How not to inspire customer confidence

For about a week now, the following announcement has been inserted into my bank's login page:

If your login ID has leading zero(s) and you are a bill payment user, you may experience difficulty accessing the Pay Bills section of Internet Banking. Please enter your login ID without the leading zeros in order to access Pay Bills. For example, if your login ID is 0012abcde, please use 12abcde instead. We are working on a fix to this problem.
Imagine the behind-the-scenes drama: pointy-haired bosses, surly engineers, elusive vendors, tense meetings, recriminatory memos. Think about the poor soul who had to deliver this unfortunate message. And ask yourself: wouldn't you rather just write one line of JavaScript instead?

The login form in question is already being dynamically tweaked by a JavaScript function, so it's only necessary to add this line to that function:

form0.v1.value = form0.v1.value.replace(/^0+/,'');
I saved a local copy of the login form, made that change, entered a login ID with leading zeroes, and verified that I can successfully and zerolessly log in to my account.

It's crazy how often services require people to perform textual transformations that can trivially be accomplished by regular expressions. The classic example is the purchase form that fails because a card number's hyphens or spaces were intermixed with digits. Clue: the hyphens or spaces are aids to the human being who is trying to process 16 digits using a brain that's wired for shorter sequences. Punctuation is a feature, not a bug. It is trivial, in any programming language, to ignore it. And yet we continue to shift the processing burden from machines to people.

I used to think this happens because programmers on the front lines of data processing don't grok regular expressions well enough. That's evidently still true, but the real problem, I think, is that the people who use these systems don't trust their own instincts. They suspect it's bullshit, but they can't be sure.

Well, trust me, it is. There are many inhumane procedures that software systems must necessarily inflict on people, but stripping punctuation and leading zeroes are not among them.

Update: Here's an excellent comment received in email from someone identifying as Wanderley:

The problem is that even that one Javascript line still needs to go thru SOX audit before being pushed to production.

This is indeed an issue to blame on pointy-haired bosses, but their names are Sarbanes and Oxley.

Bruce Timberlake adds:

Why isn't the bank preventing your local page from working? Seems to me that a referrer check, session ID, or something should be required to prove that the form is even being submitted from their own server, rather than someplace else.
Indeed. That occurred to me as well. Yet another way in which they are not inspiring confidence in this customer.

Former URL: