I work for a bank from home. I work in the fraud department and I deal with people’s debit cards. In a perfect world, people call in, answer questions, and then hang up without too much fuss. I actually get those people very often.

Then, there are the jerks. They interrupt my intro, they correct their caller intent (the box that tells me why they called) to tell me I’m wrong and that THIS is why they called (which, nine times out of ten, is exactly what I just said to them), and they refuse to answer questions correctly or even at all sometimes. A good example of it is something like this:

Me: “Hello, you’ve reached [My Name]. May I confirm your full name as it appears on your card?”

Customer: “I’m calling in because you locked my card and I want it unlocked.”

Me: “Wonderful. May I confirm your name?”

Customer: “[First Name].”

Me: “I’m sorry, may I confirm your full name as it appears on your card?”

Customer: “[Full Name].”

Me: “Wonderful. I see three transactions from [Website] for twenty dollars each. Did you make those?”

Pause. You’ll notice that’s not open-ended. That’s a yes or a no. And without fail, they reply like this:

Customer: “Well, ya see, what happened is…”

They recall their entire day. They ask why their card was blocked. They do not say, “Yes, that’s mine,” or, “No, that’s not mine.”

Other customers have the magical power of context, where they know how to answer a yes-or-no question without blabbering for five solid minutes about NOTHING important. Nothing. Not one item they say is ever relevant to how I can help them. But that isn’t the worst part.

The worst is, after all of that, you approve their card to be used and unblocked. And they immediately do two things.

1.) “Dont you hang up, I dont wanna wait a half hour to get back to you! I need to make sure you did your job!”

Lady, get off my phone. This whole call was recorded, and you think I sat here listening to you and doing nothing for laughs?

2.) They do the exact same suspicious s*** that locked their card, inevitably locking their s*** up again, and then they claim I did nothing.

The bank did that. Their automated fraud protection system saw you do the suspicious thing again and locked the card again. I agree it’s a stupid system. Stop doing that with your card and it will stop locking. I realize it’s your money. Yes, you can do what you want with it. Yes, I’m aware you can leave and join another bank. I couldn’t care less.

PSA #1: if you called a business to perform their function, we did what you asked. We were recorded doing it, as well as everything we said back and forth. We are not incompetent, and we do not enjoy listening to you complain in our ears.

PSA #2: If we ask a question, we want the answer and nothing else. Please shut up if it isn’t relevant to me helping you.

I work for a banking call center in the fraud department. Most of our calls are inbound, but on rare occasions, we have outbound calls, as well. These are the absolute worst, especially if the customer has to be authenticated to the account.

One day, I get that dreaded call. The automated line informs me that it’s an outbound call and that I must authenticate the customer. When I pull the information up, the phone number that was called was put on the account only days before, making this a “High Risk” call. If I don’t verify him to the account — What if the number was put in incorrectly and I’m calling the wrong person? — I can probably be fired.

Me: “Thank you for holding for [Bank] Debit Card Fraud Services. This call may be recorded or monitored for quality assurance purposes. My name is [My Name], and to begin, who have I reached today?”

Customer: “[Customer].”

This is the name on the account, but that’s just the first step. I have to ask one more question, and I’m frantically trying to find the most innocent thing I can.

Me: “Thank you, Mr. [Customer]. Now, before I can begin, I do have to verify that I have contacted the correct cardholder, and to do that, I’ll have to ask a quick security-related question. Would you consent to be authenticated to the account? If you don’t want to do so, please let me know, and then hang up and contact the number on the back of your debit card to be assured that you’re speaking to a [Bank] employee.”

Customer: “No, that’s fine.”

Me: “Very well, Mr. [Customer], thank you. Would you be able to confirm for me the date of the last deposit into your account?”

This is a very low-risk question, and unless the employee asks for that information, knowing it won’t get someone into your account, usually. All I want is either a number or a day of the week.

Customer: “Actually, let me ask you something. Is your mother proud of you, knowing you’re too r******d to suck c**k for a living? That you have to resort to stealing money from hard-working people?”

Me: “Sir, failure to authenticate at this stage will result in a block being placed on your card, and you’ll have to head into your nearest banking location to have it undone. Will you be able to authenticate to the account?”

Customer: “Here, why don’t you just suck my d**k sideways? Your mouth’s clearly big enough.”

Me: “Very well, sir. As you are refusing to authenticate, your card has a hold on it now. Please step into your nearest banking location and have the associate call us to have it removed. Thank you for banking with [Bank].”

I disconnect the call and notate, “DO NOT SERVICE OVER PHONE. CUSTOMER BECAME VERBALLY ABUSIVE AND REFUSED TO AUTHENTICATE. SEND TO BANK.” And then, I forget all about it.

About four hours later, an inbound call comes in. I pull up the information, and the first thing that pops up is a note on the account stating, “DO NOT SERVICE OVER PHONE. CUSTOMER BECAME VERBALLY ABUSIVE AND REFUSED TO AUTHENTICATE. SEND TO BANK.” I check the ID number that placed the hold and realize that it was MY number.

The same man has called in, and as luck would have it, I am the next available agent able to speak with him. I answer my phone with the biggest smile on my face and with my most chipper customer service voice.

