For the second time in a month, I braved the rain and cold to use one of Seattle’s Parkeon parking meters. Parkeon’s one of the vendors of new-fangled, electronic parking meters, which stops scofflaws who pull in behind someone leaving by printing receipts which are then required to be attached to the inside window. It’s all very fancy-pants.
Also for the second time in a month, the meter didn’t work.
(Look, real raindrops, so you know I ain’t lyin’.)
Above the 01:22, it says “Contacting Bank for Approval.” I’ve put my credit card in at this point, and through some sort of magic means, it’s now doing… something. And that something took about three minutes, and then at the end it said something like “Can’t Contact Bank” and didn’t give me the receipt.
So at this point, I’ve done what I was supposed to do, and something went wrong in the system. I don’t know whether it’s the bank, Parkeon, something in between, and I don’t care – all I know is that at this point I either have to park illegally or move my car. (Or, I guess, tape a note to the window. Or walk to another meter, if you can find one – but why would you believe that would work?) It’s not obvious that it’s broken to a parking attendant, like a busted meter would be, so I’m without recourse (and late for my appointment).
There’s a much better answer to this problem – if the system fails, give me the receipt anyway. Assume I’m a good actor and eat the cost, or process it in batch later when things are working, or upload your failed attempts to the central server and have it reprocess, or something. But your failure is not your customer’s problem.
Of course, if you’re Parkeon or the City of Seattle, you could worry about an attack vector here – if I’m a bad actor and I know that the parking meter will give me the receipt even if it can’t reach the bank, maybe I stop it from reaching the bank and get the receipt. Obvious response: if routing around Parkeon security is so easy that it’s worth not spending <$3 on parking to do it, make the security harder – and it’s not like one person’s hack is going to suddenly create a rash of scofflaw parkers across the city, since I’m not stealing anything of transferable value. The likelihood of attack that has meaningful value here seems like basically zero.
Amazon’s management is great at making this point, though not every system follows through: what part of your system absolutely has to succeed to meet your customer’s needs? And if that system fails, is there any kind of workaround anyway, or is succeed-later (i.e. asynchronous processing of the request) acceptable? For example, what if the meter is out of paper? Well, it could print a message on the screen and suggest you tape it to your window, a message that only the parking attendant could interpret – like a GUID interpretable by a handheld device. That’s almost certainly overkill but it’s a demonstration that you can do something. You can almost always do something, and figuring out the minimum something to make the customer successful is almost always the right plan.