Plastic card distribution can be extremely frustrating, because the only time you need it to happen is when you don't actually want it to be needed (fruad, loss, damage, new account, whatever). You just want to fucking buy things, not deal with shipping incompetence, you know?
This reminds me of a time I was traveling and had to cancel a lost credit card. I told the card company that I was not at home,was definitely outside of the country, not going to be home, definitely staying at an address that was not the home address listed on the account, wanted the card to be sent to _me_ and not my _home_, gave them my foreign delivery address 5 times over as many weeks, got 5 separate promises that the card was definitely going to reach me at my outside-of-the-country-and-not-at-home location in just a few business days, and the card never showed up. So I just gave up. And then, when I finally went home there were 5 goddamn cards in my mail slot.
Honestly this reason alone makes Apple's purely digital credit card my favorite. Need a new card number? Just push a button. No incompetent shipping divisions with 5 hops and as many business days between you and your ability to buy things when your card number is breached.
Had a similar feeling of frustration the other day when I thought I had lost my wallet and was considering what a pain in the ass it was going to be to get my ID and cards replaced. 4-6 weeks for a replacement CA driver’s license, and you have to go to a physical DMV location! I know that digital-only management of identity and payment is a whole new can of worms, but I spent a lot of time thinking about how absurd it is that we still require possession of a small piece of plastic to operate as an adult in the world, and how losing that plastic cuts you off from a great many things.
(Turns out I threw the wallet in the recycling can while cleaning the garage. So I guess don’t pay me to build the system that replaces physical identity tokens.)
I once threw away a fast food bag that contained our checkbook, $100 in cash, plus the title and registration paperwork for our new car! We didn't realize until a few days later, but fortunately we found the bag before the trash pickup came :)
One nice Friday night when I was tired and barely walking after long week I threw into the trash my wallet with some cash, credit card, debit card, subway pass, driver license and US green card. Then I threw the trash into container next to my apartment building. Didn't remember a thing.
Next morning after more than ~1 hour of turning my apartment upside down I, out of desperation and thanks to intuition, dove into container and recovered my trash bag. Everything apart from cash survived.
Have you never been in a situation where 2 hands were not enough, but that's all you had? Sometimes, getting out the car is a lot easier combining things that are not in a pocket or bag/purse into whatever back you might be carrying into the house with you.
Wallet goes in right front pocket. Phone goes in left front pocket. Keys goes with wallet.
Exception: When I'm out running, if cell phones are forbidden (certain locations at certain customers), or if I wear a suit (things like weddings, funerals and when I celebrate 17th of May.)
If a pair of trousers cannot hold these items I don't buy them.
Sticking to these invariants makes for less frustration. Not sticking to them means frustration twice a month or so.
You know what? Based on my life experience to this point I wouldn’t do that. On a couple of occasions I’ve had an idea of where to put something (e.g. “if I put the money here it will be safe”) and my brain stop me (e.g. “are you stupid? You’ll never remember you put it here. Put it somewhere you’ll actually check if you cant remember”) and it stops me. Benefit of getting older and learning from past mistakes?
I only carry my debit card and drivers licence as a backup incase my phone goes flat. My digital drivers licence is accepted by police and vehicle registration has been entirely digital for years. If I lost my physical one I don't think I would bother replacing it. I can register an expired vehicle through an app and drive it immediately. The only time I go to a service centre is once a decade to get a licence picture.
If I report a lost debit/credit card to prevent fraud then the card is cancelled and I can't pay with my phone and have to wait a week for a replacement card. At least I can still drive without a physical licence.
Don't know where OP lives, but here in India, I lost my driver's license a long time ago and only "carry" a digital copy of it in an app called DigiLocker. Digilocker also contains registration documents of all vehicles I own, Income Tax (PAN) card, insurance policies, high school/university transcripts, etc.
My "cash" or card transactions has gone down manifold over the last couple of years. Everyone, including roadside vendors, accept mobile payments that's enabled using UPI (unified payments interface) that's tied to my bank account. There are dozens of apps and "wallets" that use it, including Google Pay, Amazon Pay, Paytm, PhonePe, etc.
My income tax records are all available online, and "filing" is a matter of importing this data using a tool that the income tax department makes available on their website, checking the pre-filled forms, and pushing the "submit" button -- signed using an Aadhaar number enabled OTP.
I was thinking the same. Except passport and credit cards I don't really need any other physical document. And most of this happened in India in the last decade quietly. Sure there are many concerns with Aadhar and some of the other things but it has reduced friction in so many of activities.
Sounds similar to how I do my tax on gov.au here. There are a lot of federal government services on there, most I have never used, and an OTP app. Income tax takes a few minutes. It knows about any contributions. If you have simple financials it is reasonably painless. If you have a lot of money and investments you are going to an accountant anyway.
Australia, although I think this would not be uncommon for most developed countries as it is a big cost saving for government. Licensing and registration are state responsibilities and each state has different systems.
Vehicle rego can be checked in the app so I can see my expiry and get notifications when renewal is due. We haven't had to attach any physical proof of vehicle registration since 2011.
The app can be used as proof of digital licences for boats, cars, trucks and for occupational licences (builders, tradies, security) since 2017. I can also view demerit points. Also does proof of age and more recently COVID checkins. The app was locally developed. I think most states here have similar systems https://my.sa.gov.au/
Here in NSW it is not quite so streamlined, Registration renewal requires a vehicle inspection by an accredited mechanic (and related paper work).
The inspection itself isn't anything complex I think they check brakes, headlights and such usually takes about 20 minutes I drop car off go and grab a coffee and it's ready when I get back.
Once the inspection is done everything else can be done online.
I don't mind the process so much (I only own 1 vehicle and live in city) but my parents for example live in a remote location (50 minute drive to get to mechanic) and have multiple cars, a boat trailer and a regular trailer which all have the same registration date so for my Dad it is pretty much an entire days adventure to get all the various inspections done.
NSW is kind of weird though. They have religious education in government schools which astonishes most Aussies.
Nearly everyone gets their car serviced regularly every 6 to 12 months and they risk being defected if driving with a fault. My guess is a comparison of road safety outcomes between states would show very little benefit as the other states haven't leapt in to follow the example.
I remember paying my SA car rego with laptop over Maccas wifi in Devonport after rolling off the ferry sometime in the naughties. We didn't do it with our phones because they were still potatoes.
Wish it was possible here in the US, but because every one of our 50 states handles ID in a different way, it'd be a logistical nightmare without federal involvement.
We have no national ID in Australia and the federal government has limited constitutional powers. We have tax file numbers and medicare numbers but they are only used for tax or medical payments and for nothing else.
Like the US it is a federal system and states have constitutional authority over road rules, registration and licensing and can do their own thing. Every state has its own websites and apps for these things. Half our states do not have digital licences yet but some of them will be ahead in other areas. I suspect if we had to wait for something national to happen the less progressive states would hold us all back.
Sounds suspiciously like the United Kingdom. I don't think a single government service remains that cannot be done online. Not only that, but they actively invest a vast amount of resources into convincing anyone who tries to use physical services (mail, phone) that they are making a huge mistake. Anyone unfortunate enough to have to phone up any government office must to spend at least 3 minutes hearing about how much easier it would be to just use the website.
As a UK national overseas I don't know pains of calling up anywhere, and for sure there will be pains for many in varied forms, but find gov.uk consistently excellent from personal affairs to running a business. While not applicable as gov.uk does everything I need, surely channels exist for those than cannot, or unable, to use it?
Example: setting up national insurance contributions from abroad. You can't do that online, and so being repeatedly told to use the website while on hold on HMRC's phone lines (if you're lucky enough that their voice recognition system didn't hang up on you) is adding insult to injury.
