Attention Discovery Card: 2006 called. They want their PIN reset procedure back.

DiscoveryCard are giving human beings access to your PIN when they reset it. On top of this they actually call you and read you your new PIN *over the phone*.
In an age where SIM-swap banking fraud syndicates infiltrate mobile phone operators, I don’t believe this is a very prudent or secure thing for DiscoveryCard to do.

And the convoluted process also takes anything up to 48 hours. Welcome to the modern fast-paced world of technology.

I discovered this by having the misfortune of my PIN being blocked – something I’m not willing to take responsibility for either: VISA Online Secure/Verified by VISA was down on Tuesday as I attempted to make online purchases. This transaction failed a number of attempts before I gave up and called Discovery, to which I was redirected first to FNB and then back to another call centre agent who confirmed the stupid VISA verification service, which by the way only actually protects the bank – not the consumer, was down. It came back later in the day and I completed my online transaction.

Later that evening I may have mistyped the PIN once while paying my bill, and then used the correct PIN, but suddenly it was already blocked. I proceeded to try a few more times before I saw a flood of text messages about a blocked PIN – please contact Discovery during office hours. I know I used the correct PIN because it’s a new one and I had it written down. I suspect this is linked back to the Online Secure problems.

After trying the Discovery website and FNB online banking and getting shoved from link to useless link I became aware the PIN reset functionality that was previously available online was no longer there, although there were many stale and outdated links still suggesting the feature. So I called Discovery, gave them answers to the really basic security questions they use to verify one’s identity, and then was told a PIN reset had been requested, and would occur at midnight. I figured I could survive for an evening without this credit card, but the next thing I heard blew me away:

Within 48 hours someone from Discovery Card would phone me and read my new PIN to me over the phone!

But that’s my PIN! My PIN. MY PIN! The most personal 4 digits in my financial existence. How can they let some stranger see my PIN? And read it to me. What if I don’t change it? Then that PIN exists in someone’s memory. And what if the telephone line is not secure? Wait, I know the telephone line is not secure! Run that by me again: Someone will call and read you your new PIN. Haha, Get out!

This shocked me, so I asked Discovery about the insecurity of this process on Twitter:

and received this reply:

This is crazy. This is a human element introduced into a system that third persons do not belong in. Anybody with devious intentions could get a PIN out of that department easily. Surely these people go to lunch? Or they go home at night? They leave the building at some stage at least, and remembering a 4 digit number for a short period is trivial. Or one could steal a document. Or they could just phone the “wrong number” and give the PIN out that way. Or there are so many ways to compromise this system. And even if all the staff are 100% honest, they’re still susceptible to blackmail.

Previously one could just manage one’s PIN online. It was a simple secure transaction between you and a cool patterned printed piece of paper that cleverly concealed the PIN. Or it was between you and the computer. Nobody else’s eyes were involved or could get involved.

I can’t believe Discovery have stepped so far backwards. Honestly, it’s a joke.

But still, I guess I’ll wait for my PIN, and then change it at an FNB ATM.
What’s that? Capitec have a credit card account now? Aha.

politics Rants Web

Mmusi, we like you and your party, but stop trying so hard. Try smart.

Dear Mmusi Maimane,

You had us at “Hello”. Your wise and intellectual speech. Your dapper style. Your vision for an integrated and functional South Africa. Face it; as an English speaking pale male, you’ve got my vote. I simply don’t trust the ANC or the EFF with my country.

And to confirm it, you had one of your DA Call Centre Elves give me a shout, and I even (stupidly) admitted I’m supporting DA. So you’ve got my number, you know my support, you know my vote, you know I speak English.

But you keep sending me SMS messages, begging for my vote.
You keep automated voice diallers calling me, begging for my vote.
You send me messages, in Afrikaans, begging for my vote.

Why are you wasting all your electioneering resources campaigning to me with all this attention when you already know I’m pretty much a banked vote?

Rather go spend all that phone call and SMS money on t-shirts or food parcels or blue berets, or wherever you can beat the ANC or EFF at their own game. Somewhere it will make a difference. There’s no difference to be made by targeting me.

I’ve given you all you ever need to know about me, but you can’t even build a profile of me for a properly targeted campaign in my native tongue.

You claim to know the people, but do you, really?

Freedom Mobile Rants Technology

Dear MTN Retentions Department

MTN asked my reasons for moving to prepaid. So I told them.

Good day,

Although my technical experience with MTN has been excellent, I have had numerous problems in a number of other areas, specifically related to contract.

