Monday, April 02, 2007

The hard balance between security and usefulness

So i tried to book some tickets for coming back home from "III Jornadas de Software Libre de Albacete" organized by Linux Albacete. First i had the obvious look at coming back by plane, but there's no flight on Sundays from Albacete to Barcelona, so i went to seek other methods. One person of the organization made me think of RENFE, spanish's railroad company. So here i go, i check and see there is a train from Albacete to Valencia and another one one hour later from Valencia to Barcelona, seems good enough, let's buy the tickets.

First i notice is that i have to register, i never had to register to buy tickets for a plane flight, but well, no problem, let's register. Then i see you can not buy more than one ticket and once, so i have to buy the two tickets separately, causing the possible problem that i end up buying one and when i go to buy the other, there are already no more places available. Not a problem this time as seem to be enough seats.

After buying the ticket from Albacete to Valencia, i got a message saying that "As is the first time you buy a ticket from us you will need to go to a RENFE station and validate you are really who you say to be", hpmf, say bye to the comfort of buying things online if you have to end up going to the station, but as it's only the first time i can see they want to be on the secure side and be sure that the credit card number i put it's mine, i "could try" to understand this.

The biggest problem, is that i can't buy the second ticket, because i have still not validated i am really myself, so the system refuses to sell me a second ticket. That means at the moment i am with a ticket from Albacete to Valencia and that's all. This seriously sucks. So remember next time you design a system, security is important, but so is letting the system do what it is supposed to do, and that's selling me train tickets.


Anonymous said...

Will it let you register as another new user, or is it clever enough to recognise the card number on 2 accounts?

Paul Giannaros said...

And if that fails, just use another card? Horrible solution to horrible design, but that'll at least work

Jörg said...

I tried to book a ticket online with RENFE in 2004. At that time, the booking system was closed down every night. First time I encountered a online booking system with restricted opening hours :-)