Not sure if it was just a temp measure during the pandemic, but last May I renewed my driving CA license completely online, and they mailed it to my home address; no visit to DMV was necessary.
I saw that, too. Unfortunately, it’s only valid if they’ve sent you a renewal notice. My DL expires this year but I haven’t received a notice yet, so I was ineligible.
At some point, your DL picture is too old, and they need you to come in to get an updated picture. Not sure the frequency, once every 10 years, every other renewal, etc, but the GP could have been subject to some similar circumstance.
That makes sense. I was more calling out that you don’t need to wait for the physical renewal form to do an online renewal - the system seems to make it an option 5-6 months prior to expiration.
DMV recently charged me $25 to get a printed sheet of paper mailed to my house (replacement registration). They dont even send you the original sized item, they just blow it up and print it on a regular 8.5x 11. Hell they should have just sent me the PDF and i could have printed it myself w/o the need for a stamp (or covid transmission)...
Funny thing I learned is you dont actually have to have the original registration card, you can also have a facsimile (which i take to mean a photocopy).
Little known fact: you can have a PO BOX address on your driving license (California). When you give the DMV your physical residence address, and a different mailing address, they will print the mailing address on the driver license. That's what I do.
Became a US citizen recently. You lose your green card on the day of the ceremony. If you don’t drive you suddenly find yourself with no ID for a few weeks.
> Of course green card holders have a separate id card that they legally must carry with them at all times
It is utterly beyond me to guess how such a system can possibly make any sort of meaningful difference to law enforcement. Or even how it can be enforced in any meaningful way.
It's pretty much not enforced. And a replacement card is $500+ and months of wait, so I don't blame anyone for not carry it.
My friend just carried a copy of the card - not sufficient to meet the requirements of the law, but probably enough to satisfy any initial inquiries until you can get your physical card.
500 dollars? That's highway robbery! Minimum wage is about $8, so some poor guys have to fork out well over a weeks wages for a piece of plastic. U sure it's 500 and not 50?
IMMIGRANT (thinking fast): uhh, er, pure blooded, Sir!
OFFICER: on your way then, young lad! I can't ask for your id because you don't need one. Have a nice day.
Not likely they can catch someone out unless they literally have his picture in hand. In which case, he obviously has bigger problems then not having his id card on him...
About 8 years ago my wife and I were driving to Vegas from Houston. Its basically 2 roads, I-10 from Houston to Phoenix and then some shitty state highway between Phoenix and Vegas.
Along I-10, we were stopped 5 different times at immigration checkpoints and asked a single word question "American?" and sent on our way. Our final stop was on the bypass bridge next to the Hoover Dam, same single word question, except this time, they required our IDs and asked for passports.
My wife and I are US Citizens, and at the time had no passports. Mine had expired around the year 2000, and she had never had one. Trying to explain that to some asshole hassling us felt impossible. After 15 minutes of us pulled to the side, they brought our licenses back to us and sent us on our way.
I wonder how many illegals the first 4 checkpoints managed to nab. I'm not sure how it's possible to manage there things without bothering some innocents.
Let us not forget the value of having it mailed to their home address for majority of the population. It provides some guarantee that the person who gets mail at the address is the only one who will get to use it.
Most of the population use insecure Android phones and are not the Little Snitch & 1Password wielding HN crowd.
Apple's card wouldn't seem so bad to me if they didn't treat debt to Apple differently [0] & lock people out of all of their Apple services when there's a payment overdue. It's crappy enough to be behind on bills without that sort of pile-on, not to mention the Kafka-esque process of fixing the issue.
> It appears as though charges from Apple are special, and if your account is not 100% current, Apple will quickly take drastic action.
It's not just charges made on your Apple card. Here's a comment thread[1] from two years ago when I mentioned Apple did the same thing to me over a recurring charge for iCloud that failed because I got a new debit card and didn't update it in time. (I was traveling.)
Unlike the author of the post you linked I was given zero notice or warning that all-things-Apple would stop functioning. I had assumed the charge would just fail the same way any other charge to a "bad" card wouldn't go through and that my iCloud subscription might lapse. I never in a million years imagined the charge would create an $8 debt to Apple payable immediately and that my iPhone (which I owned outright, not financed through Apple or anyone else) would be bricked unless and until I paid up. I was unable to download anything from the app store at all until I entered new payment information. I couldn't even download free updates to free third-party apps.
Most apps require constant updates or they stop working.
I had set up my iphone to only update on wifi, and was travelling for a month or so only using mobile network.
When I tried to get an uber, I realized the app didn't work correctly (the driver appeared to be in the middle of the ocean). Same for other apps.
Games and apps that don't use heavy server code work fine, but google maps, uber, whatsapp, facebook, and some of the KEY things will break eventually if you never update them.
It was quite a while ago but IIRC it was around the time of a major iOS update (which I had done) and so in the days that followed many of the apps “required” an update which I couldn’t complete. I wish I could remember which app needed updating that finally pushed me to add my credit card as a payment method. But here I am two+ years later and that AmEx is still the card associated with my AppleID rather than my debit card.
This doesn't sound like it's Apple Card but rather the Apple Store doing the disabling.
He said his Bank Account info had changed and the Auto-Pay to Apple Card failed. He mentions a card decline but that he had available balance, he never mentions that is Apple Card is disabled however and is vague about the specifics surrounding the card.
He bought a Macbook, didn't or wasn't able to fulfill the trade-in, and thus the Apple Store determined he owed the amount they credited for the Trade-In. So when the Apple Store tried to debit his Apple Card for the trade-in amount it failed. The Apple Store then disabled the device purchased and the accounts associated with the purchase.
I have a feeling if you tried to do this with a Pre-Paid Visa or a Debit Account, Apple would still disable the device and accounts.
* Yeah it's just what I said. Apple/Store froze his accounts, not Apple Card.
This will happen to anyone's accounts if they don't fulfill a transaction with Apple Store. It has nothing to do with Apple Pay.
** I also find it strange that he missed an email from Apple telling him he was delinquent on his purchase AND didn't see any emails about an Auto-Pay failure all while waiting for an email from Apple Support about his account being disabled.
Maybe it would still happen with some other card, though probably only if the purchase was directly linked to your account, e.g., buying from Apple's website or retail store. If you used a standard visa card at Best Buy, you'd be fine. Strong reason not to buy direct, if you're going to buy at all.
While that is definitely concerning, they did clarify that missing card payments will not result in a Apple lockout.
In this case, the person received a trade-in credit for a phone, did not send the phone in, and then when Apple tried to collect the trade-in credit, that payment bounced.
It's still more than worrying enough that I will not use Apple Pay because the consequences of something going wrong and having my Apple Dev account locked are _way_ too high.
What if that phone had got lost/stolen in transit, instead of not being sent at all?
I don’t understand how this is associated with Apple Pay: you don’t need Apple’s branded credit card to use Apple Pay. I have an Amex card that I use for everything except buying Apple products.
I am trying hard these days not to resort to "judging heuristics" and jump into conclusions about people, but when I see someone calling themselves "Designer, hacker, investor, nomad.", it's like immediately know their type: the "fake it till you make it" entrepreneur wannebes. He also links to his GitHub everywhere, but he made literally no contribution whatsoever in the last 2 years except some README fixes.
No, lack of trade in wasn't the direct issue. They didn't lock everything due to failure to receive the trade, they locked it because of the debt that incurred. Read through some other comments-- someone else had the same thing happen for an $8 charge when it was rejected by the credit card company after posting to a cancelled card.
No, that person indicates they were only unable to download from the App Store until they fixed their payment method for the App Store. Which... makes sense?
