Oct 07 2013
One thing is clear, the #ObamaCare roll out has turned into the #ObamaCrash. From what I am reading on the tech side of things (and computer systems for NASA and DoD are my business area) the problems seem to be a case of hiring the wrong company for the job.
In this WSJ article, the company in charge of #ObamaCrash is identified:
Information technology experts who examined the healthcare.gov website at the request of The Wall Street Journal said the site appeared to be built on a sloppy software foundation. Such a hastily constructed website may not have been able to withstand the online demand last week, they said.
After looking at the company website USA (and learning it is a UK company to boot) one has to wonder why Experian selected? What was the competitive process used to select a company that does credit reporting on people when you want a website to handle millions of applications?
The business skillset between setting up large volume websites and running credit checks are night and day. So how did Experian get in the position to do such a shoddy job?
The cynic in me wants to think the best way to hide the new health care premium costs is to have the website go down. So maybe this was an evil plan to delay the sticker shock!
If this continues, HHS will have delayed the individual mandate where the GOP could not, since every day you cannot sign up is a day the government will be required to extend the registration!
What should clearly be an enterprise quality, highly scalable software application, felt like it wouldn’t pass a basic code review. It appears the people who built the site don’t know what they’re doing, never used it, and didn’t test it…
It makes me wonder if this is the first paid application created by these developers.
It looks to me like amateur hour. I mean this is really pathetic.
Update: Hmm, the plot thickens. Experian and data breaches – this looks like a bit of a fast one!
So what happened? Well it turns out that Experian did not re-bid for the contract and instead sent out renewal letters to 1+ million S.C. residents. Reports, like the one above, came in that the call center was informing residents that the State would not be offering free credit monitoring service and that they could renew for a discounted price of 99 cents a month. The reality is that the State is going to continue offering free credit monitor, just not through Experian!
BTW, do you know that by signing up to Obamacare your personal information is now in the hands of a credit reporting company? Is that smart?
Woa! Update: Did Experian just realize they don’t have the tech-savvy to pull of the Obamacare registration roll out?
Experian’s October 1 announcement that it acquired web fraud detection vendor The 41st Parameter for $324 million underscores the weakness of knowledge based authentication or KBA. Experian sells KBA to companies verifying identities of consumers conducting high-risk transactions. KBA systems are under siege and a systematic compromise of these applications was recently uncovered by security blogger Brian Krebs. See our previous blog on this as well as krebsonsecurity.com
Although Experian was not part of the uncovered botnet-based infiltration, the so called secret questions and answers used across most major KBA vendors such as Experian and LexisNexis are typically the same. As noted previously, KBA has — on average — a 10-15% failure rate which can go much higher and up to 30% in certain populations such as new immigrants or young students. Most KBA failures are legitimate individuals who can’t successfully answer the secret ‘out-of-wallet’ questions or for whom there is not enough data to ask any. At the same time, criminals who buy this information on the black market have no trouble answering them perfectly. (See our September 2012 research note G00237377 “When Knowledge-Based Authentication Fails, and What You Can Do About It”).
This key acquisition was JUST LAST WEEK! Are you kidding me?