Deprecated: Function set_magic_quotes_runtime() is deprecated in /home/mwexler/public_html/tp/textpattern/lib/txplib_db.php on line 14
The Net Takeaway: No Confirm from Equifax?


Danny Flamberg's Blog
Danny has been marketing for a while, and his articles and work reflect great understanding of data driven marketing.

Eric Peterson the Demystifier
Eric gets metrics, analytics, interactive, and the real world. His advice is worth taking...

Geeking with Greg
Greg Linden created Amazon's recommendation system, so imagine what can write about...

Ned Batchelder's Blog
Ned just finds and writes interesting things. I don't know how he does it.

R at LoyaltyMatrix
Jim Porzak tells of his real-life use of R for marketing analysis.






No Confirm from Equifax? · 07/27/2006 11:35 AM, Marketing Personal

Equifax, the big credit database, has made a deal with Paypal to offer basic “credit alerts” for free to give an early warning if someone is snagging your identity. As this usually costs some bucks a month, I signed up.

(An aside: it was mentioned in a mail from Paypal. As its one of the few Paypal mails that didn’t get junked as a phishing scam, I read it. I admit, its getting harder and harder to tell the legit ones, but its worth reading them when you get them. After all, it is your money in a completly non-regulated account, so its worth seeing what they will do to you next. Oh, you didn’t know Paypal wasn’t regulated like your bank? Check out Digg at PayPal: Not as safe as you think!).

Anyway, signing up is a multistep process. They ask you to multiply verify password, a couple of ways of identifying you (SS#, birth date, etc.), and also ask for a security question with the usual responses (favorite pet, high school, whatever).

Then, they pull some stuff from your credit record and ask you to verify it: You recently opened a credit card with which bank from the list below, or whatever. Then, when you complete that verification, you are done. Not a bad process; you verify data only you could know (assuming someone hasn’t already grabbed your bills from your mailbox, a federal crime).

So what’s missing? They don’t confirm the email address. They have one box to type it in (they don’t ask for it to be typed twice to catch typos), and there is no double-opt-in confirmation sent. They send the usual “you are signed up” with no need to read or click on anything… but what if I had mistyped my address?

What if the very alerts I need to know that someone is snagging my credit are going to the wrong address? Where have they verified that I actually own the address I typed in? I know, the techies never make mistakes, but honestly, the rest of America has been known to flub a letter or two.

For most cases, double-opt-in is a waste of the user’s time. (Every anti-spammer in the room gasps… but its true. Confirmation requirements should vary with the importance of the information requested. A lack of recognition of this basic fact continues to hold back confirmed-opt-in progress.) If a consumer really can’t live without mails about ketchup, then they’ll sign up again if they don’t get them; its not life threatening. No need to make them jump through hoops just to learn that ketchup now comes in 1 gallon sizes.

(BTW: Hey form designers: Learn how to use the tab order feature so the tab button works correctly. Make your input boxes larger than 3 characters, and make them 12 points or more. If I have to squint to see if I typed info in, its going to be wrong. If you make state a dropdown, put it before the zip code. Don’t require a 2nd address line, just offer it. Jeez.)

But Equifax is a different story. Every angle, every opening should be shuttered. Any user data should be verified to make sure the person is who they say they are. And in a service designed to refute identity theft, not verifying the email to which reports will be sent is a crime.

Its sloppy, its dangerous, and most of all, it shows an extreme lack of caring. It implies that they threw up this service to shut people up. Why should they care if the emails never get to me alerting me about problems; that’s one less case they have to deal with, and after my ID is stolen, the can say “we sent alerts to the address you typed in, its not our fault.”

So, this is one case where Equifax should be confirming email addresses of everyone who signs up. Its easy to do, just do what pretty much any open-source list-manager program does (include the hash, make the user click on the button on the landing page as well, etc.). Treat it seriously and so will your customers.

But laugh it off like you do with this form, and you demonstrate the continued callous nature of so many database aggregation companies.

To you, I guess we really are just a bunch of numbers, now with some text fields thrown on the end.

(PS Gratuitous and obvious quote from The Prisoner left off intentionally.)

* * *


  1. Excellent rant. Where do you get your time? Don’t you sleep?

    andrew    Jul 29, 04:47 PM    #

  Textile Help
Please note that your email will be obfuscated via entities, so its ok to put a real one if you feel like it...

powered by Textpattern 4.0.4 (r1956)