The rest of their Apple ID, as far as I can tell, was unaffected. It's another example of big claims turning out to be far more mundane. https://news.ycombinator.com/item?id=26430248
They were locked out of more than the app store, including anything they stored on the iCloud account which is a separate service all together. It sounds identical to what happened in the story I linked to, although that one the person couldn't even sync their calendar. Maybe the $8 person didn't use that function & so didn't mention it. Or maybe it still worked, but it would be strange for all other things locked out to be the same but for that one thing.
Regardless, it doesn't make sense to me: Visa (Chase Bank) can't lock me out of a damn thing on on the phone I bought on Amazon. They can't even take the phone away: Most credit cards are unsecured debt, the phone isn't collateral that can be repo'ed. Store-branded cards, though also backed by a bank, are sometimes different and purchases are also security for the debt: one of the reasons I stay away from them. I live debt-free, have been fortunate to always be able to do so apart from a small mortgage, but don't really like the idea that a really bad run of luck could be compounded by having some of the things I need taken away from me as I try to dig myself out of a hole.
Why does it make sense you can't download FREE apps from the app store without a valid credit card? I get not being able to make purchases from the app store. But the app store is needed to get updates to banking apps, communication apps, etc... The price of that service is figured into the price of the device (you never have to purchase anything on the app store ever to use the app store)
I had a similarish threat from steam once. I wanted to chargeback a game and they said it would cost me access to my _entire library_ . Better to eat a $30 charge than to lose access to $1000s for games.
I had the same thing from an accidental purchase-- I purchased the PS4 version of a game instead of the PS3 version, and didn't actually have a PS4. After multiple exchanges and ultimately arguing my case with someone over the phone, they reverse the charge as a "one time courtesy"
The mere fact that you can "buy" a game on the Sony store that is available for multiple devices but not be able to play it on all of those devices is already ridiculous.
Their TSA says the content licenses are tied to Steam. If you're banned from Steam, you lose the legal right to those games:
This license ends upon termination of (a) this Agreement or (b) a Subscription that includes the license. The Content and Services are licensed, not sold. Your license confers no title or ownership in the Content and Services. To make use of the Content and Services, you must have a Steam Account and you may be required to be running the Steam client and maintaining a connection to the Internet.
Suddenly steam games don't seem so cheap. They're hamstrung games compared to, say, back when you'd buy a nintendo cartridge and they'd basically have no control what you did with it then on (such as resell it on ebay or continue to play it whilst simultaneously disparaging them in public).
Over here "sending a credit card by mail" isn't a thing. At least definitely not the norm. You call the bank to order your new card to a specific branch. You then wait several days. They then send you an SMS saying it's ready. You then visit the branch, show your internal passport (aka "ID"), and they give you your new card.
How do you get one when you're abroad? No idea. You probably don't.
Russia. Until recently mail (of snail mail variety) was notoriously unreliable, and mailboxes in row houses are out of the owner's sight and easily breachable
Mailboxes are just as breachable in the US, but the credit card companies and banks seem willing to eat the cost of occasional fraud.
One year I had an epic week of fraud. My credit card number was stolen by someone involved with a local restaurant, the replacement credit card was stolen from my mailbox, and my rent check was stolen from my landlord's mailbox at a completely different address (and successfully cashed!) There was a 3 day period where the only money I had access to was the cash in my wallet because my credit cards, checking account and savings account were all frozen while their account numbers got switched. All the fraud was covered by my bank though.
SEPA direct debit is the usual setup for places where you'd expect to be able to pay via credit card (regardless of fees), and for e.g. small landlords you just set up a recurring SEPA push transfer (basically like ACH push, but free for normal consumer accounts) to the landlords account.
And for direct debit, you can technically just keep an eye out for unauthorized ones (they need to be shown to your bank 5 days in advance) and tell your bank to stop them before they debit your account.
But AFAIK it's the bank(s) that owe you the money, though they can in-turn try to claw it back from whoever debited your account without authorization.
Really, the worst one can do with an IBAN is trolling by spamming transfers to it or signing it up for direct debits (and I'd expect that to cause me at most 1 bank day of no funds, while waiting for my bank to reverse a fraudulent debit).
But the impact of the latter is limited (just set up a whitelist with your bank and have them auto-reject the spam), while the former is fairly costly (around 20~30 ct with the accounts that don't do fair-use throttling) and quite risky (harassment and KYC).
A similar experience when younger (and less financially secure!) has lead me to embrace n+1: my emergency fund (the part that isn’t in the coffee can in the freezer) lives in a separate bank than my checking, and I carry an Amex and a Visa as backup and pay with credit at all times.
I haven’t needed the redundancy since then but it’s comforting to know that I have a multi-month cushion to fight with banks if I need one.
Between zero problems getting as many cards and accounts as one wants, instant issue virtual cards and NFC/apps on the phones here in Russia, those stories from US sound ridiculous.
I only carry plastic because I find paying with the phone a bit cumbersome and besides the card doesn't have a battery and fits better in a pocket.
I have multiple spares laying around just in case. Sometimes the cats hide one, so what, the branch office is in 15 minutes walking distance.
Internet access is better and much cheaper too.
Maybe because Russia haven't had monstrous incumbents in either place and as a result the market worked as intended.
It's definitely not that inconvenient. You choose which branch it should go to, they work on Saturdays, and in my city with like 400k people there's 270 branches to pick from, one of which is surely convenient.
In Ukraine and Russia, your passport for ID and passport for travel may be two separate documents - паспорт and загранпаспорт, the former is probably what Griskha meant by 'internal'.
> How do you get one when you're abroad? No idea. You probably don't.
You go to your embassy wherever you are and notarize a document that authorizes a trusted party within the country to deal with the bank (and forward you the plastic). If you don’t need cash, you can issue a non-physical card with a click and use it via Apple Pay.
At least my Polish bank absolutely doesn't have any problem sending me my cards to a foreign address. I have to set it as my main address on the web portal though, request a card, and then it arrives where it should.
Most of the credit cards in my wallet are issued by banks that don't even have a branch. The last time I got a plastic card issued in person was a debit card I got when I was a child.
I have Amex because I trust them most to be on _my_ side instead of the merchants side by default. It's not accepted everywhere though. I use this preferentially anywhere its accepted that seems even the slightest bit sketchy.
I have both a Visa and a MasterCard - each from different banks, because I've been caught out when one bank's network is down and I couldn't pay for stuff or withdraw cash while travelling. I've never experienced a failure of ether Visa or Mastercards backends, but when I decided I needed a second source of credit/debit card at a seperate bank, I figured I may as well make sure I have one of each.
I have debit cards because they're pretty much an automatic part of having an account and a credit card, and also because I keep the credit limits on my cards low intentionally, and can use a debit card or online banking savings account with a much higher daily limit for large purchases.
I have one extra "single purpose" Visa card with a high credit limit and that gets used exclusively for my Apple/Google/AWS/Linode/DigitalOcean accounts. This is for peace of mind that my AppStore/GooglePlay accounts and my hosting accounts will _always_ charge successfully - the credit limit is over 10 times my total monthly spend over those accounts, I could conceivably vanish for a whole year and those would still all get automatically paid.
I grab a new one every couple of years when I see one with advantageous terms. I typically only use a couple of them at a time, but I keep the old ones around because: why not? Having more available credit is only a good thing.
I do have heard the view that it is better not to have more than 1 or 2 credit cards, because it is likely to reduce ones credit ratings, and also to avoid the extra card related expenses and charges.
> I do have heard the view that it is better not to have more than 1 or 2 credit cards, because it is likely to reduce ones credit ratings
This is, weirdly, backwards. Your credit rating is improved by having lots of available credit (i.e. lots of credit cards), which keeps your utilization percentage low, and by having a very high number of years on your oldest credit accounts.
