B&B goes to BB&B

I just got back from a week away, my seventh flying-out-of-town trip in the past three months. The household neglect finally caught up: I crossed the apartment threshold last night and wondered what kind of animal sacrifices had been going on. Apparently the target gods rejected them all and left the slaughtered bits scattered across our living-room floor.

In despair, I cancelled my Monday evening plans and resolved to spend the night attacking the house with Pine-Sol, the dustbuster, bleach and maybe some healing crystals.

Causing me particular angst was the bathroom. Our shower curtain has long been a cleaning bane: no matter what I do to it, a week later, it's covered in a fine layer of mold and dirt. This time, the dirt looked so advanced I was pretty sure it was not just sentient but actively pursing MENSA membership.

This dirt was going to take me HOURS to fight back. I muttered dark curses and checked my supply of sponges and 409.

Then, I had a brainstorm: Our much-hated shower curtains are actually just liners. Cheap liners. The kind of cheap liners you can buy for $6 at a ritzy overpriced Manhattan homewares store (*cough* Bed Bath & Beyond *cough*) or probably for 99 cents apiece at any decent dollar shop.

Why was I going to spend two hours (seriously, that's what it took last time, to get them not even clean but relatively fit for exposure to guests) attacking with nasty chemicals liners I could just replace quite cheaply?

And so, tonight, instead of heading home early to clean, I made a Bed Bath & Beyond pilgrimage and bought new liners for $12. The environmentalist in me felt vaguely guilty for throwing out something I could have cleaned and reused. The pragmatist on me snipped that I probably wreaked more environmental havoc with the rental car I drove last week, and suggested I shut up and enjoy the quick, easy and cheap solution.

Our bathroom is now vastly improved and probably no longer a toxic threat to all surrounding life forms.

The moral of the story: Sometimes, you can solve your problems by throwing money at them.

Nasty change to FICO scoring model coming

I'm late on this news, which I just stumbled across: FICO 08, the next update to the FICO algorithm used to compute credit scores, will drop "authorized user" accounts from its scoring model. This is going to screw a number of people, including me and David.

I've written before about how FICO scores are calculated, and how one of the faster ways to build a credit history or repair a damaged one is to become an authorized user on a credit card owned by someone else with a strong credit history. Authorized user accounts are distinct from joint accounts because the authorized user has no legal responsibility for the account -- they're given a card and can use it, and the complete credit history for the card (for all users) is reported to credit agencies and goes on the authorized user's credit record, but only the primary cardholder is legally responsible for paying the balance. If you don't want or can't get your own credit card, but do want to establish a credit history, piggybacking on another person's account as an authorized user has been a nice quasi-loophole.

In my first FICO post, I noted, "Those 'fast credit repair' services that splash ads all over the Web are scammy. There's legally nothing any third party can do to change your score." Oops. Seems some agencies figured out that they could increase clients scores by listing them as authorized users on "rented" credit card accounts in good standing. An AP article on the practice cites InstantCreditBuilders.com as one such agency.

One this practice started drawing press, FICO's creator, Fair Isaac, clamped down. It announced in June that FICO 08, which begins rolling out to credit reporting agencies (Experian, Equifax and TransUnion) in September, won't factor in authorized user accounts.

This could seriously torpedo David's credit score. David, sensibly, doesn't want a credit card -- he'd rather only spend money he knows he has. But a few years ago, I realised this had left him with no credit record whatsoever, and therefore, a low score. (Since credit-granting agencies want to know what kind of a track record you have paying back debts, you have to actually use credit to generate a record and receive a high score. Using no credit at all can leave you with as low a credit score as someone who has a trail of late payments and other credit problems.) So I added him as an authorized user on two of my cards and presto, score.

I suppose I'll tackle this by calling Amex and seeing if David can be made a full joint user on my Amex, which had pretty much already turned into a joint account anyway. Still, I imagine this change could seriously ding the people "authorized user" status was intended for -- young adults tagging along on a parent's card and spouses who don't maintain their own credit cards.

Why all the banks are suddenly asking security questions

I've grumbled before about the security questions banks are increasingly introducing as part of their anti-phishing online security measures. So many popped up so quickly I figured there must be some kind of regulation driving the floor -- and sure enough, there is.

It turns out that in Oct. 2005, the Federal Financial Institutions Examination Council (FFIEC -- an interagency federal regulatory body) adopted a new guidance policy suggesting banks use "multi-factor authentication," which is industry jargon for "more than just an ID and password."

Genuine multi-factor authentication systems draw on at least two of three different authentication systems: information the user knows (a password, a PIN, the answer to a security question), something the user physically possesses (an ATM card, a password-generating key fob), and something the user is (biometric identifiers like fingerprints or retina scans). FFIEC's guidance doesn't tell banks what system to implement, but it calls single-factor authentication "inadequate for high-risk transactions."
.
Security questions aren't true multi-factor authentication, because they rely on only one authentication axis, "information the user knows." The most pragmatic way to implement genuine multi-factor authentication for online transactions would be for banks to use geo-location tools or IP address locking to restrict account access to registered "home" machines. However, customers would understandably freak out about this -- travel and dynamic IP allocations would make it a nightmare. Issuing key fobs with dynamically changing passwords, a method some companies use to secure access to their internal networks, is another option, but also a complicated and costly one. I have financial accounts in at least eight places. Do I really want to try to keep track of eight password-generating gadgets? And do the banks want to spend zillions replacing them and fielding irate customer-service calls?

