The day after Thanksgiving I went on a long road trip to eastern Wyoming. Total driving time: about 7 hours, each way.
At a gas station about 2 hours from home, on the way back, my credit card was declined. Apparently, fraud prevention algorithms at my credit card company had decided that it was suspicious for me to use my credit card out of state. This was rather irritating, since I’d just driven 12 hours on this same highway, using this same credit card to fill up the car, out of state, 2 other times in the previous 24 hours.
I used an alternate card and finished my trip. When I got home, I called American Express to get the card unblocked. (The block didn’t just apply to gas stations in Wyoming–once suspicious, the company wouldn’t let me buy gas a block from my house, either.) I spent 5-10 minutes working my way through an automated phone queue. It asked for several pieces of info to prove I was, indeed, the card holder–all 16 digits of the card, the 3-digit code on the back, last 4 digits of my social security number, phenotype of my dog… I had to call back twice–once because a family member asked me a question while I was fishing my card out of the wallet, and the system lost patience waiting for a response, and once because I pushed the wrong key and had no way to backspace.
Finally, on my third attempt, I got to the concluding challenge in this interview with mindless software: “Enter the first four letters of your place of birth.”
I was flummoxed. Of course I know where I was born, but which place did they want? I didn’t know whether this question was soliciting a city name, a state name, a hospital name… I hesitated. I guessed that city name was most likely to be the answer I’d provided to this security question in the past, but I can think of one or two accounts where hospital or state is what’s wanted.
While I was biting my lip, the system rejected my answer, and I was back to square one. I called in again and remained silent until I got routed to a live operator. She unblocked the card and offered to give me a link to an app that I could download, to make it convenient for me to unblock my card whenever this happens in the future.
Well, sorry, American Express–despite your cheerful customer service representative, you did not make a happy customer with this experience. If you’re going to challenge me when I go out of state, don’t do it at the end of a journey, when I’m up a creek without a paddle and all the potential fraud has already happened. Don’t make me wade through an automated phone queue that’s inflexible and hard to use, with no option to talk to a human. Don’t write a stupid security question that’s ambiguous. And don’t make me download an app to correct your mistakes after the fact. Just give me an email address or text-capable phone number where I can tell you I’m headed on a trip. Or ask me a challenge question at the pump; you asked me my zip code when I swiped the card, so entering the digits of my street address wouldn’t be much of a stretch…
I needed to register an LLC, so I went to the state’s web site, found the tax commission portal, and began the workflow. It requires a login. I’d done this before, so I was pretty sure I’d created a login already, but I had no idea what it was. I went through password recovery, entered the email address that I thought I’d registered, and was promised by the system that it had emailed instructions to choose a new password.
Then I waited.
No email came. Spam folder empty.
Sigh. Gritted teeth. I guess the system lied about sending an email, and I had never registered that email address. (Security nazis: don’t tell me the system needed to lie to prevent account discovery by nefarious hackers. The system could have said, “If you’ve given us an email address that we recognize, we’ve sent a message.” That wouldn’t be lying, and it also wouldn’t disclose info about whether a particular user exists.)
I started over, creating a new login. On the “Create Account” screen, I noticed that the site was proud of awards it had won. Hmm.
I entered my name, address, phone number, and desired password. The system pre-screened my password (gotta force dumb users to pick something robust!) and made sure I typed it the same way twice, then allowed me to press Submit.
Whoop! Sorry, Charlie. Your phone number wasn’t formatted correctly. You entered 123 456 7890, but we needed (123) 456-7890. Please try again. And oh by the way, we’ve erased both password fields and the phone number you provided, since you didn’t format your input correctly.
I eventually got everything just right, and “Submit” displayed an icon to show me the gears were turning. Then it took me to a screen that said this:
You’re sorry for the inconvenience? Hmm. I betcha you’re not as sorry as I am. If the site is down for scheduled maintenance, then why not tell me before I started that I was about to be interrupted? And why not tell me when the scheduled maintenance window ends, so I know when to check back?
I came back half an hour later. The site appeared to be up. I tried to enter my new login. I accidentally entered my email address instead of my username in the login field; I got two errors before I figured that one out. Once I logged in, I got to step 1 of the “Register an LLC” process before I saw the “Temporarily Unavailable” message again.
My phone’s battery was completely dead, so I hooked it up to the charger. I really needed to make a phone call, so I tried to turn it on once charging had begun. I had to hold down the power for 15 seconds or so before it reacted (why?). I saw the Android logo, waited till the phone completed its boot sequence, and lifted the phone to my ear.
Unfortunately, the act of moving the phone jiggled the plug enough to interrupt power for a split second, which triggered the phone’s uninterruptible 30-second shutdown sequence.
Why does it make sense to do a 30-second shutdown sequence if the battery’s totally dead? Certainly it’s not to preserve the battery. To save state, maybe? My user session had lasted all of 1 or 2 seconds; there was no state to preserve. Wouldn’t it be smarter to try to wait out a brief power loss, if you have nothing to lose?
You can probably tell that I’m frustrated. Of course life isn’t going to be smooth sailing all the time, and of course each of these lousy experiences arises from complex situations where engineers and business people had to make tradeoffs. Perhaps developing a smarter fraud detection algorithm at AmEx is too expensive. Perhaps a government website’s first priority is protecting privacy and not losing data, and creating user accounts is a less frequent process that they haven’t had time to polish yet. Perhaps Android phones would rather force orderly shutdown than risk OS corruption.
My beef is not that we make tradeoffs–it’s that we don’t regret them enough, communicate them enough, acknowledge enough the bad that comes with the good. And we pass the buck, way too often. The lowly “user” at the bottom of the food chain has a pretty lousy experience.
A Higher Vision
While I was writing this post, my internet connection kept dropping due to a snow storm. Look what I saw at the top of WordPress’s edit window:
Now that’s more like it! Plan for trouble. (It always happens, after all.) Notice the problem. Communicate it. Take steps to cope, without panicking or inconveniencing the user. I’m not super happy that my internet connection’s been flaky, but WordPress has a reasonably cheerful “net promoter” right now.
We MUST have a vision that encompasses this mindset in the software we build, because I believe software is getting ever more complex. Layer depends upon layer depends upon layer… If we write each layer using only the most convenient assumptions, the multiplicative effect of all those shortcuts will eventually make our users miserable.
I don’t want to use software like that, and I don’t want to write software like that, either.