Can We Say “Duh?”

Munch's The Scream, which is what I'm doing right now!

Here’s the response I got back to my complaint to The Company that sets up new customer retail accounts (including credit card information), then sends the user name and password in an unprotected email to the customers (see the full story here).

Greetings Judy,

I shared your feedback back with our web manager. Currently our website is protected with 256 Bit Encryption. If you would like more information, you can click on the padlock on the site when you visit a secure area.

(Name of Individual), Communication & Customer Service Coordinator, (phone number)

*head explodes*

And that pertains HOW?

I called the individual who sent the email, and said I was even unhappier as it was obvious that neither she nor their “web manager” had even READ MY COMPLAINT or understood the situation.

“Clueless” is (sorta) cute when it’s a movie. It’s not cute when it’s a company and their employees charged with keeping customer financial information secure.

The interaction did not go well. Clueless Company’s representative tried to fish out The Company’s Obligatory Silver Bowl and wash themselves of any obligations to make that information secure.

Wrong. Answer.

I’ll keep you informed on what happens in Round Three.

Companies Need to Make Identity Theft Hard, Not Easy

Companies need to stop making identity theft easy for criminals!

This just makes me spitting mad. I created a new account with a fairly large and well-known company so I could purchase some items for us online. To my dismay, the company sent me cheery “Thank you for joining us” email that has all of my new account information–including the user name and password for my account.

AAAIIIIEEEEEEEEEEEEEEE!!!!!

What an utterly irresponsible business practice, one that makes identity theft a snap for even the most unsophisticated of online thieves.

*headthud*

This has become a real soapbox issue for me. I’ve had my credit card information stolen several times over the last decade. Every time it’s been by a criminal hacking into a company’s database. Companies need to get off their collective butts and take responsible actions to keep customer information safe at every step. Emailing a password to a customer as standard practice when creating an account is utterly irresponsible.

Few companies inform customers when their customer information has been hacked. Heck, according to my credit card company, retailers don’t even tell the credit card companies! It’s totally unacceptable corporate behavior. And it’s costing consumers a whole lot of money and time and energy to clean up problems that aren’t of the consumers’ making.

Zappos is a stellar example of a retailer that does it right. When they had a data breech last year, they immediately locked down all of their customer accounts. They informed customers right away about what had happened, and how Zappos was handling it. They kept customers informed, and put together a process that let every customer reopen their account in a secure fashion, with new passwords. Customers found out as part of this that Zappos had taken steps before any such breech occurred to protect customer data by separating credit card and other information apart, and encrypting it, thereby ensuring that if a breech ever did occur, the damage to the customer would be minimal. Way to go, Zappos!

As a consumer, I’ve made it a practice to contact companies when they’re endangering my identity and credit card safety. Less than fifty percent of the companies contacted take any steps to fix the problem. Guess who walks away from ever purchasing anything from that company again? Yup. Me. I vote with my dollars.

I sent the following email to the customer service division of Irresponsible Company, expressing my unhappiness regarding their business practices. We’ll see what–if anything–happens this time.

Hello,

I just created an online account with XXXX as a returning customer.

To my dismay, your “Thanks for registering” email contains both my user name AND my password.

Hello? Has no one at your company who is responsible for customer accounts ever been through a course on identity theft and customer security?

Sending an email is like sending a postcard through the US Mail. Every bit of information in the email is public. So you’ve just sent my account login and password out to the world.

As a retailer, you are charged with keeping my customer information secure. Obviously, this can’t happen with this business practice in place.

I’ve taken steps to secure my own customer account with you by immediately going in to the new account and changing the password. Hopefully, I won’t see a cheery email shortly telling me “you changed your password, and your new one is: _____.”

This experience doesn’t leave me with any confidence in your corporate practices regarding how you are safeguarding my credit card and other customer information.

Please let me know ASAP what steps XXXX is going to take, and by when, to correct this situation regarding emailing passwords for your customers. I’d also like your assurance that you have taken steps to protect credit card and contact information that you are gathering from your customers.

Best regards,

JAS

I’ll keep you posted on anything that happens in response.

Gee, I Had No Idea I Had A Business–and Employees To Boot!

Do you ever do that bit where you google your name, and see what wacko stuff comes up that’s supposedly associated with you?

Yeah, admit it, we all do…

Over the weekend, for giggles and grins, I googled not my married name, but my maiden name (which happens to still be my legal name, for various and sundry reasons having to do with when I was working way back before I became married).

To my shock, I discovered that I have a business!

Really? Wow, that’s news to me…

With 2 employees no less! And I’m supposedly getting a chunk of change from annual sales, as well!

It’s posted on the Internet, on sites that have obtained information from (supposedly) Dun and Bradstreet, so it must be true, right?

Yeah, right.

Before I go any further, let’s clear the record: I don’t have a business. Nope. Never have. It’s not even remotely possible for me to even fathom, given my level of disability. Sheesh.

Me having a business is as likely as me being the Easter Bunny or Santa Claus.

Geez, Louise, where do these sites get this nonsense?

It took a bit of detective work on my part, but I think I’ve figured it out. It’s a crazy tale indeed–and one tied to the insanity of what happens when someone like me becomes disabled.

First thing to know: when you are disabled, stuff like health insurance doesn’t pay for someone to take over all things you used to do to keep a household going. Nope. It pays for “medically necessary” caregiving, which boils down to stuff like getting a catheter changed if you require one and don’t have anyone in your family that can be trained how to do that.

That means that if you need trifles done like laundry and picking up prescriptions (get the picture?), you hire someone to do that, usually as a household worker, or you hire an agency to do that for you.

