Mini techie rant

paddyrg

It's just a moan because I know it won't change anything, and it's in here because only techies will probably appreciate it...

I am fed up of payment processes implemented by idiots and muppets. Just been trying to join up to a martial arts class I did a sample class of last week. The only way to sign up (apparently) is direct debit which must be done online through a really poorly designed site.

It won't load up at all in Chrome (you have to enter some magic code for it to decide the prices you pay - won't work at all), so tried Firefox. Important parts of the site load up out of sequence, so 'find address from postcode' unhides a section higher up the form. That section makes you tick whether you want to pay any pro-rata charges by debit or credit card (direct debit not an option, even though you have to pay the monthly by DD. Don't worry, just to even things out in complication, you can't pay monthly by card either.)

The firefox form carries on loading sections out of sequence, so looking back up the form I think I've got it all right and go to 'review' to find credit card charges added on, no warning, no way to change it. Noticing a typo, I press the 'update' button which goes to the previous form ALL BLANKED OUT - start from scratch. Cheers, how helpful.

Finally get to submit the form, no confirmation page at all, just fresh air. 'Refresh' warns you not to refresh or you'll pay twice. No confirmation email, and frankly no clue as to whether I'm now signed up or not. Stupidest system ever.

I suspect the only way it would ever work is in IE6 with Java, or some other massive security risk. I can clearly see from the site design that it has XSS and possibly SQL Injection risks all over it. The tutors seem to think that making it hard for people to securely sign up isn't a problem. As fellow techies, I'm sure some of you will know there's little point even starting to try to explain to sporty types why IT payment system design is important...

I guess I'll just turn up tomorrow night and see if I get sent home or not? Sorry, end of moan.

Johnmcl7

It's something that baffles me because if I can't make payment through a website I'm not going to buy the product, it's quite straight forward. Yet the number of poorly designed error prone order/payment systems out there is truly staggering.

John

Sparhawke

I too hate ridiculous online forms that do not work, and companies seem to think they are being all forward thinking that they are online; thats hardly good when nothing works though.

And has anyone ever typed in their hotmail password wrong and you get that stupid captcha code box, the one that makes it impossible to distinguish lower case from upper case?

paddyrg

Why type your email address twice? Password makes more sense, it's a hidden field, but email address? Does everyone else just copy and paste?

Bad captcha's too, totally agree.

Anyone out there thinking of commissioning a fresh student or other cheap labour to make them a commercial Web site take heed! If the only way someone can give you money is by unsecuring their computer it isn't a great look for your company. And if your e-commerce solution involves a Web form that sends a credit card number by email, you shouldn't be trading online!

securityguy

Another giveaway that people are idiots is when you do the initial signup, and get a piece of email containing the password that you set. At this point, I run away: unless they're selling the elixir of life and the philosopher's stone for only ten quid, there are other companies selling the same stuff who aren't idiots.

In terms of payment systems, if they only take credit cards or DDs, I work through the form using the standard pathway, and if it goes wrong, I find another vendor. I'm slightly more forgiving with Paypal, because I've two factor authentication set up on it and I'm reasonably relaxed about someone screwing up a single transaction, so I might have a second bash at it if a Paypal transaction goes wrong. Otherwise, why give money to people who get it wrong, when you can give money to people who have gone to the effort to get it right?

Johnmcl7

paddyrg wrote: »

Why type your email address twice? Password makes more sense, it's a hidden field, but email address? Does everyone else just copy and paste?

I think having the second e-mail address box for verification is a sensible idea, I don't copy/paste as I'll put my hand up to making a typo when entering the mail address if I'm trying to rush through a form, copy/pasted it and then been in a bit of a mess trying to sort it out.

John

debitcardmayhem

Huh, even the big guys get it wrong , but hey Sky are pathetic. I was going on holiday so I gave them 38 days notice (the requisite 31 + 7 days) before my next DD was due to be processed. Of course three days later they tried to contact me to try to change my mind, no good I was away on holiday. Thus far they have taken a further 2 months of DD (in advance of course) and when I returned from the Hols they then said we will process your cancellation as of today's date (31days from today, the same day the July DD was processed) so I have paid two months for nothing, and the sodding help desk guru said I need to pay another day. Needless to say I how are you going to collect that. We will send an invoice they said, so I said as if I am going to pay that , see me in court. But you have to cancel via phone they said, so I said why , when I upgraded my package on the internet did I expect you to call me and say are you sure, nope you just took the upgrade fees from that day going forward. Let's see what response I get from the CEO Jeremy Darroch, not expecting much but never mind, small claims court, the Daily Torygraph etc may hear from me yet.:mad:

securityguy

debitcardmayhem wrote: »

Huh, even the big guys get it wrong , but hey Sky are pathetic. I was going on holiday so I gave them 38 days notice (the requisite 31 + 7 days) before my next DD was due to be processed. Of course three days later they tried to contact me to try to change my mind, no good I was away on holiday. Thus far they have taken a further 2 months of DD (in advance of course)

Why didn't you also cancel the DD with your bank? That's the clear strategy: give the organisation the notice they want, but also cancel the DD with the bank. Then if the organisation want to mess around, they either can't get the money or you're entitled to an immediate refund under the DD guarantee. If they believe that they're still entitled to the money, the onus is on them to pursue it.

chunter

It's the payment processors and not the shopping cart software that's causing the problems. It's that secure page where you actually type in the card details.

Smaller on-line shops will not hold card details on their server because it's just too risky (and /or expensive(https)), so they're reliant on the quality of the payment processor's implementation. Some of these interfaces are very agricultural and as such, integration with the shopping cart software can be 'basic'.

EDIT: If they've designed up their own shopping cart code and by implication, their own payment processor integration, they've spent a shedload of money and there's absolutely no excuse. These sites I would definitely avoid !

paddyrg

chunter wrote: »

EDIT: If they've designed up their own shopping cart code and by implication, their own payment processor integration, they've spent a shedload of money and there's absolutely no excuse. These sites I would definitely avoid !

Yep - it's one of those. Literally no backup pathways either. Insane.