> and also to avoid the extra card related expenses and charges.
Fun story - i still have the first credit account I got when I first went to college (originally cosigned by my parents with like a $400 monthly limit, eventually became solely my own and with a proper credit limit). Many years later (after getting a much better credit card that became my daily driver) I used that first card a couple of times for whatever reason and completely forgot to pay it off until six months later, when I paid it in full. That account is now still (> 8 years later) restricted with available credit of $0, but remains a favorable part of my credit score by being my oldest available credit line by many years (the non payment dings appear to have dropped off from my credit rating) ¯\_(ツ)_/¯
[edit: i just checked and that card currently has an available credit of $-0.05 which I guess means I'm giving the bank a $0.05 credit line!?]
Having a high number of applications in a short period of time will slightly decrease one’s credit score. Staying at or below 1-2 per year usually hasn’t swing mine more than a few of points. Even with a high number of inquiries, this factor only accounts for 10% of the most commonly used FICO score.
Debt burden and length of credit history are, together, 45% of someone’s score, and these are both improved by having a lot of old unused credit cards.
Having more credit cards/credit is not a bad thing... closing accounts on the other hand can drop your credit rating because your average age of credit goes down.
If they're in the US, a lot of financially smart and motivated people can play Credit Card games to maximize on their miles / rewards for purchases such as like 3% cash back on some purchases.
I have a friend who's honeymoon was completely paid - first class flights and ~three weeks worth of all inclusive 5 star hotels/resorts - all on points.
His father ran his entire construction company paying everything he could on the highest rewards based credit card available at the time. He apparently put over 12 million through it in two years. (I suspect it was about an order of magnitude lower than 3% cashback on that, but it was still a nice chunk of honeymoon and travel bills paid "for free", or more accurately by the bank and their merchants, and probably at least somewhat passed on to the construction company's customers in prices high enough to cover the credit card rewards scheme...)
Not the person you're replying to, but I have: my main one, one for the railway company that my gym is associated with (needed for that gym membership), one for a theatre membership, one that reduces my bank account's annual fee, a UnionPay card for use in China, one with good foreign exchange rates and one from my previous country.
Had the same issue with my SIM card while I was a student. Still registered as living at my parents' thirteen hours away, and they insisted on sending my new sim there while they were gone for weeks.. Luckily I'm from a really small town so got the mailman to just repost it with correct address. Pretty illegal I guess, though.
Another comment here about invalid card number also reminds me about my passport. I have a Danish passport but never lived there, so my id number has X-es in it in instead of all numerical. That's pretty hard for various form validators to accept..
I don't really see why there would be a law preventing you from authorizing a postal worker to check your mail for you. Like if they were your next door neighbor.
I'm using Apple Pay and I recently canceled my card. Interesting thing is that even before I had my new card Apple Pay switched to the new one, I didn't have to do anything. I wonder how they did that.
Credit cards send updated card information to various merchants that you've used. Usually it's for things like subscriptions or bills so you don't have a gap in service. Personally I hate it because it lets smaller stuff slip through the cracks for longer.
A couple months ago, I accidentally left my debit card in an ATM in Mexico, and needed to cancel that card. I called my credit union in Washington State, USA. They were quite good about handling the fact that I was not at my home address. I had to pay $32 and wait a week or so to get my replacement card, but it arrived without issue. They shipped it in an inactive state, and I had to call them to activate it. The only part that was mildly a pain was I needed to fax (what year is it?!) my address in Mexico, but that was pretty simple with HelloFax. I actually ordered a 2nd card as a backup in case I lose the new one.
If someone on the phone could convince a card company to send a new credit card to a random address in a random country, do you have any idea what kind of field day scammers would have?
Not "someone". Me. They happily secure phone actions by both a password and 2FA just like online access. After that point you can do literally anything else with the account, including close it or get a copy of the card details.
Thwarting the verified owner of the account is not fraud prevention.
On the subject of thwarting and card details, though, neither CapitalOne's website nor mobile app will show my card number nor will they let me create temporary card numbers _after_ I've authenticated with a strong password and 2FA whenever I happen to be outside of the country. It just says "Oops, something went wrong". It took me weeks to figure out the first time that it was because I wasn't on a US network.
Both your and the parent's points are valid. Identity verification is a hard problem that the major legacy banks have a big problem with.
Their processes are both extremely annoying and can fail and lock out the legitimate account owner (the reason many of you have had trouble replacing cards abroad is because "shipping to a previously known address" is itself a security measure) while at the same time being vulnerable to a targeted attack from someone with knowledge of how the process works.
I've had replacement credit cards sent to me overnight fedex at least five, maybe more times. Usually involved < 5 minute phone call to Amex/Chase/Wellsfargo whoever. United States, Canada, UAE and Singapore (twice).
There must be some safeguards beyond the various identity questions they asked me - but I don't know what they were.
I think it'd be fair for them to say "no, we can't send it to any address but your home address", but that their fallback is to say they'll send it to where you are and then to send it to your home address instead is itself a security hole (albeit a smaller one).
I had a similar experience after moving once. I'd called the credit card company to update my address and had even received statements at the new address (this was before e-statements were common). When it was time for a replacement card, a year or two after the move, it didn't arrive. So I called them, confirmed my address, etc., they said it had been sent months ago, so they would cancel that card and re-send. So now I can't use my current card even until it expires since the number has been cancelled. Wait a couple weeks, still no new card. Call them again, same deal. Confirm the address, they've sent it, it never arrived.
When the NEXT card didn't arrive I went by my old house and sure enough the folks living there had received all three copies. Then I got to spend a few hours being passed around to various people on the phone with the credit card company before I could find the person who knew about the super secret place where the replacement card address was apparently stored.
Edit: Ha, I just remembered the saga actually continued the next time I moved. Remembering this experience, I wanted to proactively have them change not just the regular address, but also the replacement card address. Unfortunately, try as I might, I couldn't find anyone who would believe me that just updating the regular address on the account wouldn't work. Sure enough though, when it was time for a replacement, it once again went to the old address!
That's when you file a complaint with your banking regulator (e.g. the CFPB). At that point, the problem becomes impossible for the bank to ignore, and too important to leave to the lowest-tier phone support agent, and it suddenly gets resolved.
>"Honestly this reason alone makes Apple's purely digital credit card my favorite. Need a new card number? Just push a button. No incompetent shipping divisions with 5 hops and as many business days between you and your ability to buy things when your card number is breached.
That all sounds good. I'd be curious how the customer experience is when there's an unrecognized charge or you need to open a dispute though.
> I'd be curious how the customer experience is when there's an unrecognized charge or you need to open a dispute though.
It's as easy or easier than disputing any other credit card charge. Open the wallet app. Tap the card to bring up a list of transactions. Tap the transaction you want to dispute. Tap "Report an Issue". Tap one of "Dispute Charge", "Unknown Transaction", "Incorrect Merchant Info", or "Other Issue".
Yes but you can do the same thing with most major credit cards via their Web UIs or mobile apps as well. What happens when you need to speak to a human being such as when a merchant declines to remove an erroneous charge.
Reminds me of a time I was traveling where there was no internet access for two or three months, during which my credit card was compromised, the card was closed, it got declined on 3 or 4 bills, accumulating a couple hundred dollars in late fees and preventing me from paying with a credit card on those services.
Seems like you should just be able to buy a generic card at the store and then input it’s ID/serial in your bank web portal and have the card authorized by the bank to be your card. I’m sure there’s probably a way I’m not thinking of that can be abused but it seems plausible
Buying generic cards would break the chain of trust as there's no guarantee that the card you're buying hasn't been tampered with, such as the private keys of the card already being compromised at the factory.
