder notifying them of possible fradulent use and reminding them if they try to use a registered card without signing in, it is considered an invalid number.
All that can also be documented in their service agreement with the consumer.
Sheesh, this is so simple, it is embarassing. I feel sorry for the IT staff at Orbitz (and their users). If this is the only/best level of ‘security’ they offer their consumers.
Sorry if the above sounds like a rant, but it really gets my goat when I here ‘this is the only way’ and there is no valid reason for that to be true. I have been in this industry far too long and heard it too many times to ever blindly believe that statement. Especially when I personally (and I am not in IT security areas) can see other options.
Shame on you Bob for not hanging them out to dry for them trying to avoid culpability. They have a bad system design and they need to redesign/reprogram post-haste.
Well put excepting one detail…
> nuking forever the payment data held in their system for, in
> my case, maybe 10 years. It’s gone and they can’t get it back.
Huh? Which is it, forever or ten years? If they really purged the data, then it’s gone. If they can put it back after some period of time, then they didn’t really purge it. Are you saying that Orbitz won’t allow *you* to put it back for ten years? How does that protect you?
He means that 10 years’ worth of credit card data previously stored in their database was lost. If you read his first column on this issue it is clear.
Point taken, Steve. I took “payment data” to mean credit card information; “payment history” might be made things a bit more clear. And the point remains that this data apparently wasn’t purged, as Orbitz claimed it had been.
Pardon the double post, but now *I’m* not doing a very good job of making myself clear.
The article doesn’t say that the payment history was restored. My statement above refers to the fact that *some* of the data that Orbits claimed had been purged clearly was not since they were able to restore it. Are we now to believe that only the payment history was purged? What purpose would that serve if the rest of the data wasn’t actually purged?
Orbitz’s explanation still doesn’t pass the smell test. If they were able to store some of the data, presumably from backups, why were they unable to restore the payment history? I continue to believe their buggy software is destroying data and they’re not willing to own up to the fact.
Of course, this all begs another question: if someone who doesn’t write a highly visible blog experienced the same problem, what are the chances that his data would be restored?
That is an excellent point and one that crossed my mind. I often think about when I have customer service complaints and wish I had a blog with a vast readership to lobby on my behalf. It must be nice for Bob. 🙂
It is always amazing for me to see again and again how many 100% idiots can be software developers. Point in case are yahoo games (tried to get names of morons who were working on that yahoo project but was unable to find out) and majority of linux mostly projects on sourceforge.net (so called software developer writes 2 line code that there is no way to work,
posts it on sourceforge.net and calls himself software developer).
It seems to me that more education is required in this world to succeed generally but also it is much easier for total morons to get real high in career. Just look at politicians. Where the hell they come from and yet each single one has education.
God bless old times when you really have to be good in something to make living. Just try to be bad butcher or lazy farmer and make living.
Today education (even bad one) can get you good career with a little help from your daddy or some good friend.
Orbitz is probably same like Yahoo and Microsoft. If you have daddy or friend to get you in company awards you for lousy job with good salary and benefits.
I agree Todd’s last point in the 2nd article post about not ever using a debit card for anything online. You have virtually no recourse if a dispute arises. This would make a good topic for Bob to look into.
Glenn is correct, never use your debit card online. Here’s why – What I’ve heard is that if your Visa debit card number is stolen you have 3 days to stop it without liability on your part. With a Visa credit card you have 60 days. Blame congress and the credit card lobbyists for the difference.
The only thing I’m still confused about:
If you don’t sign in, how do they know whose data not to use?
DaveS asks:
> If you don’t sign in, how do they know whose data not to use?
I would guess there’s probably identifying information in a persistent stored on your browser — which, once again, would seem to me to be a good reason to assume it’s really you rather than assuming it’s a bad actor.
Bob — this issue is beneath you, boring to readers, and not worth the electrons to publish it.
I agree. But we just increased the comment count by 2, telling Bob he’s on the right track.
Russ,
I appreciate your comment, yet what I do when I come across an article that doesn’t excite me usually involves closing that tab. It’s a nice warning to those of us who use Orbitz. Not all of Bob’s articles are attractive to all people.
Alex
Many websites will let you pick flights or place orders for products and services, when it comes time to pay it is common for them to:
1) let you sign in if you already have an account
2) let you create a new account
3) let you proceed without an account
An interesting problem to doing this comes from the US Patent Office. It seems that in the dot.com era a lot of patents were issued on many minute operations of a website. Lets not forget the SBC patent Mr. Cringely questioned in his column about 6 years ago. When I read this column I did some research. Concepts like a shopping cart, one click checkout, and scores of other things have been patented. Creating a good website user interface is still very much an art form. It doesn’t help if you have to dodge patents too.
There are many examples of quirky websites. Try sending someone a LinkedIn recommendation without signing in first. In the past few months the good folks at Yahoo have improved their email service so much, it is now often barely usable. On the other hand Amazon has a very good web site. I give them credit for listening to their customers in the early days. They welcomed feedback and took it seriously. Over time they have evolved their website into a very efficient service. While user interface design is still an art form, one of the most powerful resources is feedback.
I am glad the folks at Orbitz listened and are taking steps to improve their website. I wish Yahoo Mail would do the same thing.
Man need not live by wesites alone. Real computers run applications.
I still can’t understand why you wouldn’t just log in before buying anything.
Some websites, like Amazon, log you in automatically and others prompt you to log in if you need to. Orbitz does a stealthy “let’s pretend everything is ok”.
Because websites don’t always cleanly log you out when you leave their site, exit the browser, etc. Yahoo has become bad at this recently. If you don’t log in there is less chance someone else can access your account. It is probably a good idea if websites did not make any assumptions on your identity before you officially log in. It would be nice if there was a consistent way to handle this stuff. But as I mentioned before, someone would patent it and prevent its widespread adoption. Every website is different and the developers may not always think things through.
I kept reading because I thought there would be some kind of insightful big-picture analysis of something, but nope. Ill give it one or two more chances, then this blog leaves my bookmarks.
I’ve found a new site that solves a lot of travel arrangements:
http://tripeedo.com/
Bob,
Your posts have quit auto-loading in iTunes, at least that’s my experience. I know you took some time off but geez – “where’s the beef” (I live in Ohio where we’re obligated to promote local-based businesses)?
Have you ever thought of turning the blog over to a trusted guest writer for those rare times when you’re on vacation or have some other pressing assignment? Other blogs that I subscribe to post at least weekly if not more often.
I’m not giving up. I’ve been reading your take on IT news and observations for at least 20 years.
Yet another Bob.
Bob,
In the above comment, I am referring to your podcast that always corresponds to a blog post. Have you stopped recording podcasts?
IMWK (inquiring minds wanna know)
(the other) Bob
I recently received an itinerary update from Orbitz regarding my honeymoon travel plans that had me arriving at a connecting airport 17 minutes after the connecting flight left. It was simple and quick to get resolved but you’d figure they’d do some basic sanity checking against their customers’ itineraries.