So, instead, banks are instead looking to comply with FFIEC's edicts with what the agency calls "layered security," which FFIEC considers sufficient to meet its requirements, even though it's not as strong as the multi-factor authentication it recommends. Banks were given until the end of 2006 to put systems in place, which is why so many went into place in such a short timeframe.

I appreciate that banks are making a genuine stab at protection by using esoteric questions for their verifications, but it's also getting massively frustrating. Today's rant was promoted by logging into my Providian credit card account and discovering that it now wants me to pick questions and give it answers. The problem is, I can't answer most of the questions it asks.

What was your favorite college year?

I have no idea, and how would I count college "years," since I took ten to finish my degree?

What was the last name of your first grade teacher?

I have absolutely no idea. I can barely remember the last name of my current boss.

What is your eldest child's middle name?

I don't have kids. David, does River (our eldest cat) have a middle name?

What is the middle name of your eldest sibling?

I don't have an older sibling. I suppose I can use this question and go with the middle name of my *only* sibling.

What were your wedding colors?

Wedding colors!?! They're kidding, right? People have wedding colors!?!

What is the first name of your grandfather (your mother's father)?

I have no idea -- all my maternal grandparents died before I was born, and my mom also isn't around to ask.

Sigh. I think I can scrape three questions out of these to answer, but just barely, and only by cheating (cats can count as kids, right?) and making up things I seriously hope I'll remember. This could get very annoying.

Today's GRR award winner: JetBlue

One of my first Birds & Bills posts was about how frequent flyer miles are a depreciating currency. The only motivation for airlines to make their frequent-flyer programs attractive is to please customers. Can anyone think of an industry worse at keep customers happy than airlines? With margins grim, fewer flights scheduled, and more flights flying at capacity than ever before, airlines have a financial disincentive to make those miles easy to redeem -- and the pain of redeeming them has long been a customer gripe. Blackout dates and small ticket allotments to miles-redeeming passengers are a chronic complaint.

So, really, I don't know why I expected any differently from JetBlue, except that I still sort of buy their marketing hype about trying to be a different kind of airline. About 18 months ago, I had a notably good customer-service experience with them: I was trying to fly to Boston (in December) the day a massive snowstorm hit. By 7:30pm, our 10am JetBlue flight was still grounded -- and I was officially no chance of making the 8pm dinner I was flying to Boston to attend. I opted to cancel my trip, and called JetBlue to see if I could get a refund. Which they gave, easily. Since my ticket was nonrefundable, I'd figured a credit for a future flight was the best I could hope for, so yay JetBlue.

This week, though, they are not dazzling me. Last year, I flew JetBlue a ton back and forth to the West Coast, and racked up enough points in their frequent flyer system for a free ticket (well, technically, two -- you get two one-ways, which can be used together or separately). JetBlue's frequent-flyer program is simpler than other airlines, but also stricter: you have one year to use points before they expire, and one year to use your free flight before it expires.

Actually using your free flight, however, is every bit as heinous as on other airlines. I don't know what kind of allotment JetBlue is giving per flight for points-redeemers, but it doesn't seem to be good. I've tried four times this year to use one of my free-flight segments -- most recently, for either a flight from Seattle to NYC anytime Sunday, August 12 or for a flight from Portland, Maine, to NYC anytime on Thursday, July 26. Both trips show plenty of flight availability -- multiple flights each day, still selling tickets -- when I search on JetBlue. When I search for award travel, though, it all dries up. Sorry, no flights available for booking. GRRR. What use are my points if I can't ever actually use them?

I finally, grumpily, used the points for the one flight from Portland to NYC that was available for award travel on Wednesday the 26th, a day earlier than I really wanted to book the flight. So, I did at least get my free ticket. But I am grumped about the limitations. It seems absurd that none of the four trips I tried to use the free ticket on worked out.

Which is why I think air-miles credit cards are for suckers. Air miles are one of the hardest-to-use, most-restrictive, most limited rewards systems going. In contrast, you never get the runaround trying to get your cash-back awards or redeem credit-card points for Amazon.com credit or restaurant gift certificates (my standard use of In NYC awards points). I'd rather pay cash for airline tickets and use my points for other, less fraught things.

When bad credit works to your advantage

Proper posting will resume sometime tomorrow, but until then, I thought I'd at least drop a quick line with a link to an article that amused me: "Some people can buy iPhone without 2-year contract"

It seems that if your credit rating is bad enough for you not to qualify for the two-year contract AT&T (aka Cingular) requires for the iPhone, they're still willing to take your money -- sans contract, as many cell-phone buyers would probably prefer. As Reuters put it:

The companies did not widely publicize that customers who do not pass its credit test have the option to pay for their service on a month-by-month basis, escaping what some consider a restrictive two-year plan.

If you don't qualify for the two-year plan, AT&T will offer you a prepaid plan. It's more expensive than service would be under a standard monthly contract, but it also doesn't have the nasty huge cancellation fees providers stick in those contracts.

I wonder if AT&T will let people with good credit go for the prepaid option, if they know about it and push for it ...