![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
estiroseI'm going to put a tl;dr here and then most of the stuff under cut.
TL;DR: Pokemon Center website's anti-abuse is poorly programmed and blocks legit customers. There are way better solutions than blocking customers. Also, there should be a complaint process so that the customer service people who are supposed to be dealing with stuff like order and shipping issues don't get abused by irate people like me who can't get on the site. (Also, I behave badly, so yeah, I'm not innocent either.)
So here's the story of a slightly-into-Pokemon-person who ran across the nasty side of the PokemonCenter.com website. (When I say "slightly into Pokemon", I mean, I have 3 of the games and some favorite Pokemon. I don't play the CCG, I don't feel like I 'gotta catch them all', I've seen a few scattered episodes of the anime, and that's it.)
Now, I had just seen a video about the Gen 5 Pokemon sitting cuties line. I've bought that line before; I have a Murkrow and a Honchkrow to show for it. Figured I'd take a look, check pricing, buy next payday. The Lilipup line is from that gen and I wanted to see if the Stoutland was the same price I'd paid for the other plushes I'd gotten.
Except... every page was blank. Not completely blank, but the actual items for sale weren't loading. I didn't want to disable my adblocker for some reason so I fired up a 2nd browser (Konqueror). (I would later find out it didn't matter; for some reason the Pokemoncenter site just didn't like Brave that day.)
...And that's when I was blocked. Couldn't get onto the website at all.
As near as I could tell, it was likely a combination of me going through the pages a little quicker than usual (I was trying to determine if it was just that page or the entire website) and then firing up Konqueror.
Being the technically-minded person I was, I fired up a search to see if this was a recent problem and how it could be resolved. To my dismay, I was finding "oh, the Pokemon Center website blocked me randomly lol" dating back to late 2020. All that anybody was getting out of this was that the defense mechanism to keep vendors from buying up stock was hitting people who may have been paging through the website a bit too fast.
Now, I have no issue with a company trying to stop abuse of their website and I certainly support putting in measures to prevent it. That being said, here's the problems I see:
In other words, me hitting up the site a couple of times and then switching to Konqueror could have been me turning to a person in my household and saying "hey, I can't access this, can you check if this is just my computer being weird?"
So, I turned to the support site. Unlike the main site, the support site is not blocked. Open a ticket because hey, I wanted to see if I could get to somebody useful. (Spoiler alert: I did not.)
Here's how the conversation went, more or less, with paraphrasing:
"Hey, I can't get into the site, here's what happened." (List out my steps)
"Sorry that happened, just be patient and you'll get access back."
"Look, it's not your fault, but I am very frustrated and I would like to talk to someone about it."
"We're sorry you're frustrated! Be patient, you'll get access back within 72 hours! Be assured you are a valued customer"
"72 hours is not an acceptable block and is terrible customer service. Can I please have a mailing address where I can complain?"
"Nope! We only communicate via tickets."
"Okay, a web developer?"
"Nope, sorry. Just us."
"This is unacceptable. I don't feel like I'm being heard. Can I please talk to someone with authority?"
"Nope."
"Okay, this is going nowhere. I am pissed off and I will no longer be buying from this site."
"Too bad. Don't let the door hit you on the way out. By the way, you can never complain about this ever again to us." (Okay, it was more like, "We're sorry you've chosen this. We are closing this ticket out and we will close any other ticket you make about this issue out." but it felt like it!)
(Yeah, I was really pissed off at that point and very very rude. If you do support for PokemonCenter and ran across an IT person with a customer service background that kept demanding to reach out to someone, anyone, then said "fuck it", I apologize!)
So, here's how I would fix it if I was running something similar:
So... I got nowhere, I can't tell them how to fix their site, and they don't care. And that is a lesson on how to not run an e-commerce website.
TL;DR: Pokemon Center website's anti-abuse is poorly programmed and blocks legit customers. There are way better solutions than blocking customers. Also, there should be a complaint process so that the customer service people who are supposed to be dealing with stuff like order and shipping issues don't get abused by irate people like me who can't get on the site. (Also, I behave badly, so yeah, I'm not innocent either.)
So here's the story of a slightly-into-Pokemon-person who ran across the nasty side of the PokemonCenter.com website. (When I say "slightly into Pokemon", I mean, I have 3 of the games and some favorite Pokemon. I don't play the CCG, I don't feel like I 'gotta catch them all', I've seen a few scattered episodes of the anime, and that's it.)
Now, I had just seen a video about the Gen 5 Pokemon sitting cuties line. I've bought that line before; I have a Murkrow and a Honchkrow to show for it. Figured I'd take a look, check pricing, buy next payday. The Lilipup line is from that gen and I wanted to see if the Stoutland was the same price I'd paid for the other plushes I'd gotten.
