
OpenTable Fires Employee for Making Fake Reserve Bookings - danso
https://chicago.eater.com/2018/3/5/17078210/opentable-reserve-fake-reservation-scheme-no-shows-chicago-restaurants-valentines
======
trhway
>Reserve’s security team conducted an investigation and brought that evidence
to OpenTable and started a dialogue between the two rivals. OpenTable
confirmed that it fired the employee in question

lesson to the youngsters - never do anything smelly/unethical (dont even
mention criminal) without manager approval in writing. Otherwise at the first
sign of trouble you'll be made to take one for the team as it seems to have
happened in this and countless other cases.

I mean even in normal situation, whenever some details of feature, project,
etc. are discussed and decided/assigned in some informal way, i find it is
very useful to send a summary note so the manager/PM/etc wouldn't come later
with the very different version of what happened.

~~~
Joakal
They will be verbal about it. If you request it in writing or email their own
request to them, you will be fired or 'burned'.

Source: Worked in finance. Most inappropriate requests was verbalised. They
not only came from management but from other members of team (ie, bullying). I
had a coworker get really angry at me when I 'confirmed the task' to her and
cc'd my manager for a task she was offloading to me that wasn't related to my
department.

~~~
vidarh
If you're concerned about that, pull it back one step, and go "sure, I'll
confirm in an e-email". And watch lots of excuses for why the request suddenly
isn't essential anyway.

The point is that if you don't create a paper trail, you risk being set up as
a fall guy for much worse than being fired. They know it, and you know it, and
your safest way out is to make sure that they know that you know that they're
asking you to do something inappropriate and that you're smart enough to
ensure there's evidence implicating them if they force the issue.

If they get angry or keep making those kind of requests it's a good reason to
look for another job anyway, before they find a way of pinning something else
on you.

~~~
amyjess
> If you're concerned about that, pull it back one step, and go "sure, I'll
> confirm in an e-email".

Or the old, "I'll go ahead and open a ticket."

~~~
vidarh
Yes, pretty much anything that innocently announces your intent to put it in
writing somewhere, and gives them an opportunity to back off and pretend the
conversation never happened will do.

------
matt_wulfeck
> _We extend our sincerest apologies to the restaurants in Chicago that were
> impacted by the disgraceful, unsanctioned activity of a lone OpenTable
> employee._

I have a hard time believing he/she just thought of such scheme without silent
knowledge, approval, and/or encouragement of others.

~~~
dawnerd
Quotas/commissions will do that to sales people.

~~~
avip
Wells Fargo method. We don't know anything, we just set up a system to
encourage fraud and close our eyes.

~~~
Zanni
I believe OpenTable when they say it was a rogue employee, but I was hoping to
see some mention in their apology of looking at their incentive system.

~~~
ckocagil
Why do you believe them without any evidence to (or against) their claims? For
all we know there could be a direct verbal request from a manager.

~~~
Zanni
I believe them because that's my default position, and I don't see enough
evidence to believe otherwise. A poorly-incentivized rogue employee sounds
perfectly plausible. But I don't think something like that happens without
_some_ culpability on the companies part (poor incentives, lack of oversight),
which is why I'd like to see them take responsibility for that.

------
erikb
Read this and ctrl-f "cat's paw" or "execution failure":
[https://www.ribbonfarm.com/2011/10/14/the-gervais-
principle-...](https://www.ribbonfarm.com/2011/10/14/the-gervais-principle-v-
heads-i-win-tails-you-lose/)

I love how many of the Gervais Principle examples are actually something you
can see in real life. Also hating it though. I wish we would live in a better
world.

~~~
Balgair
Again and again, I come back to the Gervais Principal as _The_ best literature
for understanding the corporate environment. Thanks for the refresher!

------
lowbloodsugar
It seems a great many people believe that everyone else, and particularly,
everyone in management, is unethical; the system is corrupt, all management is
corrupt, and the only way to advance is to sacrifice one's values. I used to
believe this too.

To the ethical people out there, I'd like to say that there is a battle and we
haven't lost yet. It sure looks that way, given the behavior of the
government, large corporations, even NGOs. But its a battle. And the first
front in the battle is mindshare. If ethical people believe that everything is
corrupt and hopeless, then the unethical people have won.

Consider this: the rogue employee at OpenTable could genuinely be a rogue
employee. They might even be a nominal ethical employee who perceived behavior
around them as unethical, or who believed that the only way to success given
their performance targets was to behave unethically. They may have believed
that the only explanation for the performance targets were that OpenTable
wanted them to act unethically, when in fact they were just impossible targets
set by an aggressive, but ethical manager.

I'm sorry to say that ethical behavior is something we have to fight for
continuously. We don't get to create a constitution a few hundred years ago
and call it done. But it doesn't help if we declare, as I used to, that the
government has been "rooted", and the US is just an unethical cesspit now. Get
involved. Demand ethical behavior. Call out moral hazards. Talk about ethics.

