Sunday, January 08, 2006

Corporate Brilliance, Part XXVIII: Large Financial Institutions

So I received two interesting letters in the mail the other day: one from Bank of America, and one from H&R Block.

For those unfamiliar with my finances (i.e., everyone but me), I should establish that I have a standard checking and savings account at Bank of America (the latter of which has a balance of $39.26, because, like any remotely savvy individual, I stash the bulk of my liquid savings in an ING savings account). The only reason I have this savings account with Bank of America is because it's a leftover artifact from my FleetOne combined checking/savings account from years ago, and I've been too lazy to close it.

As for H&R Block, I filed my federal taxes online with them, since it was free (although I am baffled why I still can't e-file my state taxes... like, aren't I SAVING them money by doing it electronically???)

Anyway, onto the fun.

Bank of America

I can quote the letter I received as saying the following:


Dear Brian:

Because you are a valued Bank of America customer ... beginning on or after February 6, 2006, your savings account may incur monthly maintenance fees and excess withdrawal fees.


Wow. I feel extremely valued. But it gets better:


The monthly maintenance fee on your savings account is $3. You will not receive this fee if you:

  • Maintain a minimum daily savings account balance of $300; or
  • Set up an automatic transfer of at least $25 per month from your Bank of America checking account to your savings account.



Okay, so if I'm reading this right, all I have to do is setup an automatic transfer (say, on the 20th of the month) from my checking account to my savings account for $25. Fantastic. Now, what happens if I setup another automatic transfer (say, on the 21st of the month) from my savings account to my checking account for $25? Well, clearly, since I've satisfied requirement #2, I should incur no monthly fee, and yet the net transfer into my savings account for that month is $0.

So in essence, all that Bank of America has imposed on me is maintaining a minimum balance of $25 in my checking account, but only on the 21st of the month. Ironically, the reason that I will close my savings account this week will not be because of the looming specter of monthly fees, but rather because whoever came up with these requirements (ostensibly to recover the cost of maintaining low-balance accounts) is a complete idiot. And I will be sure to point that out.

H&R Block

A couple of weeks ago, I received a CD-ROM in the mail from H&R Block that was a copy of their TaxCut software, which I can use to e-file my federal income taxes this year. Seeing as how I'm not even going to see a W-2 for at least a month (to say nothing of actually starting the filing process), I set the CD case aside on my desk, where it joined the existing Pile of Crap[tm].

Now, a few days ago, when my mail included an envelope (marked "IMPORTANT!") from H&R Block, I assumed it was just another tree-wasting reminder that I should file my taxes as soon as possible using my TaxCut software. Rather, it contained a conciliatory letter that went something like this:


Dear Brian:

Recently we mailed you a free copy of our TaxCut(R) software... Due to human error in developing the mailing list, the digits of your social security number (SSN) were used as part of your mailing label's source code, a string of more than 40 numbers and characters. Fortunately, these digits were embedded in the middle of the string, and they were not formatted in any manner that would identify them as an SSN... As a result, we believe the exposure of your SSN digits was limited to you alone, since you are the only person who would recognize their significance.


Okay, so let me get this straight. You're apologizing for divulging a highly sensitive bit of my identity out of one side of your mouth, but out of the other, you're saying it's no big deal. And on top of that -- GENIUS -- you've just basically informed me that, if I go down to the mail room and look at a certain section of anyone's TaxCut mailing label (which I would have otherwise dismissed as irrelevant gibberish), I will know their social security number.

So, essentially, by calling attention to something that's not really a problem to begin with, you've given all of your customers the means to steal each other's identities. Bravo.

By contrast, consider another large company that frequently has to deal with admitting and handling security flaws: Microsoft. When it was discovered last week that a hacker could embed malicious executable code within an image (which, by the way, really makes me wonder what the hell they were thinking when they designed their graphics engine), they didn't send a letter to all 872 billion users of Windows that said:


Dear valued Microsoft Windows user:

Your security is of paramount importance to us, which is why it is important that we share the following information with you. If you compile the enclosed source code using your favorite C++ compiler (preferably Microsoft Visual Studio 2005) and post it on the web as an image, you'll be able to take complete control over any computer that views that image.

Microsoft profoundly apologizes for any inconvenience caused by this bug.


Yeah, that wouldn't have gone over so well.

In conclusion:

KANO. WINS.

No comments: