I do my part to stimulate e-commerce. I go online and order books, pet toys, cookware, and hams. I had a perfect record of great experiences until I bought a hotel room online for the weekend of Labor Day 2000.

I experienced firsthand the results of buggy programming from a prominent online services provider. No self-respecting IT department would ever allow the kind of shoddy service I received.

My message this week concerns the people you hire and trust to do your online database development: Use only experienced developers with references. If you must hire inexperienced developers fresh out of college or certification classes, make them second bananas to the experienced people.

User error or a faulty fuzzy search?
My wife and I decided at the last minute to go out of town for a night over the Labor Day weekend. I went online, made an offer, and ultimately saved about $25 on a great hotel room in Cincinnati. As I did when I bought the cat toys, I gave a credit card number during what I assumed was a secure transaction.

My wife and I show up at the front desk, and I say, “Room for Jeff Davis.” The lady says, “Your room and tax are all taken care of.” I’m feeling pretty proud about this time, because my wife had scoffed at the notion of buying a hotel room online.

Then the lady handed me a printout that showed a room reserved and paid for by a Jeff Davis in Tennessee. The other Jeff Davis’ address and credit card number were right there on the form. I said, “Hey, this has been billed to the wrong Jeff Davis!”

The hotel clerk: “Oh, that’s [online services provider]? They probably just used the wrong profile.”

“So what should I do?”

“Just fill in your address and sign the form.”

That’s right, sports fans. I could have kept my mouth shut, signed “Jeff Davis,” and the poor sap in Tennessee might have been stuck with my hotel bill. Of course, that would have been the wrong thing to do. But I wasn’t about to whip out my credit card and insist on paying for the room myself. Instead, I took my cue from the hotel clerk, and I resolved to contact the online services provider after the holiday weekend.
Each Tuesday, Jeff Davis tells it like he sees it from the trenches of the IT battlefield. Get his report from the frontlines delivered straight to your e-mail front door by subscribing to Jeff’s View from Ground Zero TechMail. You’ll get a bonus of Jeff’s picks for the best Web stuff—exclusively for our TechMail subscribers. (If you already subscribe, e-mail this column to a friend.)
Faulty code and inadequate testing
Some of you are thinking, “Come on, Jeff, don’t make such a big deal out of this. Mistakes like this happen all the time.” Well, pardonnez moi, but mistakes like this should never happen when you’re dealing with confidential customer data and your customer’s money.

This online services provider appears to have spent all its investor capital on a national advertising campaign. They didn’t have enough cash left to hire an experienced developer or two, so they probably got some young Java-heads cheap by offering big stock option packages.

These inexperienced developers put into production code that generated a confirmation of my reservation with my address and credit card information, yet they billed some poor Jeff Davis from Tennessee.

I didn’t interact with a human, so the only possible explanation for this mistake is a software bug. The program accepted my input, yet it appeared to generate the hotel reservation record under another customer’s name.

It makes me wonder if the coders had a “fuzzy” lookup for my name in the customer database. “Jeff Davis” is an extremely common name, so you’d think the coders would have compared the address and other information I entered to the record in the reservations table. Any self-respecting database developer would be embarrassed to let such sloppy code get into production. An IT department that wouldn’t catch this kind of error during testing should be ashamed.

It gets worse
After my wife and I returned from our minivacation, I checked and confirmed that my credit (debit) card had not been charged for the hotel room. So I dutifully sent an e-mail message to the online services provider in question and received an automated response that said, “Thanks for writing, a human will review your note and get back to you within X hours.” I’m thinking, “That’s a nice touch.”

Then I received the message from the human. It was copy-and-paste drivel. “Thanks for writing…please call customer service at (800) XXX-YYYY to resolve your problem.”

So I replied again. I wrote: “Dear Ms. [last name]: I don’t mean to insult you, but you obviously didn’t read my note. YOU BILLED THE WRONG PERSON FOR MY HOTEL ROOM! It’s your mistake, and I don’t have time to call your 800 number to explain it.”

The next day, my account was debited for the hotel room. I can only hope they credited the account of the Jeff Davis from Tennessee.

The moral of the story? Treat your customer database applications—and your online financial transactions—as if lives depend on delivering thoroughly tested, bug-free code. The extra time you spend testing and debugging will cost far less than the time you’ll spend fixing the errors or making refunds if your code erroneously bills the wrong Jeff Davis.
To comment on this column, please start or add to a discussion below or follow this link to write to Jeff. To get Jeff Davis’ report from the frontlines delivered straight to your e-mail front door, click here.