A Cautionary Tale

What follows is a cautionary tale about technology from a guy who knows just enough to be dangerous. When the internet started to become another way to purchase goods, I was on board with the concept almost immediately. I wasn’t too concerned with the security issues as I figured the vendors must be doing their due diligence. The advantages to buying on the web were endless in my opinion. Sure, you didn’t have to pay sales tax and you can buy at any time of day. And yes, you could see full product descriptions. But those weren’t the big selling point for me. You see… I don’t mind shopping, but I just don’t like people all that much. There are the rude shoppers who stand in the middle of aisles. There are the rude salespeople who push a product on you and hover over your every move. And finally, there are the traffic and parking issues that are mostly caused by people who shouldn’t be allowed anywhere near a steering wheel.

Now that we have established why I am a bitter old man, let’s move on with my cautionary tale. As soon as they could, all the big vendors were on the internet and selling. As soon as I could, I was on their sites and ready to buy. My first few purchases went smoothly, but there was an awful lot of typing… name… street address… city… state… zip… telephone number… cell phone number… fax number… email address… credit card number… expiration date… three digit code that nobody understands… shipping address if different from billing address… favorite color… names of unborn children… you get my drift. All done! Order sent! Item received! Then a terrible thought sets in… heaven forbid I want to order again from the same vendor two weeks later because if I do, I get to enter all this stuff again. Oh joy! This was not something my fat ass was ready to do.

Our friendly vendors on the internet heard our cries for help and established the concept of an account on their web sites. You have now provided me a place in your virtual store to put all my personal information so that I can reuse it over and over again. I love you all even more now! How do I access my information once I am on a vendor web site? I just need two simple items. The first is my user or logon ID and the second is the associated password. Done and done. I’m off and running as I create an account on every web site I would consider doing business with. To save time and brain cells, I make my user IDs and passwords the same for every account I create. Why shouldn’t I? It’s not like Lowe’s talks to Home Depot. They hate each other!

I am now replete with the knowledge that I have created a process which will preclude me from having to enter a mall ever again. In addition, I won’t have to worry that these mitts I call hands will continue to shame the folks at “Mavis Beacon Teaches Typing.” The good life follows as I get to buy what I want when I want it. I save money and time while avoiding the frustration that the common folk must continue to deal with. I am master of my domain.

My first few years of internet buying proceed without incident, but my blissful ignorance is about to be compromised. One day I received a call from my credit card company asking me to confirm a suspicious purchase made with my card. Apparently, I had purchased an Xbox at Amazon.com and had it shipped to my new address in Rye, New York. I live in California. I don’t know anybody in Rye, New York. I don’t even know where Rye, New York is. I assured the credit card representative that I had not made said purchase. For some reason, I felt compelled to explain why it couldn’t be me since I don’t even enjoy gaming, but I’m pretty sure the rep didn’t find that a credible reason to reject the purchase. She explained that the transaction appeared fraudulent, but wouldn’t explain why. I suppose I didn’t care as long as I didn’t get stuck with the bill. Disaster averted!

Two days later, another credit card rep calls to confirm that I have purchased an Xbox from Best Buy and again had it shipped to my summer home in Rye, New York. Why the hell do I need two Xboxes? If I did need two Xboxes, why did I buy them from different stores online? And finally, why would anyone summer in Rye, New York? All good questions, but none of them mattered to my credit card rep. He explained that the transaction looked fraudulent and that he wanted to confirm the transaction. I went through the same explanation that I had made two days earlier and the rep assured me I would not be charged and that the shipment would not take place. My new bestest buddy went on to ask me if I was using the same user ID and password on more than one web site and that if I was, I could expect several more Xboxes at my new summer home. Crap!

For those of you a little lost by my story, remember that within each account I created, I stored my credit card information. The card information is partially obscured… usually only the last four digits are shown… but all the thief has to do is select the credit card he/she wants to use and they are good to go. How did all this happen? Somehow, someway, I inadvertently shared my user ID and password with someone. I probably clicked on some email I wasn’t supposed to and logged into a fake web site with my user ID and password. Once the thief had success on one web site, they likely tried another site to see if the same information worked. It did! They probably laughed at the fool who was too lazy to set up different user IDs and passwords for each site. What moron would do that? That would be this moron!