Tuesday, 6 October 2009

How not to make a web site

Barclays on-line banking allows me to update home/work email and phone details.

Seeing as they said no email logged, I clicked on the update, filled them in and got :-

"30505 - Sorry - we have not been able to carry out your request. Please try again later."

Really helpful.

I tried a few times and got the same.

Then I spotted in the update page :-

"NOTE: Where updates are required to both the Work and Home details, these will have to be completed separately. For example, the work details should be updated and then saved by selecting the green 'Save' button before returning back to this screen to complete the Home details or vice versa."

  • Why have that restriction?
  • If you have that restriction why create a totally nonsense cryptic error when someone does not notice and tries to add an email address to both home and work at the same time?
  • If you have the restriction how hard is it to grey out the home details as soon as I edit work details or have them as separate update screens?


  1. Makes you wonder what the code behind it is like.. You'd think a bank would employ competent people if only because they need to be able to handle security properly.

  2. I think you should complain, using the online form of course. Only don't try using any punctuation because the form's completely borked and only allows the full stops (and maybe the comma). Apostrophes, quotes and angle-brackets are an absolute no-no, presumably some in knee-jerk attempt to prevent SQL-injection attacks combined with sheer lazyness in not simply reg-ex-ing the user's entry.

    I'm still waiting for the apology/explanation/fix that they promised me over a month ago, along with mending the OFX download so that it once again bears some vague resemblance to the OFX spec (I mean, how hard is it to test against a published XSD FFS?).

  3. I still remember getting exceptionally confused by HSBC's Internet Banking complaining that I had invalid characters in a "secure message" I was trying to send. After a lot of trial and error, it turned out that "£" was the offender.

    Seriously, you're a *bank*. Do you not expect people to use currency symbols?

    Their reply was that it was by design, and that I should write GBP instead...