------
grzm
Actual article title: "OpenTable Infuriates Restaurants With Fake Reservations
Scheme"

------
geofft
> _Wesner and Reserve CEO Greg Hong said this was the only time they’ve ever
> tracked such behavior, which they don’t believe is criminal in nature._

Isn't this a reasonably straightforward CFAA violation?

(I'd agree with "we don't believe it _ought to be_ criminal.")

~~~
Someone1234
The Computer Fraud and Abuse Act is such a broad and poorly written law that
even common behavior can be called a CFAA violation, such as breaking terms of
service.

It was created during the enduing moral panic after the movie Wargames was
released (1983 release, 1984 law). The House Committee Report about the bill
literally references the movie.

Here's the Wikipedia page on it:

[https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act#C...](https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act#Criticism)

~~~
rdiddly
I didn't know that! JESUS that is lame.

------
gumby
> We extend our sincerest apologies to the restaurants in Chicago that were
> impacted by the disgraceful, unsanctioned activity of a lone OpenTable
> employee.

What about apologizing to Reserve?

~~~
calt
That can be done internally. No open letter required

------
cozzyd
Well, that explains why the restaurant I took my wife to on Randolph St had a
surprising number of empty tables on Valentine's Day.

~~~
petee
This is one aspect not addressed in the article; just because tables were
falsely reserved, doesn't mean they were actually responsible for the lack of
business - if no customers were going to show up anyway. No real way to ever
gauge that though.

~~~
cozzyd
I've been to the same restaurant on other nights and it's always been packed,
so it was quite suspicious that it was so empty on what should be an even
busier night...

~~~
petee
Oh ok, you're likely right in that case!

On a positive note, at least you got a little peace for dinner

~~~
matte_black
What’s to stop anyone else from doing something similar if they want a quiet
dinner?

~~~
cozzyd
That's a great idea, sounds like a niche for no-shows-as-a-service.

~~~
sitepodmatt
Why isn't this a thing already, just like hotels, pre-authorize a minimum
table charge to a debit/credit card (ensure AVS and/or names matches - most CC
processors fraud systems provide this info - so you have correct details to
blacklist in the event of a chargeback) - infact actually the reservation
provider should be handling and swallowing the chargeback risk - they have the
aggregated data and taking a big fee for essentially a risk free SaaS.

~~~
petee
They probably don't want to raise the bar any more for potential customers:
too many hoops and I'll just use the phone instead; it'll take less time to
call than type my CC#

~~~
sitepodmatt
The idea would be that they do the same on the phone, it's much easier to type
than have someone try to process a CC over the phone 5494 2442 what was that
again 5494 242.. etc.. It's almost impossible to secure a hotel without a CC
nowadays even for pay on arrival, it will take some first movers but I'd
suspect most would follow suit pretty quickly.

------
shaki-dora
HN should really stop meddling with headlines until they find people who don’t
replace “reservations” with “reserve bookings”.

~~~
notsofastbuddy
Seems fine to me when "Reserve" is, as in this case, a proper noun.

~~~
ghostbrainalpha
Really?

Reservations is what EVERYBODY calls it. I've made thousands of reservations
in my life. I had no clue what a "reserve bookings" is. You _can_ figure it
out from context... but why go out of our way to make things so difficult to
understand.

~~~
dragonwriter
Title case (which is itself an abomination before the Lord and a destroyer of
communication) is the problem here.

It is not “fake reserve bookings” but “fake Reserve bookings” (that is, in
longer form, “fake bookings on Reserve”.) As GP pointed out reserve is a
proper, not common, noun in this use.

------
TallGuyShort
> which they don’t believe is criminal in nature

With all the silly things people want to regulate, I'm always baffled how
intentionally deceiving people with the intent to cause harm isn't just plain
illegal, and your only recourse is civil court. It seems to me it would cover
a lot of situations that people try to fix with very specific (and thus
loophole-y and high-overhead) regulations.

~~~
scott00
My non-lawyer opinion: I would be shocked if a motivated Illinois Assistant
State's Attorney couldn't turn this into a criminal conviction. The definition
of wire fraud in Illinois (720 ILCS 5/17-24) is "A person commits wire fraud
when he or she... devises... a scheme or artifice to defraud or to obtain
money or property by means of false pretenses, representations, or promises"
and as part of that scheme communicates using a wire or radio waves.
Basically, if you lie in connection with a financial transaction and use a
telephone or the internet, you've committed wire fraud. The state doesn't
prosecute many wire fraud cases as far as I know, but nearly every white
collar federal case includes a wire fraud charge, because basically anything
nefarious is wire fraud in addition to whatever else it may be.

Of course, just because a prosecutor _could_ prosecute someone for a crime
doesn't mean they will or should. And I think Reserve's lawyers have probably
come to the conclusion that the State's Attorney probably has better things to
do with her staff's time than prosecute this case.

------
hw
"Reserve’s software engineers noticed a spike in prospective fraudulent
activity on the afternoon of February 14"

Interesting that they would be monitoring for fraudulent reservations. Are
fraudulent reservation 'wars' between these companies pretty common that they
would be tracking such behavior?

Also, if this isn't criminal, is DDoSing a SaaS competitor not criminal then,
since they are pretty similar?