Except... every page was blank. Not completely blank, but the actual items for sale weren't loading. I didn't want to disable my adblocker for some reason so I fired up a 2nd browser (Konqueror). (I would later find out it didn't matter; for some reason the Pokemoncenter site just didn't like Brave that day.)
...And that's when I was blocked. Couldn't get onto the website at all.
As near as I could tell, it was likely a combination of me going through the pages a little quicker than usual (I was trying to determine if it was just that page or the entire website) and then firing up Konqueror.
Being the technically-minded person I was, I fired up a search to see if this was a recent problem and how it could be resolved. To my dismay, I was finding "oh, the Pokemon Center website blocked me randomly lol" dating back to late 2020. All that anybody was getting out of this was that the defense mechanism to keep vendors from buying up stock was hitting people who may have been paging through the website a bit too fast.
Now, I have no issue with a company trying to stop abuse of their website and I certainly support putting in measures to prevent it. That being said, here's the problems I see:
- Pokemoncenter already uses an outside service to prevent abuse. This service uses a standard CAPTCHA (which has other issues but is far superior to completely blocking a legitimate browser).
- The system is overreactive. It seems unable to differentiate legit users from those intending to abuse the service. I've never had a website go freak out like this one did. Worse, the people behind the site seem to have no interest in fixing this. In fact, they've made it worse - apparently users were able to request release from Customer Support folk before this.
- Completely blocking a legit user limits their ability to purchase things - in other words, to borrow from Maciej Ceglowski of Pinboard (who probably picked it up somewhere else), never prevent someone from giving you money. In this case, the website would be better served to slow users down by using the above CAPTCHAs or other ways to prove the browser was not a bot.
In other words, me hitting up the site a couple of times and then switching to Konqueror could have been me turning to a person in my household and saying "hey, I can't access this, can you check if this is just my computer being weird?"
So, I turned to the support site. Unlike the main site, the support site is not blocked. Open a ticket because hey, I wanted to see if I could get to somebody useful. (Spoiler alert: I did not.)
Here's how the conversation went, more or less, with paraphrasing:
"Hey, I can't get into the site, here's what happened." (List out my steps)
"Sorry that happened, just be patient and you'll get access back."
"Look, it's not your fault, but I am very frustrated and I would like to talk to someone about it."
"We're sorry you're frustrated! Be patient, you'll get access back within 72 hours! Be assured you are a valued customer"
"72 hours is not an acceptable block and is terrible customer service. Can I please have a mailing address where I can complain?"
"Nope! We only communicate via tickets."
"Okay, a web developer?"
"Nope, sorry. Just us."
"This is unacceptable. I don't feel like I'm being heard. Can I please talk to someone with authority?"
"Nope."
"Okay, this is going nowhere. I am pissed off and I will no longer be buying from this site."
"Too bad. Don't let the door hit you on the way out. By the way, you can never complain about this ever again to us." (Okay, it was more like, "We're sorry you've chosen this. We are closing this ticket out and we will close any other ticket you make about this issue out." but it felt like it!)
(Yeah, I was really pissed off at that point and very very rude. If you do support for PokemonCenter and ran across an IT person with a customer service background that kept demanding to reach out to someone, anyone, then said "fuck it", I apologize!)
So, here's how I would fix it if I was running something similar:
- I would not completely block somebody from browsing the website. I would throw CAPTCHAs in the way, yes, but I wouldn't prevent someone from reaching my website entirely. This way, if my system accidentally alerts on a false positive (an activity that appears alarming but is actually normal/innocent stuff) I don't prevent a customer from giving me money.
- I would provide a way for people to say "oh hey, I should not be getting captchas".
- I would also analyze logs to see what bad actors did manage to evade my safeguards vs those who weren't vs normal web traffic. I'd make sure I wasn't setting my threshhold so low that I was impacting people who were trying to buy a thing or two. (And before anyone says this is not possible, there are solutions like Splunk that will do alerts and help you analyze patterns in your website logs.)
- f for some reason I did have to block, say certain IPs (Internet Protocol addresses; think street addresses, except for the internet), I would provide a link to a FAQ in regards to what happened and how to appeal it. (Which would not be the customer service folks; they go through enough shit as it is.)
- If someone opened a ticket anyway (because people Do Not Read), I would have them have a template saying "here's a link to our FAQ, this is not the correct place to appeal. We're sorry you're frustrated though."
- I would also have a complaints-feedback thing that wasn't a ticket-based system (to spare people screaming and swearing at customer service).
- I would also find a way for the customer service people to deflect a complaint to people better able to handle it. They're there to help customers with missing orders not to deal with pissed off people like me who can't get on the site.
So... I got nowhere, I can't tell them how to fix their site, and they don't care. And that is a lesson on how to not run an e-commerce website.