Me: “Thank you for calling [Bank] Debit Card Fraud Services! This call may be recorded or monitored for quality assurance purposes! My name is [My Name], and who do I have the pleasure of speaking with today?”

There’s a brief silence on the other end of the phone.

Customer: “Oh… I, uh… I guess you are with the bank… aren’t you?”

Me: “You are correct, sir, I am a [Bank] Fraud Analyst. How may I assist you today?”

Customer: *Pauses* “You’re not going to unblock my card now, are you?”

Me: “Well, sir, according to the notes left on the account, it seems you became verbally combative with the previous associate and, as such, your card has been blocked for all transactions. To have this block removed, you’ll have to go to the nearest [Bank] location and have the associate there call us.”

Customer: “But… but I live in [State].”

Me: “Okay then, it looks like your nearest banking location will be in Tallahassee, Florida, sir. Thank you for choosing [Bank] and have a wonderful rest of your night.”

Back in 2005, I was doing customer service for an online payment service. One day, I got a call from an irate gentleman who wished to report fraudulent transactions on a debit card. Uh-oh.

I’d learned by now that, rather than going through the “Do you have an account with us? Does anybody else in your household?” motions, it was heaps easier to just ask for the full card number and run a search across all accounts. If the card has already been compromised, what damage can it do at this point to tell me the full card number, right?

An account indeed popped up on which the card had been used. However, the name on the account didn’t match that of the caller, so I did some more probing and sniffing, all within rules and regulations. 

Long story short, it was Junior who had gone on a shopping spree. Apparently, for his fifteenth birthday, his parents had given him a Visa debit/credit card with no spending limit. And our service required that all customers be at least eighteen years of age when opening accounts.

Customer: “Well, how do we get his money back?!” 

Me: “Um… we rather… don’t, sir. There’s been no fraud committed because, well, the card owner spent his own money, which was well within his right.”

Christ on a bike, how Daddy Dearest blew a fuse!

Customer: “But that can’t be, because that was money for Junior’s birthday! Why didn’t you stop the transactions, then?!”

Yup. Daddy actually blamed us for not verifying Junior’s age prior to letting him open an account with us and go to town with his card.

It took all of my composure not to burst out laughing. Instead, I diplomatically replied:

Me: “Sir, it’s clearly written in our terms and conditions that account holders must be at least eighteen years of age when signing up for our services. That alone frees us from any responsibility — not that we had any in the first place. Secondly, it was not our company that decided it might be a good idea to give a fifteen-year-old his own debit card with no spending limit. You’re quite welcome to dispute the charges with the card issuer and see if they’re willing to reverse the charges, but, quite frankly, I doubt it, seeing as the card was always in the cardholder’s possession and all charges were made knowingly by said holder. As such, no fraud has occurred, and we are unable to assist you further. Thank you, and goodbye.”

And the amount squandered? Roughly DKK 4,200. Adjusted for inflation and the exchange rate, we’re looking at US$600 or €590 in 2022 money.

Happy birthday, kiddo! I hope you at least got to keep your stuff, whatever you bought.

Remember the good ol’ days of Internet security, kids? When we were all taught that you don’t leave bank information on places it can be swept up and sold?

This all starts with Mom who, to her credit, is trying to pay me back for groceries and fund my new obsession with bowling. [Credit Union], following the Great Trends of Machinery, recently decided in their infinite wisdom to bestow an entire system overhaul of their website, a new app, and a brand-new “experience” on us.

My mother is pre-home computers. This may be important later.

She logs in and tries to transfer money.

Mom: “Oh, honey, you’re not signed up for [Money Transfer System]. Can you sign up real quick?”

Me: “Uh, I’ve been signed up since I started using the bank. What email are you using?”

Cue a “Who’s On First?” moment about emails, names, and any potential variations I might have signed up with when I was all of twelve and got my first bank account.

Me: “You know, they did just update everything recently. Are you using the new app? There might be some system issues.”

Mom responds with all the confidence of a pre-tech Boomer.

Mom: “Oh, obviously not. You must have forgotten you capitalized a letter in your email address.”

Me: “…what?”

It goes downhill from there.

My mother’s arguments vary from, “But the computer says you’re not enrolled!” to, “They can’t have system issues; it worked just fine for your brother!”

At some point, I try to log in.

This is obviously a mistake. I am using [Browser #1] with a password generator — as one does — and it isn’t working. I get kicked out and have to reset my password. Twice.

Me: “Well, this isn’t working. Can you call the [Credit Union] people and ask for help?”

Mom: “I’m trying to transfer money to you! This is your job!”

Me: “You do know that the nice people who will get a lot of federal jail time if they mishandle your money might not want to talk about your account with me, right?”

Mom: “But if the computer says that you’re not enrolled, it must be your problem!”

I break first and drive down to the [Credit Union]. I walk in, show my ID, and try to word things in a way that does not violate federal law…

Me: “Hi. My mom and I are having two problems: first, I can’t get my password manager to work on [Browser #1] with your site. Second, the money transfer system says I’m enrolled on my end, but my mom’s device says I’m not. What’s going on?”

