Online billing done badly

Nov. 8th, 2008 02:14 pm
ewx: (Default)
[personal profile] ewx

0. You get an email from Virgin Media saying your statement's ready.

1. You click on the URL in the email.

2. It wants to know what your provider was called before it was called Virgin Media. You pick one of 'NTL', 'Telewest' or 'virgin.net'. In fact when I started this account it was already called 'Virgin Media'.

I happen to know that this used to be an NTL area, so I click on that and it seems to work, but if you weren't a dedicated follower of pointless branding churn among phone companies you might well not know this.

3. Click on the 'sign in' button. It takes AGES to load the next page.

4. I'm an existing user, so I click on the 'sign in' button. It takes AGES to load the next page and eventually times out.

4a) Hit reload. It works immediately this time.

(Yes, my internet connection is working fine, as loading other sites while waiting quickly demonstrated. It's Virgin Media that is broken here.)

5. Enter email address and PIN and click 'sign in'. This one's quick quick.

6. Click 'show me this bill'. Again quite slow although not as bad as steps 3 and 4.

There's no reason for steps 2, 3 and 4 to exist: the computer sending the email knows who you are (has to, so it can find your email address). So the link in the email could take you straight to step 5 and prefill your email address. Instead users are required to include three totally pointless steps.

Since the PIN's only 4 digits anyway you might as well include that in the URL in the email too actually and eliminate step 5 too. 10000 combinations isn't enough to deter a mildly dedicated attacker from breaking in and, er, maliciously paying your phone bill.

(Maybe it itemizes the longer phone calls, in which case the security of this system is of more interest. Personally my main uses of VM are TCP/IP and television.)

E.ON (a power company) do a bit better. But really any of plain text, HTML or PDF in an email would have been much better (PGP'd if they're worried about confidentiality).

Tags:
Flat | Top-Level Comments Only

(no subject)

Date: 2008-11-09 07:11 pm (UTC)
From: [identity profile] curious-reader.livejournal.com
That sounds like a rubbish Internet service. I have virgin for my mobile but just pay as you go. I have never had bills for my mobile. I had bulldog for phone and internet. They ripped me off and I just refused to pay their horendous amount I couldn't pay anyway. I am happy with a normal landline with BT where the bill is not online. The only thing that is online is 18866 which is just to get some cheaper phone calls on a Bt or other line. I have never had troubles with that. I am luckily not moving so often anymore either.
Flat | Top-Level Comments Only

Profile

ewx: (Default)
Richard Kettlewell
https://www.greenend.org.uk/rjk/

February 2025

S M T W T F S
      1
2345678
9101112131415
16171819202122
232425262728 

Most Popular Tags

Active Entries

Expand Cut Tags

No cut tags
Top of page