It is a good idea assuming you can guarantee the security of the card. Banks typically don't have an incentive to defraud each other by supplying backdoored cards, so banks could indeed partner with each other allowing people to go into any local bank branch, acquire a card and then call their bank to associate it with their account. Of course, you still have the identity verification problem there, as you wouldn't want an attacker to be able to associate a card they acquired with your account and then spending your money.
However, if you're going to solve the identity verification problem for the above, why bother with a card at all? We all have phones or similar computing devices that can act as a card (for Apple Pay & Google Pay, the phone literally simulates a contactless card).
> Honestly this reason alone makes Apple's purely digital credit card my favorite.
That only changes the card number used for online purchases, not the number on the physical card’s magstripe. The magstripe number doesn’t change, so if you get skimmed, you still need a whole new card.
There’s nothing special about the physical Apple Card.
As for online payments, you might as well use something like Privacy.com that gives you a separate number for each service. That’s better than Apple’s solution, and I’m still not sure why Apple doesn’t do that.
when i lost my wallet with my debit card in it, i went to my nearby credit union branch and they just printed a new one for me on the spot. all the relevant info was printed on the card and magnetized/loaded in the right spots. it didn't have raised numbers like many cards (even the periodic renewal replacement they've since mailed me lacks raised numbers as well).
it seemed to me then, and now, that that was a much better experience than waiting for it nervously in the mail.
My bank (ING) just cut me off completely when I was outside Australia. Couldn't get my replacement card sent to me (was just lucky my listed address still had my family living at it), couldn't ever log in to the app again, I was just done. They have no system for people outside their home country and their solution to any problem is to fly home. Unbelievable. Especially for one of the biggest multinational banks in the world.
After more than a decade of lurking HN... this is the comment that compels me to create an account.
Schwab dropped this ball and left me in the Guatemalan jungle for 18 days after many assurances that they would definitely not send the new card to my home address. Embassy? Nope. Hotel? Impossible. But sure enough it reached my house. Schwab was great, but this was too much.
Oh man the physical card thing annoyed me when I went to use my Amazon card a few weeks ago and it asked me to re-confirm the number. I had to go digging around for it because I figured I would never need to know that again. The card only is only useful on Amazon so why in the world can't it be completely digital?
I guess it depends on the bank. I had to cancel my card because I was afraid it had been skimmed while temporarily living in Singapore. My bank couriered a new card to me over night.
You can have a lot of free debit cards that you can order online as backup.
When your card gets stolen you immediately go online and transfer some money to the backup card before calling the bank to cancel the lost/stolen card.
> Apple Card features that use your transaction history, like spending summaries, are created on-device. Apple does not know your transaction history. [0]
> When you use Apple Card, our issuing bank and payment network partner — Goldman Sachs and Mastercard — and their service providers receive information about your transaction, including the merchant, time, and amount in order to operate Apple Card. Neither Goldman Sachs nor Mastercard share or sell your transaction information with third parties for advertising or marketing. [0]
1. Maybe they are selling purchase data to hedge funds? Lots of possible use cases.
2. Maybe some regulation only requires them to disclose if the information is sold for advertising or marketing (I think I remember this showing up on some post-CFPB credit card disclosure forms). Therefore the lack of such a disclosure for other uses for the information could mean nothing, just that they are minimizing discourses that aren’t legally obligated.
Definitely some of #2 going on. A lot of the language surrounding privacy disclosure requirements under the Gramm-Leach-Bliley Act is literally copy-paste from a form that the FTC suggests for compliance with the law.
Just about anyone with a financial account in the US will probably instantly recognize this form:
My guess is fraud detection partners? Some company that aggregates transaction data to spot patterns of abuse or fraud, and in turn provides services to their customers to mitigate it.
> Apple Pay data that has been disassociated from you may be retained for a limited period of time to generally improve Apple Pay and other Apple products and services.
I too can verify your identity. All I need is your first name, last name, date of birth, and last four digits of your SSN. Which are all floating around the darknet in one of the dozens of large data breaches American companies have had over the years.
Should I be able to get your replacement credit card delivered to my home address with that?
> Both your and the parent's points are valid. Identity verification is a hard problem that the major legacy banks have a big problem with. Their processes are both extremely annoying and can fail and lock out the legitimate account owner (the reason many of you have had trouble replacing cards abroad is because "shipping to a previously known address" is itself a security measure) while at the same time being vulnerable to a targeted attack from someone with knowledge of how the process works.
Neither my primary bank nor my primary credit union support 2FA.
If you're conditioned to give your password to your bank over the phone, I can use those three piece of information, and will happily call you up, posing as a bank CS representative.
If you think you're smart enough to not fall for that, let's suppose for a moment that you may be right. But what about your 76-year-old grandmother? Is she going to consistently be able to make a determination between a legitimate, and a fraudulent bank CS representative who wants her to confirm her username and password? Or is she going to have an easier time in a world where you never, ever, ever, ever give another human being your password over the phone?
Do you want convenience, or security? Actually, the better question is, does your bank want convenience for you, or security for them? (Because they are ultimately on the hook for fraud)
>If you think you're smart enough to not fall for that
What? Seriously? There's nothing to fall for here.
You should never trust an inbound call. If your bank calls you, you take their information, immediately hang up, find the banks phone line and call that number back yourself.
'We have detected fraudulent activity, call us back with the number on the card.'
You hang up. They don't. You pick up the phone, and dial the number on the card.
Depending on how landline phone routing works in your area, you hanging up does not end the call. You picking up the phone again resumes the previous call, you dialing some numbers does nothing, the scammer makes some telephony noises, and goes ahead and resumes their conversation with you.
Nothing to fall for, eh?
Also, please keep in mind, we are apes. The logical centers of our brains turn off when your bank calls you to tell you that you are being robbed. Especially if your mind isn't as sharp as it used to be.
I literally do not know a single person with a landline, so I cannot say if that is remotely true or not. I'll take your word for it. But what I am 100% sure of is that you could make any telephony noises you like down my phone and you will not succeed getting access to my banking details.
You'd probably have better luck calling the bank and trying to persuade them.
The point isn't making the telephony noises, the point is that most people have no idea that in certain situations, hanging up the phone and dialing a new number does not actually dial a new number. It sounds like you didn't know about this, for instance.
And again, this isn't about you. Most of the time, you don't pay for fraud, the bank does. That means that your bank is incentevised to reduce fraud, at the expense of your convenience - because not all of their customers are as smart as you are.
Do you have a scam in mind that doesn't depend on a rampaging time machine forcing me back to the 1990s? I don't think I've used an analog land line for decades, and I definitely don't know anyone who has one now.
I live in the Netherlands, a country that primarily uses debit cards. I do have a credit card that I rarely use. Only when I buy something in the USA for example.
Some years back I moved to a different city. About a year later I wanted to make a purchase with my credit card. I found out it had expired. I rang the bank and asked for a new one. They promised to send it to me. It never arrived. Rang again, got the same promise, and still no card. When I called them the third time, the employee found out my old address was still in their database. Turns out the credit card department had a different client database then the debit card department (who had my new address).
To change my address, I had to log in to their site. They weren't allowed to change it on the phone. As soon I tried to log in, I noticed I forgot my password. When I clicked 'reset password', there was a new surprise: they send the new password by snail mail.... to the old address of course!
So I had to go in person to the house I used to live in and explain the situation. I asked them to ring me when the letter with my name on it arrived on their doorstep. Luckily the people who now live in my old house were very nice and gave me the letter!