If you hire a household worker, and you’re scrupulously honest (like most average Americans, not like the silly wealthy people you read about that hire a nanny and pay cash under the table and then, duh, are shocked when they rightfully get their butt kicked by the IRS for it), you have to do all kinds of things that an ‘employer’ does, even though you aren’t running a business–and even though you’re paying out money, not taking money in.

For example, in Wisconsin at least, you must have worker’s compensation insurance for that person, and pay quarterly unemployment taxes. If they’re going to use a car to run errands (like when getting that prescription), then you need to make sure you have car insurance that covers them during the hours they’re working for you. On the federal level, you have to pay Medicare and Social Security taxes for them. You have to file a W-2. You must also file a “Schedule H” with your yearly personal income taxes every year that you have a household employee (the Schedule H is the IRS’s ” Household Employment Taxes” form — designed just for these types of situations). Everyone must do this, incidentally, who hires an individual (not an independent contractor or business) to mow the lawn, or baby-sit kids, if they pay that person (2010 threshold) more than $1700 a year.

Trust me on this, it’s a total pain in the butt, especially if you’re like me and want to make sure you always do everything honestly. You can pay out as much in insurance and taxes to the government to have a person run your washing machine as you pay a person to actually do the task. And you can’t claim any of it as a medical expense–it’s another one of those hidden costs of being disabled. However, when you become fully disabled, it’s really the only choice you have, unless you hire an agency. Those, however, are way more expensive, and you have much less control over the quality of the people that are going to come breezing into your life to help with the tasks that you can no longer do yourself.

Still with me? Good.

Now, here’s the next complication. You can’t get the state-mandated worker’s comp insurance for that 10-hour-a-week laundress, or file required state unemployment comp taxes (or many other things involved in having a household worker), unless you have something called a FEIN: a Federal Employer Identification Number. The federal Schedule H also asks for a FEIN, although apparently a social security number can be used on that form instead. However, in Wisconsin at least, the State gets confused trying to match its records, which it bases on the FEIN, to the IRS’s Schedule H if you fill out the Schedule H using your SSN. And then lots of people get their knickers in a knot trying to straighten it out. So, it’s dumb to use the SSN on the Schedule H and end up making everyone testy.

But… how does all this fit with web sites claiming I have a business? Ah, Grasshopper, read that acronym again: FEIN. Federal Employer Identification Number.

aHA!! Ding! Now we’re closer to solving the mystery of “my” phantom business!

If I have a FEIN, I must be an employer, right? Which means I have a business, right?

Wrong.

From what I can figure out, companies harvest FEIN information and then sell it. No distinction gets made as to whether a FEIN is a “real” business or is, as in my case, simply an individual who is disabled and had to jump through about a bazillion hoops to have someone pick up my prescriptions.

Apparently, companies and sites harvesting this information aren’t doing any checking to see if the information they’re publishing is even remotely accurate in other ways, either. For example, my phantom business lists me as having almost six-figures of yearly sales. Wow! Who knew? I wonder what I’ve supposedly been selling? Phantom Fairy Dust? The inaccuracy becomes excruciatingly even more ridiculous as I haven’t even had a household employee for years, not since a family member became my full-time caregiver.

The icing on the cake? There is no way to remove this ridiculously incorrect information from these websites. There is no way to stop the FEIN information from getting misused, misconstrued and propagated throughout the web in this fashion.

Argh.

It’s ludicrous.

Chippie: R.I.P.

Chippie

Dear Neighbor,

Today, when you were busily squirting (what I presume was) weedkiller around your yard to kill off little stands of Public Enemy Number One (to the uninitiated, that would be “dandelions”), you also nailed a chipmunk.

It had been bouncing about, as chipmunks do, scurrying back and forth across the street all day.

After it ran right across the area you had just sprayed, it managed to stagger back across the street, had massive convulsions and died (after suffering horribly) a few moments later in our yard.

Yes, there are lots of chipmunks in this world. What’s one chipmunk?

Well, let’s see, it’s a mammal — like us humans — and reacts to poisons the way we do, and that should raise at least a little warning bell, don’t ya think?

I do.

Tonight, I for one am massively pissed off at everyone who feels that it’s fine to poison their yard “because it doesn’t harm anyone” and who says, regarding the use of pesticides, that “it’s my property so I can do what I want.”

Tell that to all the chemically injured who are harmed by the pesticides and other chemicals used around them. Tell that to the Gulf War vets, who were poisoned by pesticides. Tell that to all the women who have suffered breast cancer and second-hand infertility from pesticides (as well as from other chemical exposures). Tell that to the mutated amphibians, the reptiles and mammals, the birds and what seems like just about everything living that’s negatively impacted on one level or another by these chemicals–even if they aren’t killed outright.

Tell that to the chipmunk.

Oh, wait. You can’t. It’s dead.

Fish Thieves? FISH Thieves?!

Yesterday was a really bad bottom feeding scum sucking day. You know it’s bad when the state park’s game warden stopping our car and interrogating us to see if we’re illegally fishing is the BEST part of the day. “Well, officer, unless one of your fish decide to jump 40 ft out of the lake, through the passenger window and into my lap, it’s unlikely that I’m fishing as I’m DISABLED and the shoreline is INACCESSIBLE.” Gahh!

He actually turned out to be a really nice guy and a lot of fun to talk to once he realized that little clues — like the well-worn crutches tucked by my seat in the car and no fishing gear and maybe, just maybe, our total lack of guile and dumbfounded astonishment– backed up our answers… but still, that’s the highlight of my day??

*sigh*

This, btw, is the fourth time in two years that Michael and I have been interrogated by state park rangers or a game warden just for sitting in a designated park area in our car to watch the scenery or wildlife. It is, unfortunately, apparently “suspicious” nowadays to remain in your car and look at things, or take photographs of plants and wildlife from your car.

*double sigh*