1) Price increase during a contract term.
I signed a contract with MTN to pay a certain price for service for 24 months. Half way during this period MTN then decided to raise the price. This is MTN operating in bad faith.

2) When my contract expired, nobody contacted me to offer any upgrade opportunities. Furthermore, I was made to pay an additional R85 for a lousy 300MB of data, something which previously had been included in my contract price.

3) Billing
The invoice and billing system remains a mess. The “Last 3 months Usage” regularly repeats the month. e.g my “Last 3 months” is Feb, Feb, Jan. Statements are not intuitive. Itemised billing is ridiculously overpriced.

4) Web usability
I have a plethora of different login details for all the MTN related websites. all have different login methods and randomly get locked requiring more time to attempt to unlock them. The websites are noisy and do not form a cohesive experience. Functionality is often hidden from the user. Also, massive overlaps of functionality exist which is completely unnecessary.

5) Apps
There are 2 MTN apps for iOS that I have installed on my phone. Both are clunky and poorly designed. They appear to have been created by amateurs. They are more hassle than useful. The one also has some ridiculous USSD verification that one has to go through every time one tries to access the app.

6) Preference to Prepaid
Most specials and reduced rates, data bundles, competitions, MTN Zone, and various other products are targeted specifically at Prepaid customers. Once a customer is locked in a contract, MTN don’t give a damn about them as long as they keep paying. I’ve been a contract customer for around 16 or so years and never felt I was considered more valued than a prepaid customer, which I should be. I can’t use the R200 value included in my contract to buy a data or sms bundle – I’m forced to pay out of bundle rates even when I have an airtime balance of R1000 or more.

7) SMS and Data costs
SMS texting should basically be free – it runs over a control channel and was never supposed to be a paid-for service. Out of bundle contract data prices are still very high on the MTN network. All data should be the same low price. In the United States I paid R400 for unlimited voice, text and data for a month.

8) Net Neutrality
MTN does not support Net Neutrality. I therefore prefer to be on an ad-hoc prepaid account to allow for easier migration to a more Net Neutral competitor should it become necessary.

Please be sure to credit my prepaid account with the remainder of my current airtime, data and sms balance when doing the migration. I have paid for the airtime. It is attached to this SIM/IMEI and I am entitled to it. A failure to do so could be in breach of the consumer protection act.


politics Rants

On e-tolls and bullshit

SANRAL stays on the Hate List with their latest display of arrogance and ignorance.

Apparently they’re revising the e-toll fees and structures, but from the scant details available, it’s all smoke and mirrors.

The new “fee cap” of R250 for light vehicles is bogus. SANRAL have been able to do statistical analysis on traffic patterns from invasively tracking our vehicles and are well aware that the majority of that class of users would spend less than R250 anyway.

The 30c/km number is nonsense, as the Government Gazette’d prices are a per-gantry price, not a per kilometre price. Which means they changed the wording, not the price.

The threat of preventing us from renewing our vehicle licenses without paying the outstanding e-toll balance is currently illegal. And it doesn’t solve the problem of eNATIS information being horribly inaccurate. Either way, the license renewal is more likely to go the way of the humble traffic fine – into the bin.

A 60% discount on outstanding balance, means people are still up to pay thousands of rands. And what about the people and companies who *did* register? They are being penalized for supporting the system. (Well, maybe that one is actually OK with me…)

30 free gantry passes a year is great if you’re over the age of 75. That’s about two visits to the city per year!
New monthly cap for accounts in arrears is just a nice way to say they’re gonna bill you up to three times your usage when you don’t pay.
This is once again a scam to rope people in. Once people sign up again, they just jack up the prices and everyone is bent over a barrel. Eskom style.
The inherent problem of cost-of-collection of e-tolls remains.

Sorry, Cyril, we see through your bullshit. You can go jump from a gantry.

Say no to e-tolls!

Computing Rants Technology

Collusion in ad-hoc mobile data bundle pricing?

The cellular networks seem to think we are all just as stupid as the government seems to think we are.

It is abundantly clear on these screen shots taken today from the Vodacom, MTN, and Cell C websites that they are either price-fixing or colluding, or deliberately being anti-competitive in their pricing for ad-hoc mobile data bundles. It must be more than coincidence they all arrive at the same prices for the same data volumes, yet each has a very different network infrastructure, backbone and peering configuration from the other.

I hate it when big corporates assume they are more intelligent than the consumer.