This seems to be a common issue with banks. Over the years, they have built system after system that stores things like your address. So you end up with addresses stored in multiple systems. When you request an update to the address, it depends how well designed the update flow is whether they update all the instances of your address. Often they miss a few instances or the accounts aren't linked so a subset get updated. in other cases, some department pulls a customer dump and uses it for 10 years without ever getting updates.
I recently got an SBA loan. After I got the loan the bank was bought or rebranded or who knows what and they moved my account to a new website. I was still able to log into the old website and, until I tried to update my email on the account, which can only be done over the phone, I didn't notice that they had actually cloned the database, and locked their customer service representatives out of the old one. I can still log into the old system, and update my password from there, thankfully. But I've been unable to change the email address on it because the customer service representatives insist that the old system "has been deleted" and refused to connect me with any engineers or escalate the issue to someone with the ability to solve it. Ironically the old system is still responsible for email notifications, so those are locked to my old email address. I'm pretty sure this is a data leak waiting to happen, but what can I do about it?
> I live in the Netherlands, a country that primarily uses debit cards
I noticed that on my very first visit to the Netherlands. Many shops just don't accept credit card and that was very strange to me on my first visit. My only use case for debit card was to get cash out of ATM until then. So, I was really surprised to see that everybody uses debit card everywhere. And I was told that credit card is mainly used for online booking and traveling.
It is very strange... I have some assumptions that it would be better for the general public to not have a credit card culture. Very rarely have I "required" the use of one, but when I was moving for my first real job out of school it was somewhat essential as a sort of buffer until the first paycheck kicked in. Not a comfortable place, but one I bet a lot of people could resonate with, and IMO a responsible use of credit.
To me (Dutch) the idea of using a personal credit card is very strange for anything other than because a website/shop doesn't accept any other form of payment. If you're a company, credit makes sense. You invest on a risk of getter a greater return in the future. But paying for your groceries or rent in advance should not be considered 'investing' in your personal life imho. You should just make due with what you have.
From what I understand about the US, it is mainly to get better credit rating. This is apparently the most important social score in American society...
Note to Americans: In European countries this tends not to be a thing afaik. Privacy is taken more seriously, so there is no central & privatized system to query for credit. However, to rent an apartment, get a loan or get a new job here in Switzerland it's often required to provide something like a credit register extract from the local government office. That register will get notified when someone isn't paying bills, usually after the third notification ~2 months after a bill was issued (notifying the register is costing fees, so businesses try to avoid it as much as possible). After a couple of years, entries get deleted. This way there is an attempt of balancing privacy, social mobility and the interest of businesses to collect their revenue.
Not just the US, the UK has credit scoring too, there I think 3 credit scoring agencies.
When I moved here from Europe the entire notion of credit card and credit scoring was new to me.
I still use my debit card whenever possible though, just spending enough on the credit card to avoid getting it cancelled due to not using it.
Similar to what we have here. Only I don't think it common they check your credit score for a job application. Only when you want a new loan (mortgage, credit card, buy on credit, etc). You can also query the information yourself and see who requested access to it in the past months.
where is here, the US you mean? but the way I understand it, those credit score agencies are private, and their info is much more granular. e.g. it would never matter in CH and pretty much all of Europe, how much you already spent and payed off on credit in the past.
Lots of credit cards come with incentives. For example, I get reimbursed a flat 2% rate on all transactions ("cashback"). As long as I keep the card on auto-pay for the full balance, it's a win-win situation: credit building + free money.
Where does that "free" money come from? From the payment network fees, of course. Mastercard takes a 4%-ish cut, the bank keeps 3% of that, and 2% of that goes back in my pocket. Banks have to offer such benefits because they will get cannibalized by the other players if their card can't compete.
Structurally, it's actually quite stupid that there's an invisible tax which you can only recover by playing ball with the creditors... but on an individual level you would have to be foolish to not take advantage.
I can confirm the strong deterrent towards having a credit card, any personal loans really, in the Netherlands.
My bank, and I believe most banks in the Netherlands, requires proof of stable income well above minimum wage before even considering an application for a credit card. This puts credit cards out of reach of a sizable part of the population.
Also, credit checks and reporting new lines of credit to the authorities by lenders are mandatory for all personal loans, be it for getting a mortgage, issuing a credit card, paying monthly installments for a smartphone bundled with a contract, or buying on credit from Dutch online stores or mail order catalogues.
Same here in Germany. A normal credit card is a charge card, so billed every 30 days in full from the giro account. Credit cards that are rolling are rarer but slowly breaking their way through.
I mainly use an Amex charge card that functions like this, don't spend money I don't have, and only don't use a debit card for things because our financial system is very insecure and don't want to give the number out because getting my money back is a lot harder than just calling Amex and reporting the fraud.
It's the same in Poland. I've never had a credit card in my life and honestly I don't feel any need for it. My debit cards work pretty much everywhere around the world, including internet payments (occasionally one card may have a hiccup so I always carry two cards from different banks)
It costs the merchant more to process a credit card transaction, so they don't bother unless they're likely to get a lot of tourists. These days, more and more places are going cashless too, though those places generally always accept credit cards, otherwise it'd be really hard for overseas visitors to pay.
I have a credit card here and only use it for international transactions[0], it has a fairly low limit to the point where if I'm, say, booking long-haul flights I need to pre-load it with money which fortunately only takes moments. This is partly by choice - as it's automatically paid off each month, I want to ensure I can never put more on it than will be in my bank account - but also that was the default limit when I got it.
[0] local online transactions pretty much always use a system (iDeal) that goes via your bank website.
I once had that on a bigger scale, also with a Dutch bank...
Shortly after I relocated from the Netherlands to Australia, my house was broken into and my Dutch debit card stolen. The bank would only send my new card to my local branch, which was 20,000km away. And none of my friends could pick it up because they insisted on verifying my id.
It's not completely dumb. Address verification can be part of an identity verification measure. It shouldn't be the only one, and an override should be possible, but it's completely valid and effective at thwarting remote attacks.
Sure, the logic lines up. I think it’s dumb just because how un-useful it is. Waiting for a week for a password reset to arrive in the mailbox is pretty painful.
Pretty secure I suppose, except in the OP’s case, where it was sent to an old address. And they wouldn’t update it over the phone? So they essentially gave some strangers access to his bank account.
A bank in Boston once sent me a debit card that didn't meet the valid number algorithm. I had to go in there and show them the math step by step to prove it.
Not surprising that they discovered it, even if they weren’t aware of it - I’m guessing this is how it went: person tried to use his card number on some random website, but it kept telling him that his number is invalid. They scratch their head and double, triple check that number and then do a google search.
If you are a software dev, you should know that devs love to expend relatively extravagant effort and time to figure out an issue, explain it precisely, and fix it to avoid the possibility of it happening again.
In general, and for my job especially, I am absolutely this person. However, as soon as I'm talking to any form of customer support I pretend to know nearly nothing about tech and try to stop myself from diagnosing the problem (at least out loud). Often the person I'm talking to has no real agency to make changes to the organization and me explaining what is wrong or trying to give them more details just confuses them. I'll still guide the conversation gently if I feel they are veering off into something wrong/unrelated but I've been "trained" by multiple experiences to just play dumb and try to move through the system as quickly as possible.
Yup. I can count on one closed fist how many times the phrase, "trust me, I'm a computer person" has gotten me anywhere with a technical issue at any company I've been a customer of.
This has actually worked for me once. I called my ISP to explain I had no internet access and where exactly in the protocol stack the issue seemed to be. They checked and fixed something on their end and two minutes later it was working again.
Heh, I didn't have to, I wasn't even transferred to another employee. This is a small-ish local ISP which probably doesn't have ten levels of tech support. A bit more expensive than offers from other providers, but absolutely no regrets.
