For the past 48 hours, I have been trying to give Dell Computer my money but it has been a very frustrating experience.  The story should read: I pick out my computer online, I pay for it with my credit card, they ship the computer to me and the transaction is complete.  It went nothing like this and in this blog post I want to show how online fraud and cybercrime has affected the honest consumer just trying to do business.  It’s obvious no one is counting these costs because I have never experienced something so broken.  As criminals get become clever in their ways, both vendors and consumers need to also evolve and this obviously was not the case with Dell over the past few days.

Day 1: I do my research and end up selecting a Dell computer, configure it just the way I want it, enter all my information and click purchase.  Within minutes I get a confirmation of the purchase and an estimated delivery of the unit.  The next action should be tracking the package and getting my merchandise.

Day 2: I’m at a coffee shop first thing in the morning and I open my email to find a message from Dell saying the ordering is being ‘held’.  1) while it is my first email , the subject says it is the 2nd notify.  WTF? And 2) the reason is that there are ‘difficulties processing payment for your order’ which we will later find out that was complete lie after speaking to my bank who had already authorized the purchase.

So the instructions say to contact Dell at a 1-800 so I do.  Person who I will call A.L. answers, gets my order # and asks me to verify 4 or 5 different things about myself and the order.  I answer all the questions correctly and then she says: “What I need you to do is to send me an email from your business account please.”   If you are paying attention so far, you will know that they already sent me an email which I validated with my call into A.L. So I tell her I am using my business address, it is the one I entered in the order, it is the one I used to get the number to call her.  She says (don’t laugh), no, that is your gmail account, I need you to send me an email from your business.  2xWTF?  I kinda lose it at this point and explain again that I use my gmail account for my business and she finally says ok ok ok, just reply with a statement that this is my order and that I confirm that the order is valid.  I make her stay on the phone with me while she confirms that she received it.  I ask if there is anything else and she say no, the order is no longer on hold.

Get ready to punch yourself in the face.  Approximately 5 hours later that same day I get an email explaining THAT THE ORDER WAS CANCELED!  The explanation being that they could NOT GET IN TOUCH WITH ME to “ensure the security of the transaction”.  Really?  Oh, wait, it gets even worse.

I call Dell again, give them my order number and explain to the agent that earlier in the day, I played 20 questions with a person that said the order was off a hold status and then just now received an email saying “ORDER CANCELED”.  She says “Oh, that is because your credit card company did not fund the transaction and cancelled the order”.  I asked “Are you sure because my other purchases went through”.  She says “There is nothing Dell can do at this point because you will need to work this out with your bank”   I thank her and say that I will get to the bottom of this.

Ring ring ring…I get on the line with an agent at my bank and ask her about this transaction.  She confirms the amount and says “Sir, this transaction was authorized a few days ago (the initial online purchase).  I ask her for the authorization number and she give it to me.  I ask if she would be ok speaking with the merchant because they just flat out lied to me.  She said no problem and was there to help.  (love my bank)

Ring ring ring…hopefully final call to Dell.  I get to an agent and explain the entire history of the transaction, and highlight the fact that I may want to speak to a manager because the last agent I spoke with lied to my face saying that the credit card company cancelled the transaction and I needed to start the entire buying process over again with another credit card.  They put me on hold….waiting…waiting…they come back on the line and say they will create a new order, and ship it next day for free.

You would think at this point, I would be done but it has been 12 hours from my last call with Dell and still no confirmation.  I will update the comments as this story unfolds.

So here is the deal, throughout this entire transaction, being the security person I am, I can name half a dozen places where little to no authentication was performed.  In fact, the first email that came to me from Dell could have been spear phished putting me in the position of divulging all my personal information to a bad guy.  What a mess.  You can really see the scar tissue that online fraud has caused Dell and unless they change their processes, more valid customers will experience what I went through.  I’m just trying to buy something from them.