Teller: “Uh…”

Passing Teller: “Oh, I know! The money transfer system has been doing that; she just has to re-add her contacts. And [Browser #1] is inherently outdated, so it’s incompatible with our site!”

I pause and translate this from Non-Computer Speak into “Wait A Minute, Didn’t [Browser #2] Just Update Its ‘Security’ Policy?”.

Then, I say my thanks and leave.

I return home and tell my mom that she needs to re-add me as a contact. She does so, and all is well.

Then, I opened my instant messenger to speak to my much more savvy sister at college.

Me: “Remember when [Browser #2] decided they were going to collect data, sell it to the highest bidder, forbid [Ad Blocker], and leave you open to every bug on the planet? Someone in [Credit Union]’s web developer team apparently decided that means they’ll get more money from their end-user if their site is only compatible with [Browser #2]. And then told their wife that [Browser #1] is ‘outdated’. I’m pretty sure a middle manager somewhere is making a web designer cry into a beer for the Days of Yore when browser compatibility meant more than, ‘We think this is Cool With The Kids and Hip and also makes money.'”

Now I’m off figuring out how to keep [Browser #2] from stealing my friggin’ bank password. And losing my faith in humanity.

I’m a developer at a marketing agency. Our biggest client is [Bank]. Apparently, banks in our area have a huge thing for raffles, giveaways, and similar marketing tricks to get new accounts opened. Better yet, they are constantly trying to one-up each other, which is great for marketing/developer agencies like ours.

We present them with an idea for their next big thing.

• We get twenty young influencers to take photos of themselves with some bank cards and stuff. All of them will be some small-scale school-age influencers paid a symbolic amount of money.
• I create an Instagram clone where people vote for their favorite photo. Each week, a new set of photos opens up, and voting starts again, for a total of eight weeks.
• Everyone who participates in voting enters a raffle, and the influencer with the most votes gets a reward: a top-of-the-line newest smartphone. That’s a lot for a kid their age, so we expect them to go rabid and get as many people as possible to vote for them and possibly open up a bank account to get those extra raffle tickets.

I am the sole developer for this job, which means I have the opportunity to take out the fanciest tools in my toolbox. I am quite proud of the end product. It is done on time and on budget, it’s well tested, and it can handle tons of traffic.

Then, the campaign goes live. Voting starts, traffic exceeds our expectations, and everything on my side is working great.

On the second day of the campaign, an eighteen-year-old Influencer Girl gets a massive spike in vote count during a one-hour period. Immediately after, we get our mail flooded with cheating accusations from another participant’s dad. This kid is a fourteen-year-old boy with a Very Important Dad who’s somehow involved in politics and completely obsessed with his son’s social media career.

The Very Important Dad starts threatening us in every possible way he can, including negative social media posts, complaining to [Bank], boycotting the campaign by getting other participants on board, and somehow threatening legal action. In the same email, he mentions at least three times how his son is a huge social media personality, how we should be lucky to even have him in the game, how he didn’t even want to participate in such a small-scale event, and just how impossible it is for him to receive fewer votes than Influencer Girl.

At [Agency] and [Bank] marketing department, it’s all hands on deck. While the rest are figuring out if there’s any exposure and how to deal with Very Important Dad, it’s my job to find out if Influencer Girl cheated and to get proof.

While the security was done right, auditing and logs are inadequate for this investigation. Server access logs contain IP addresses and such but contain no information that would allow me to connect HTTP requests to actual users and who they voted for. Authentication is done either via Google SSO, Facebook SSO, or SMS code verification. Database records are consistent, so I end up browsing through the SSO data, trying to spot any sign of multiple dummy Google or Facebook accounts being created just to vote for Influencer Girl.

The best proof I can come up with is the ratio between different authentication methods. If Influencer Girl cheated, the makeup of the accounts that voted for her would be different from the rest of the accounts. In layman’s terms, if the app had 40% of users registered via Google, 35% via Facebook, and 25% via SMS, and the accounts that voted for her had the same ratio — or at least, not different enough for any statistical significance — it would 99% prove that she did not cheat. If she cheated, she would have to know the ratio to fake it.

Although, she could devise an elaborate plan to get the data from another website with a similar target audience, buy hundreds of burner phones, and create thousands of Google and FB accounts, all to get that main reward — a phone. That’s “a most likely explanation” according to Very Important Dad.

The people at [Bank] do not quite understand the mathematics, so my investigation fails to reach any conclusions. So, they do the obvious. A lawyer from [Bank] calls Influencer Girl to ask her how she got those votes. It turns out she is an animator and went to a college party where she picked up the mic and told everyone to vote for her. She then signs a statement that this is true.

For the remaining weeks, we stall Very Important Dad, telling him that the investigation is in progress and that we cannot give him more information without violating our privacy policy. Meanwhile, he has his friends post conspiracy theories on social media and other weird comments on [Bank] and [Agency] pages.

In the end, the campaign exceeds all KPIs, some by a factor of ten, and would be considered a massive success were it not for the accusations of cheating. It puts a strain on our relationship with [Bank] and we receive no future projects like this from them. Eventually, they pull all their work.