Right Working Romantic Related Learning Friendly Healthy Legal Inspirational Unfiltered

Teens Will Be Teens, Duh

, , , , , , , | Right | December 4, 2022

Back in 2005, I was doing customer service for an online payment service. One day, I got a call from an irate gentleman who wished to report fraudulent transactions on a debit card. Uh-oh.

I’d learned by now that, rather than going through the “Do you have an account with us? Does anybody else in your household?” motions, it was heaps easier to just ask for the full card number and run a search across all accounts. If the card has already been compromised, what damage can it do at this point to tell me the full card number, right?

An account indeed popped up on which the card had been used. However, the name on the account didn’t match that of the caller, so I did some more probing and sniffing, all within rules and regulations. 

Long story short, it was Junior who had gone on a shopping spree. Apparently, for his fifteenth birthday, his parents had given him a Visa debit/credit card with no spending limit. And our service required that all customers be at least eighteen years of age when opening accounts.

Customer: “Well, how do we get his money back?!” 

Me: “Um… we rather… don’t, sir. There’s been no fraud committed because, well, the card owner spent his own money, which was well within his right.”

Christ on a bike, how Daddy Dearest blew a fuse!

Customer: “But that can’t be, because that was money for Junior’s birthday! Why didn’t you stop the transactions, then?!”

Yup. Daddy actually blamed us for not verifying Junior’s age prior to letting him open an account with us and go to town with his card.

It took all of my composure not to burst out laughing. Instead, I diplomatically replied:

Me: “Sir, it’s clearly written in our terms and conditions that account holders must be at least eighteen years of age when signing up for our services. That alone frees us from any responsibility — not that we had any in the first place. Secondly, it was not our company that decided it might be a good idea to give a fifteen-year-old his own debit card with no spending limit. You’re quite welcome to dispute the charges with the card issuer and see if they’re willing to reverse the charges, but, quite frankly, I doubt it, seeing as the card was always in the cardholder’s possession and all charges were made knowingly by said holder. As such, no fraud has occurred, and we are unable to assist you further. Thank you, and goodbye.”

And the amount squandered? Roughly DKK 4,200. Adjusted for inflation and the exchange rate, we’re looking at US$600 or €590 in 2022 money.

Happy birthday, kiddo! I hope you at least got to keep your stuff, whatever you bought.

I Just Miss MySpace, Man…

, , , , , , | Working | November 22, 2022

Remember the good ol’ days of Internet security, kids? When we were all taught that you don’t leave bank information on places it can be swept up and sold?

This all starts with Mom who, to her credit, is trying to pay me back for groceries and fund my new obsession with bowling. [Credit Union], following the Great Trends of Machinery, recently decided in their infinite wisdom to bestow an entire system overhaul of their website, a new app, and a brand-new “experience” on us.

My mother is pre-home computers. This may be important later.

She logs in and tries to transfer money.

Mom: “Oh, honey, you’re not signed up for [Money Transfer System]. Can you sign up real quick?”

Me: “Uh, I’ve been signed up since I started using the bank. What email are you using?”

Cue a “Who’s On First?” moment about emails, names, and any potential variations I might have signed up with when I was all of twelve and got my first bank account.

Me: “You know, they did just update everything recently. Are you using the new app? There might be some system issues.”

Mom responds with all the confidence of a pre-tech Boomer.

Mom: “Oh, obviously not. You must have forgotten you capitalized a letter in your email address.”

Me: “…what?”

It goes downhill from there.

My mother’s arguments vary from, “But the computer says you’re not enrolled!” to, “They can’t have system issues; it worked just fine for your brother!”

At some point, I try to log in.

This is obviously a mistake. I am using [Browser #1] with a password generator — as one does — and it isn’t working. I get kicked out and have to reset my password. Twice.

Me: “Well, this isn’t working. Can you call the [Credit Union] people and ask for help?”

Mom: “I’m trying to transfer money to you! This is your job!”

Me: “You do know that the nice people who will get a lot of federal jail time if they mishandle your money might not want to talk about your account with me, right?”

Mom: “But if the computer says that you’re not enrolled, it must be your problem!”

I break first and drive down to the [Credit Union]. I walk in, show my ID, and try to word things in a way that does not violate federal law…

Me: “Hi. My mom and I are having two problems: first, I can’t get my password manager to work on [Browser #1] with your site. Second, the money transfer system says I’m enrolled on my end, but my mom’s device says I’m not. What’s going on?”

Teller: “Uh…”

Passing Teller: “Oh, I know! The money transfer system has been doing that; she just has to re-add her contacts. And [Browser #1] is inherently outdated, so it’s incompatible with our site!”

I pause and translate this from Non-Computer Speak into “Wait A Minute, Didn’t [Browser #2] Just Update Its ‘Security’ Policy?”.

Then, I say my thanks and leave.

I return home and tell my mom that she needs to re-add me as a contact. She does so, and all is well.

Then, I opened my instant messenger to speak to my much more savvy sister at college.

Me: “Remember when [Browser #2] decided they were going to collect data, sell it to the highest bidder, forbid [Ad Blocker], and leave you open to every bug on the planet? Someone in [Credit Union]’s web developer team apparently decided that means they’ll get more money from their end-user if their site is only compatible with [Browser #2]. And then told their wife that [Browser #1] is ‘outdated’. I’m pretty sure a middle manager somewhere is making a web designer cry into a beer for the Days of Yore when browser compatibility meant more than, ‘We think this is Cool With The Kids and Hip and also makes money.'”

Now I’m off figuring out how to keep [Browser #2] from stealing my friggin’ bank password. And losing my faith in humanity.