Since we're talking about good support here, I have another story involving them:
When we started the contract with them 6Mb/s was the fastest available speed, a few years later it suddenly went to 70Mb/s for a week and then down again (which is fair, we had a 6Mb/s plan after all). I called them and asked if we could upgrade to a faster plan. They said they could now offer us a 50Mb/s plan and asked when I would be home. One hour later they sent a representative with a new contract, we signed, and the next day speeds went up to 50Mb/s again.
sadly most bug reports just say "it doesn't work" - which is not helpful at all. Why would they not need to know!? Maybe they had this problem for a long time, and affecting other customers too.
This does not surprise me. There are typically 5-6 discrete business systems involved in debit card issuance. Only 1 of them is implicitly responsible for ensuring the number is valid before the rest of the process begins. The card printers (at least ones I've dealt with) are certainly not taking the time to validate this information. I do not think the debit switch networks have any integral validation/exceptions for card numbers, as long as the bins are valid. It is ultimately the responsibility of the merchant/acquirer and issuer to verify this information is accurate.
Yeah, I could believe it. It was a small bank and the card was being sent in the mail. Nowadays my bank (a different one) can print a new card on the spot.
lol this is the most "sir this is an arby's" shit I've seen in a minute.
Like the teller possibly doesn't know anything about that algorithm except that it exists. Just show them the card doesn't work they can verify that quickly.
In a way, isn’t that the hell of modern life? Even if the teller/ phone support cared and was interested in helping and learning, they’d be screwed by their drop in Average Resolution Time. Are we making the world better or are statistics making us more compliant?
I have a fun story about a card with an unusual number of digits!
I worked for a very large department store on their mobile app. They issued their own in-store credit cards that only had 9 digits and didn't pass the LUHN check.
They jumped into e-commerce a loooong time ago so the tech stack was showing it's age and they didn't have real test servers. (They did but they were almost always unusably slow.) We did almost all of our testing against the production servers. This was fine because we were mostly just loading product pages and building shopping carts.
Normally for testing checkouts we'd use bogus credit cards like 4111 1111 1111 1111, which passes the LUHN check but is obviously a non-working card so our order would fail.
We had to check the in-store card processing a little differently and would test with the number 123456789, thinking that surely couldn't be a real card number. (You may see where this is going.)
We ended up typing out a lot of addresses so we usually picked one with the first state in our state picker, Alaska. Then we found the shortest city name in Alaska, which is Tok (there's a couple other three letter towns in AK but that's what we usually chose.)
One day, someone decided to check the order history of the account we were using to place those test orders. They noticed a tracking number and clicked on it. We had sent several dresses to 1 A St. in Tok Alaska. It was the longest tracking list I've ever seen with several delays and problems that could only occur when shipping to a fairly remote town in Alaska. (I believe avalanche was one of the listed reasons.)
I can tell you've probably worked with building your own Stripe forms back before the PCI rules made that difficult. It was so fun adding Luhn validator for the first time and seeing how quickly it rejects a card number if you're a digit off.
I believe that such a card shouldn't work anywhere - even if the terminal didn't validate anything (IIRC they must, and that's likely to be one of the test scenarios in the certification process for every new terminal model release) and the issuing bank would accept transactions from that card, a transaction with this card number couldn't get from the terminal to the bank as the network (visa or mastercard) should immediately reject it; all that validation is built in since the earlier days where card numbers may have been passed on manually (taken with an "imprinter" pressing down the embossed numbers through a pad of carbon paper, written down, taken over the phone, etc) with a nontrivial chance of mistakes.
This is exactly what that movie is about. The bureaucratic-technological engine being prone to tiny errors, which have cascading effects on the people affected. And despite putting in some effort and telling that engine that what it is doing is ridiculous, fixing it is very much non-trivial. Luckily, this time the consequences are minor. A beautiful illustration of "La technique", the runaway engine of rationality and efficiency, as philosopher Jacques Ellul referred to it.
This is something that freaks me out about modern tech. Failure rates might be low, but a failure could be catastrophic for the person impacted.
I remember seeing something similar in Ubiquiti's UniFi forum a few years back. Their WAPs and switches connect to a management portal you can self host and, after treating both http and https interchangeably forever, they decide https should be actual https. Before that, you could type https://..., but the communication would not use TLS.
They had customers with misconfigurations because they were consistently typing their inform (aka server) URL as https:// instead of http:// during device configuration. As soon those devices were updated, the new firmware would expect a proper TLS connection for https:// URLs, so it would fail.
I remember one person in the forum thread saying they bulk updated 600 devices spread across 300 sites and they all disappeared. That person made mistakes, but the configuration they were using was working, so why would they expect that to change? I tried to make the case that it should be considered a serious bug and part of the response was:
> We discussed this internally and decided to move forward because 1) we didn't feel that there would be many affected
That was a real eye opener for me and now I operate under the assumption that most tech companies won't have an issue completely ruining your life as long as it's only you or a small enough group of users that it won't have an impact on their bottom line.
Having worked for several tech companies in the valley, this is absolutely the case, calls are made all the time that screw a small number of users to unblock progress.
Jacques Ellul is extremely relevant to runaway technology problems we have today. For those unfamiliar, think Unabomber Manifesto without the crazy murderous stuff. Glad to see him referenced. The Technological Society is a must read for anyone who claims to think about the ethics of technology.
When I was at the FSF, Google mailed a coupon for free adwords to a bunch of websites, including several thousand coupons to the FSF... we figured it out it was all Joomla websites with a copy of the GPL linked in the footer.
This is both hilarious and horrible. I think the FSF address (both old and new) is one of the most well-known address on the Internet. I have to wonder: how many junkmail do you receive from web scrapers?
Not a lot of junk mail when I was there, but the middle old address (59 Temple Place) no longer exists, so I had some help from Greg KH to remove it from Linux.
When I was there I would get a fair amount of mail from people in prisons, and we'd send them books.
Interesting. Did the prisoners specifically ask for free software related books, or did they simply use FSF as a helpful place for getting all kind of books?
Someone who doesn’t realize the worst-case scenario for the customer experience when presented with an engineering problem. (This is often both the engineer’s fault and the leader’s.)
In Peru debit cards don’t have names on them. So you just go to a branch and they take an unused one off the stack and assign and hand it to you. 5 mins, any branch, no appt. Quite convenient. Credit cards do have your name printed on and those you pick up at a branch when they arrive.
I guess the US considers the printed name to be more important for debit cards.
In the US, debit cards and credit cards are processed by the same systems (by the same few handful of companies), so usually the only way you can tell the two apart visually is if the debit card literally says "debit" on it.
Merchants have the option of verifying the cardholder by comparing the name to some photo ID but it's very uncommon. There is a box on the back to sign the card but in my experience, the Post Office is the only entity that has ever checked it.
My impression was that if you sign it, they’re not supposed to ask for photo ID because the card company is bearing the risk (they could instead check the signature against the one on your receipt)
In Kazakhstan, we have debit card “ATMs”. You can have a named debit card printed out for you in a matter of minutes. All you need to do is to have it scan your QR in the bank’s mobile app. It’s quite convenient.
I once introduced a bug that squared each customer's order quantity.
Order 8 of the thing, we shipped 64. Oops.
Nutshell: The items were sold in bundles. To arrive at the quantity to ship, you multiply the quantity of bundles ordered by the quantity of each item in the bundle (just 1 or 2 in most cases). I got my variables confused and multiplied the order quantity by itself.
Many years ago I went into my local bank to change my ATM daily withdrawal limit. Somehow the person behind the desk managed to change the name on my account to "Mr Mr" (but not change my withdrawal limit), so, along comes a new card in that name a couple of days later.