~~~
GCA10
I don't know about the restaurant business, but I've been told by people in
the flower trade that the long-stemmed rose business right before Feb. 14 is
full of antics, deceptions, broken promises, dummy orders, etc. that are
absolutely terrifying if you're new to the game.

So much money to be made so fast. It tends to attract . . . operators.

~~~
dpflan
Do you know of good sources, articles, documentaries, etc exploring this or
these events that attract “operators”?

~~~
GCA10
It would make for a fine bit of investigative reporting. Wish I had an article
to recommend.

My source is a medium prominent tech executive who tried to disrupt the
Valentine's Day flower business (with its high mark-ups). His plan was to set
up his own, lower-priced regional alternative -- which would bring in
planeloads of flowers from Central America, right on time.

Things did not work out the way he had hoped. Everything went sideways the
first year. He tried again, and the second year was catastrophically worse.
There was no third year.

~~~
thomasz
That's why you should always have a domain expert on board when trying to
enter a business you deem ripe for disruption. Chances are very high that you
do not completely understand it.

------
tacostakohashi
Oops, it's the good old-fashioned principal agent problem.

[https://en.m.wikipedia.org/wiki/Principal–agent_problem](https://en.m.wikipedia.org/wiki/Principal–agent_problem)

------
blauditore
I'm wondering how they found out it was someone from OpenTable.

Detecting someone using multiple fake accounts (maybe from the same IP) is one
thing, but how to track its origin? Did they use approximate location of the
IP and saw it's close to OpenTable offices?

~~~
hidenotslide
Probably because the cancels were followed up by aggressive sales calls that
mentioned the issue. A quote from the article:

"The no-shows were accompanied by an OpenTable inquiry about Tavern’s 'sagging
sales,' with a renewed attempt to convince them to switch."

~~~
tobyhinloopen
So they were too aggressive. They should have used fake bookings much less and
increase them much more slowly, and don't show with "hey, wanna switch?" right
after.

~~~
inetknght
Should have? You realize you're arguing _for_ something that's morally
reprehensible and legally questionable (fake bookings) in the context of
something else whose morality is dubious at best (how should OpenTable know
about sagging sales in the first place if they're not already affiliated with
OpenTable?)

------
dev_throw
Seeing this from another perspective, shouldn't Reserve's engineering team
have been able to pre-empt this kind of attack? If they could do a postmortem
and determine the requests came from a single range of IP's (assumption), they
could have foreseen it. Or if they had set up alerting around frequency of
reservations, they would seen an outsized number of requests which they could
further look into. These are pretty easy to set up, so I'm surprised they're
so naïve about this kind of vector.

------
dwyerm
I suspect there are some restaurants who are just now finding out what that
mandatory binding arbitration and class action waiver clause in Opentable's
terms[1] really means, today.

On the other hand, there's an Opentable lawyer who is getting an extra martini
at lunch today for saving the company by including that text.

[1] [https://www.opentable.com/legal/terms-and-
conditions](https://www.opentable.com/legal/terms-and-conditions)

~~~
Blackthorn
The affected restaurants don't use OpenTable.

------
berbec
Didn't Uber used to do this to Lyft et al whenever they show up in a new town?

~~~
guelo
No. Uber didn't use to have lone rogue sales people that were immediately
fired when the company learned about it.

~~~
inetknght
Take this source from 2014 as you decide, but there have been mainstream news
articles in the past stating contrary:

[http://money.cnn.com/2014/08/11/technology/uber-fake-ride-
re...](http://money.cnn.com/2014/08/11/technology/uber-fake-ride-requests-
lyft/index.html)

~~~
srtjstjsj
You and others missed parent's dry humor.

FTA: > it's not just a rogue employee or two

~~~
inetknght
Sarcasm and dry humor do not befit the internet

~~~
unit91
Thank you, inetknight, brave Knight of the Internet.

------
nkkollaw
> ...and the employee was terminated immediately.

Jesus! C-can they do that?

------
itronitron
So there are four different start-ups that focus on making restaurant
reservations... I had no idea it was so difficult to call a restaurant and
make a reservation, I guess the person would need access to a phone in order
to make the call.

~~~
eganist
It's pretty awful. Hold times, the potential for multitasking staff to forget
to log a RSVP, determining how to best allocate tables... Not only is online
reservation a necessary component, it's just one piece of a multi-component
automation solution to the many problems that arise from a desire to
efficiently and effectively seat and serve as many people at once as possible.

I recognize your comment is in jest, but I appreciate you making it. This
challenge is rarely understood.

~~~
GCA10
In our household, we make a fair number of restaurant reservations at 11:30
p.m. . . . and some more at 9 a.m. (Two-career couple; hard to align
schedules, etc.) Online services like Open Table don't mind this at all. By
contrast, restaurants are not eager to keep staff by the phone at those hours,
just in case we call.