Influencer Dads Are The New Pageant Moms

, , , , , , , | Right | CREDIT: EstamelTharchon | November 15, 2022

I’m a developer at a marketing agency. Our biggest client is [Bank]. Apparently, banks in our area have a huge thing for raffles, giveaways, and similar marketing tricks to get new accounts opened. Better yet, they are constantly trying to one-up each other, which is great for marketing/developer agencies like ours.

We present them with an idea for their next big thing.

  • We get twenty young influencers to take photos of themselves with some bank cards and stuff. All of them will be some small-scale school-age influencers paid a symbolic amount of money.
  • I create an Instagram clone where people vote for their favorite photo. Each week, a new set of photos opens up, and voting starts again, for a total of eight weeks.
  • Everyone who participates in voting enters a raffle, and the influencer with the most votes gets a reward: a top-of-the-line newest smartphone. That’s a lot for a kid their age, so we expect them to go rabid and get as many people as possible to vote for them and possibly open up a bank account to get those extra raffle tickets.

I am the sole developer for this job, which means I have the opportunity to take out the fanciest tools in my toolbox. I am quite proud of the end product. It is done on time and on budget, it’s well tested, and it can handle tons of traffic.

Then, the campaign goes live. Voting starts, traffic exceeds our expectations, and everything on my side is working great.

On the second day of the campaign, an eighteen-year-old Influencer Girl gets a massive spike in vote count during a one-hour period. Immediately after, we get our mail flooded with cheating accusations from another participant’s dad. This kid is a fourteen-year-old boy with a Very Important Dad who’s somehow involved in politics and completely obsessed with his son’s social media career.

The Very Important Dad starts threatening us in every possible way he can, including negative social media posts, complaining to [Bank], boycotting the campaign by getting other participants on board, and somehow threatening legal action. In the same email, he mentions at least three times how his son is a huge social media personality, how we should be lucky to even have him in the game, how he didn’t even want to participate in such a small-scale event, and just how impossible it is for him to receive fewer votes than Influencer Girl.

At [Agency] and [Bank] marketing department, it’s all hands on deck. While the rest are figuring out if there’s any exposure and how to deal with Very Important Dad, it’s my job to find out if Influencer Girl cheated and to get proof.

While the security was done right, auditing and logs are inadequate for this investigation. Server access logs contain IP addresses and such but contain no information that would allow me to connect HTTP requests to actual users and who they voted for. Authentication is done either via Google SSO, Facebook SSO, or SMS code verification. Database records are consistent, so I end up browsing through the SSO data, trying to spot any sign of multiple dummy Google or Facebook accounts being created just to vote for Influencer Girl.

The best proof I can come up with is the ratio between different authentication methods. If Influencer Girl cheated, the makeup of the accounts that voted for her would be different from the rest of the accounts. In layman’s terms, if the app had 40% of users registered via Google, 35% via Facebook, and 25% via SMS, and the accounts that voted for her had the same ratio — or at least, not different enough for any statistical significance — it would 99% prove that she did not cheat. If she cheated, she would have to know the ratio to fake it.

Although, she could devise an elaborate plan to get the data from another website with a similar target audience, buy hundreds of burner phones, and create thousands of Google and FB accounts, all to get that main reward — a phone. That’s “a most likely explanation” according to Very Important Dad.

The people at [Bank] do not quite understand the mathematics, so my investigation fails to reach any conclusions. So, they do the obvious. A lawyer from [Bank] calls Influencer Girl to ask her how she got those votes. It turns out she is an animator and went to a college party where she picked up the mic and told everyone to vote for her. She then signs a statement that this is true.

For the remaining weeks, we stall Very Important Dad, telling him that the investigation is in progress and that we cannot give him more information without violating our privacy policy. Meanwhile, he has his friends post conspiracy theories on social media and other weird comments on [Bank] and [Agency] pages.

In the end, the campaign exceeds all KPIs, some by a factor of ten, and would be considered a massive success were it not for the accusations of cheating. It puts a strain on our relationship with [Bank] and we receive no future projects like this from them. Eventually, they pull all their work.

Some First-Time Bank Robbers Are So Dumb It’s Almost Cute

, , , , , , , , | Legal | November 3, 2022

This happened about a decade ago while I was still a university student. One day, on my drive home from campus, I passed by the bank my account is with as I did nearly every day. However, this time, I saw numerous police cars in the parking lot and figured something had gone down.

Sure enough, when I checked the news upon arriving home, I found that the bank had indeed been robbed. There was a silver lining, though; the culprit was arrested at his home only a short time later and all the money was recovered. And when I say, “a short time,” I mean it took police less than an hour to track the culprit back to his house, arrest him, and recover the stolen money.

How did they manage to track the criminal back to his house so quickly, you ask? Well, in this case, the bank robber was incredibly dumb. How dumb was he? Dumb enough to write the note to the teller on the back of one of his own personal checks — the ones containing his full name and home address. Not only that, but he only lived a short distance from the bank.


, , , , | Working | November 3, 2022

I have an associate of the bank call.

Associate: “You need to reimburse all of my overdraft fees because I’m an employee of the bank and, as such, I am not subject to any fees from the bank whatsoever.”

Me: *Calmly* “First and foremost, I have to treat you as a client.”

She starts to cuss me out and demands to speak to a supervisor. I look at my phone and I can tell the call is coming from the branch.

Me: “Are you on the clock or are you at your branch as a client?”

She cussed me out again and once more demanded to speak to a supervisor. I passed the call to my supervisor, who then reported her to HER manager for being offensive and for taking care of personal matters on the job.