It took 4 reissued cards to get my name back.
Then they charged me for the extra cards. It took a short conversation with the bank manager to fix that.
I guess it's true that computers just let you make mistakes faster (look at the names
on the cards).
Edit: No, apparently the cards had numbers/names inconsistently Photoshopped for privacy. My bad.
American Express credit cards have the interesting property that 3 out of the last 4 digits are almost always ‘100’.
Because many UIs only show the last 4 digits, and because of the birthday paradox, it only takes 4 American Express cards saved to a website before you have a 50% chance of 2 of them being indistinguishable from one another.
You haven't been in devops 'hell', then! ;-). Has been many years for me, but SSHing into a server with a high load and trying to diagnose = now sounds like training camp to me, hah.
I remember waiting multiple minutes on a production system on more than 1 occasion! =D
each keystroke has to be sent to Redwood City to be individually massaged and returned
Is it an older terminal-based system? Lots of those were designed (and still in use, 40+ years later). Usually it's not a big deal, in fact faster than modern interfaces, because they're built for decades-old hardware and low baud rates. Of course if you're still running the original hardware or have really screwed things up then performance goes out the window.
Even though I have "paperless" enabled, Charles Schwab sends me a paper letter for every stock transaction I do in one of my accounts. Especially in conjunction with fractional shares, this leads to a lot of wasted paper and effort.
I've been tempted to do a bunch of 0.01 share transactions to see if I could overwhelm them into giving up on paper transaction confirmations.
I sent a GDPR request to Barclays a year or so ago. It took them a while (not within the 30 day deadline), but eventually they got back me. One day a heavy overnight shipped package arrived, and inside were A5 print outs of all previous communications they had ever sent me. Around 500 pages in total.
It didn't actually have information about what data they store in the databases, so they didn't actually fulfil my request. I figured it's not worth the trees to try and chase it up more....
When I read comments about horror stories in this thread I gotta say I'm fairly removed from these problems since in our country we're mostly moving to paying via phone, virtual cards, sending transfers to a phone number and such.
> According to Delloite, the Polish banking market is the leader of digital maturity in Internet and mobile channels
If anybody wants a taste of well developed an functioning electronic payments system come to Poland. We accept contactless almost everywhere, often times even on street markets and stands.
It’s like this too even in major cities in Australia. Market stalls and the like all seem to have the Square tap-and-go things. I don’t even think I’ve used an actual card in a long time, just my phone.
The pandemic probably helped move things along too
My personal guess: A queue calls into an external 3rd party service, but the external service is not transactional, so it can receive and store the request, but before it finishes executing, it throws an exception and returns an error code.
The queue keeps retrying into the external service. While the external service keeps printing cards.
Every time a company advertises "bank-grade security" it lowers the bar in my mind. I guess the layperson thinks that banks have good technology but their security is mostly via the legal system.
>very time a company advertises "bank-grade security" it lowers the bar in my mind.
It should!
>but their security is mostly via the legal system.
Exactly! It's why I hope we eventually replace them with some cryptocurrency (math) based currency that cuts them out of the loop. They're parasites on society.
I once used a new hire process where the insurance card was mailed when the user clicked next on the insurance page. Problem is when someone clicked back and changed something another card was mailed. We received a bunch of ID cards.
I can imagine someone mistakenly adding a 0 and then sending 2*60 cards instead of 2*6
> Bank proceeds to buy drilling companies to fulfill the necessary plastic demand so customer 8789 with $2.86 in his account can have all the cards he needs
I mean... this (issuing plastic cards) is just basically a way of distributing "trusted" hardware to customers who are walking around with a million more cycles per second on their wrist...
Would be a funny thing go to the same place or various places with the same group of people and just keep cutting up your card after you pay the bill without any explanation.
> I used Photoshop's Content Aware feature to remove the numbers and last name. In some cases, it pulls in surrounding items (Like the "Er" from Peter) and I was too lazy to clean it up.
Would the experiment require telling these friends the PIN? I suspect most people don't know 63 other humans who they could trust with their card and PIN, let alone that many humans who could be coordinated into simultaneously carrying out such a test. It's a fascinating idea though.
I think between hackerspace members and coworkers, I could easily come up with 63 trusted test partners. I'd of course do some good tracking to make sure I got all the cards back (maybe escrow one of theirs in place of mine), although that could get tricky if any ATMs got pissed off enough to start swallowing them. I guess everyone also has to record video of their attempt?
It'd be fun to coordinate, for sure. I wonder how wide a radius you'd need to cast to get 64 working ATMs....
There are a whole bunch of fun interesting questions with 64 of the "same" chip card.
With a magstripe card you can't really learn anything interesting from having more than one which you couldn't have learned with a single card and a willingness to disobey instructions from the issuer. The card is just a piece of plastic and a small amount of easily transcribed data in the magnetic stripe - so you can clone them, of course, because that's a thing crooks do, and the clones are indistinguishable.
But a chip card is more complicated, potentially much more complicated, and it will have at least some local storage that isn't transparent. This is part of why it resists cloning, you can buy gear to read and write magstripes (for legitimate purposes) very cheaply, and that's enough to clone a magstripe card, but you can't (shouldn't be able to) read enough data from your chip card to clone it.
Let's number the cards #1-64. Suppose you take card #1 and you try to buy a Coke with it from a card vending machine. Does that work? Or does it need to be "activated" by interacting with an ATM first? If it needs to be activated, after that do cards #2-10 work, or do they too need to be activated?
OK. Now having checked the first ten cards working. What happens if you go to an ATM and change your PIN on card #3 ? Does the old PIN work on card #4 still? Or does it need the new PIN even though you never told it the new PIN?
If you know somewhere that you're certain does offline PIN verification and somewhere you're sure has online (ATMs are always online) try card #5 in the offline place and card #6 in the online place, they might behave differently! In the US you may struggle to find anywhere that does offline PIN because most US outfits seem to treat card present as good enough (which is one reason why the US has very high fraud rates)
Also, find somewhere which gives out very detailed receipts with as much information as possible about your card transaction (e.g. cryptograms, and see if cards #1 and #10 are distinguishable based on the information in those receipts.
Finally, if you're aware of a transaction limit (e.g. maybe only ten contactless transactions between PIN requests) see if the limit belongs to a specific card or the account. If you know (or discover) multiple limits, there might be some in each category.
Shouldn't that be taken care of? I just mean I made terrible Flash Games once and learned that on the first week of the job. I actually still see this on payment gateways with banks. "IF SOMETHING DOESNT HAPPEN IN 60 SECS DON'T TRY AGAIN UNTIL YOU CHECK PAYMENT WAS NOT TAKEN".
ikr? it seems like if we can figure out what to do with a big wad of ASII armoured data, we don't need animated gifs to be made easier than they already are. i wonder if poster just expects this to show up as an embedded image because that's what happens on other forums, or if they think this is a good value proposition for hackers?
This reminds me of a time I was traveling and had to cancel a lost credit card. I told the card company that I was not at home,was definitely outside of the country, not going to be home, definitely staying at an address that was not the home address listed on the account, wanted the card to be sent to _me_ and not my _home_, gave them my foreign delivery address 5 times over as many weeks, got 5 separate promises that the card was definitely going to reach me at my outside-of-the-country-and-not-at-home location in just a few business days, and the card never showed up. So I just gave up. And then, when I finally went home there were 5 goddamn cards in my mail slot.
Honestly this reason alone makes Apple's purely digital credit card my favorite. Need a new card number? Just push a button. No incompetent shipping divisions with 5 hops and as many business days between you and your ability to buy things when your card number is breached.