I know what they're talking about... Amex used to offer a free smart card reader for your PC. Used with a smart Blue card and their software, it stored passwords and automatically entered them as you visited web sites. That's what they meant by "online security". The whole smart card thing never took off, and Amex discontinued it earlier this year, which the Amex people you spoke to should have known.

Instead, new Blue cards now have an embedded RFID chip that lets you wave the card at a special terminal instead of swiping it. They call it Expresspay. I'm not sure that's very useful, and I'm a little nervous about a card that can be read at a distance (even if it's a very short distance!).

Posted by: Larry at October 29, 2005 01:30 AM

As noted by the above comment, the AMEX Blue card uses a smart chip. While this addition has never really taken off in the US, it is quite common in European ATM's and shops (and I would assume in other places as well, Japan perhaps). Granted, it doesn't add online security like they dictate it should, but if the US had adapted it like in other countries the security would be increased significantly, because, unlike magnetic stripe cards, a smart card can never be re-written. I know this doesn't answer or help the situation at all, but it's just a thing to note. Perhaps RFID, despite its “Big Brother-esque” concerns, will take off in the US to answer the security threat of magnetic stripe cards.

Posted by: Chris B at October 29, 2005 01:50 AM

What's broken here is the response of the agent on the other end of the phone. They are so scripted and coached at this point that there is no room for humanity. Had they simply admitted they didn't know, and what they were saying really made no sense, you might not have been happy but you probably would have felt that you were heard. But, no, the brand must NEVER be wrong! Or human...

Posted by: Michael McWatters at October 29, 2005 10:04 AM

This same story - verbatim - was posted to the Snark Hunting marketing blog on Jly 10.

http://www.snarkhunting.com/2005/07/tangled-up-in-blue/

I think it's pretty broken to repost it here. Come up with some new material, why don't you.

Posted by: Andrew Tonkin at October 29, 2005 10:51 AM

@Andrew:

The submitter, Steve Manning, appears to run Igor, the company which publishes the Snark Hunting blog.

This BusinessWeek story says he is "managing director of Igor, a San Francisco naming-and-branding consultantcy."

He probably wanted it cross-posted here.

Posted by: w at October 29, 2005 11:54 AM

@Andrew:

According to this BusinessWeek story, Steve Manning, the submitter, is "managing director of Igor, a San Francisco naming-and-branding consultantcy."

Igor runs the Snark Hunting blog. My guess is that Mr. Manning wanted the story cross-posted on This is Broken.

Posted by: w at October 29, 2005 11:57 AM

My Amex Blue also used to offer a program for security on the internet (again, not using the vaunted chip): you could have a special, one-time use card number issued for a single transaction. Once that transaction was completed, that card number was no longer valid, so someone couldn't steal the number.

This seems to have been discontinued as well. Frankly, Amex Blue has no more security than any other card, and in some ways less -- the card check number that's printed on the back of Visa and Mastercard is printed on the front of AMEX, and many retailers don't even bother asking for it.

Yet, AMEX still promotes their products as having security features...

Posted by: Gene Cowan at October 29, 2005 02:24 PM

The chip sends magic fairy dust through your internet connection. The dust only gets sent if you're holding the card, so no one else can use your card number online!

lol

Posted by: sir_flexalot at October 29, 2005 02:48 PM

Look-

The chip controlls your thoughts. STUPID! When you have the card it alters your brain. You will be under the direction and controll of the illuminatti and tri-lateralists. If you all look you will find that Mr. manning will not live more then a few days after the loss of his card. Those that are seaperated from the collective will be terminated. His brain will cease to function without the chip's controll.

Posted by: Ron at October 30, 2005 07:30 AM

so its not Amex Blue its Amex Borg?

Posted by: unknown at October 30, 2005 09:50 AM

RESISTANCE IS FUTILE! YOU WILL BE ASSIMILATED!

Posted by: Bob at October 30, 2005 12:07 PM

If... you... are... an... un-au-thor-ised blue... card... u-ser, you... will... be... ex-ter-min-ated!

EX-TER-MIN-ATE! EX-TER-MIN-ATE! EX-TER-MIN-ATE!

Ohhh! Fresh cin-ne-buns at the Da-lek ca-fe-te-ria!

Posted by: Skippy the Dalek at October 30, 2005 07:50 PM

I think the first AmEx call center person should be fired for being rude to a perfectly normal customer:

Amex: Sir, I've already explained that the chip is for enhanced security purposes when making purchases online. Is there anything else I can assist you with today?

When they haven't explained a thing. And then:

Me: Can I use it to make purchases on the Internet?

Amex: That's up to you sir.

Outsource these jobs to someone who wants them, that's what I say!

Posted by: Interlard at October 30, 2005 10:57 PM

Hear, hear!

It's exactly the same in this country (UK) Interlard. Our call centre staff are rude and obnoxious people who sound pissed off and make you feel guilty for disturbing their gossipy conversations with their cubicle buddy. They're all wimps who have more days off a year with 'stress' than any other industry (probably).

In contrast, I have had no problems with call centres based in India. OK, they have a few problems with pronunciations sometimes, but they are more eager to SOLVE THE PROBLEM YOU CALLED UP WITH which is surely the most important thing.

Outsource the lot away from the bored slackers.

Posted by: Dan at October 31, 2005 04:00 AM

At one point several card companies were marketing these card readers you could hook up to your machine that would use the so called smart chip.

I had a Capital One card with a smart chip, and tried to make a purchase from a ticketmachine at Grand Central station on NYC. It wouldn't take, so I eventually waited in line and went to a window. I was told that the machines didn't take card with smart chips. A thief could have taken my card and gone berserk at Best Buy, but I can't buy a train ticket?

Posted by: beckett at October 31, 2005 02:12 PM

I had the same thing happen to me with Amex. I do not prefer their card anymore. I have a card with MBNA and they are the best i have ever used as far as customer service and cash back rewards.

Posted by: George at October 31, 2005 03:12 PM

I had the same problem with tech support about 15 years ago for a computer. I needed the password to unlike the disk image CD. They started asking me all these inane questions, I refused to answer them...eventually I got someone who could understand the statement, "I need the password for the 'disk image CD'"...

I did not need help rebooting my computer...I did not need help with my monitor...I did not need help remembering what folder Windows was in...

Posted by: Roberto at October 31, 2005 04:27 PM

What's broken is this guy thinking that showing up customer service agents is a sign of his intelligence.

Posted by: Matt T. at November 1, 2005 11:00 AM

Holy Cow (pun intended), Dan. You've gotten good customer service from India?

I have NEVER had a good customer service experience with Indians. They're some combination of:

- hard to understand

- wrong

Posted by: sparky at November 11, 2005 05:38 PM

hey, i agree with the guy who thinks the indians are wrong and hard to understand, and outsourcing jobs? that's crazy. some stupid idiot will hire some 2 dollar an hour indian people to talk so you can make a fast buck- then it's the president's fault for loosing jobs

NOW THAT'S BROKEN

the indians made me never want to have anther experience with dell- can't understand a word they're saying, they're feeding my lies, and dont help at all. THATS BROKEN

I thought to sign up for the small business dell acct, and I was readily able to speak to an american in the small business sector.

Posted by: craig at November 15, 2005 06:17 PM

The embedded SIM chips are indeed bunk - in the UK they've implemented a system called "chip and PIN" where the chip verifies a PIN number and "signs" each transaction using PKI; the chips are much like the SIM's in a GSM mobile phone. They were certain this would virtually eliminate offline fraud.

The result? Thieves stand behind people in line in a retail store to see their PIN, then follow them outside and mug them. Fraud still occurs, but is much more threatening to the consumer. And I'm sure the usual Comp.RISKS stuff applies ("but it must have been you, the PIN was there!")

With respect to "normal" security features, one plus with Amex being a single issuer card is that AVS checking (the street number and ZIP / postal code) is 100% reliable - AVS was intended for web and phone ("Card Not Present") transactions but I've noticed a sharp increase in Amex AVS usage here in the US for in-person transactions (Walgreens and Texaco both now do so).

The 4-digit "CVV2" scheme with Amex also appears to be pretty reliable, and we implement it in our (web) applications.

Posted by: Dave at November 17, 2005 04:12 PM

Fire the first one for being a snooty, malinformeed bitch.

Fire the second one while she's still human enough to recover!

Posted by: sharks at November 17, 2005 04:28 PM

The AMEX Blue originally was to support the client side of SET, which was a very complicated electronic payment protocol sponsored by Visa and Mastercard. Unfortunately the SET software Amex shipped with the free card reader didn't work. Even if it had worked, there were only a few merchants that accepted the SET payments... you could buy flowers in Germany and that was about it.

Posted by: ericm at November 17, 2005 04:45 PM

The call center people mentioned above are probably sitting in front of a computer. Based on what you say they press a button and the computer feeds them the next line to speak. So you're really talking to a computer with a person acting as the user interface. When you get a crazy response it's because that's all the computer was programmed/scripted to give you.

Posted by: Decline at November 17, 2005 08:21 PM

What is broken is that Amex will continue paying submitted charges and billing the customer even after the card has expired. I have seen chages continue for years after expiration. The word "expired" has definate connotations that Amex does not seem to understand.

Posted by: Richard at December 3, 2005 10:12 AM

Follow-up note: I'm not sure if it's compatible with whatever the Amex people use, but every Target store I've been to around here has card readers where you feed the whole card in, and it takes it like an ATM -- I'm pretty sure they have smart chip readers, and the idea as I understand it is that the chips have some active crypto processing that is intended to make the cards harder to counterfeit. I had always heard about it being used in Visas.

Of course, I'd like to know how much credit card fraud is perpetrated by bringing a physical, counterfeit card into a bricks-and-mortar store, then boldly handing it to a cashier or swiping it through a POS terminal, but that's another story.

As far as "added online security", there was supposed to be some kind of deal where you dock the card into a USB reader, the web site you're trying to buy from somehow (ActiveX control? Standalone app?) sends a challenge, and the chip on the card computes the response -- sounds to me like that actually *would* enhance online security, but I have a hard time seeing them sell all that extra hassle to the masses.

Posted by: James at December 29, 2005 06:00 PM

Chip, no chip... it doesn't matter. It's actually quite stupid because all credit cards have the card information encrypted on the magnetic stripe.

And if that fails you - the numbers are printed ON the card. Now that's secure.

Where does this leave the chip? 20 days in production...

-BROKEN-

And Target's card readers do not have smart chip readers... they do capture the image of the credit card though, including the signature.

Posted by: Laughing Outloud at February 7, 2006 04:12 AM