It's important to observe that Hanlon's Razor does not exclude malice; it merely reminds us that incompetence may be the better explanation.
Then we can further observe the possibility for a third form of the apparent dilemma: organisations tacitly and systematically weaponising their incompetence.
Weaponised incompetence is definitely at play here. Intentionally writing bad code - or worse: code paths that intentionally show higher fares that CSRs can trigger - would put them one whistleblower away from serious regulatory and PR consequences.
However, a legitimate bug/lack of attention to detail coupled with a dysfunctional remediation process will effectively achieve the same outcome without leaving conclusive evidence for a regulator to prove malice.
In this case there was a bug that got sidestepped when the CSR looked up the account (maybe a cache got flushed?), the bug is most likely known but is rotting away in some Jira backlog because making the system work well (the work they should’ve done in the first place) wouldn’t give anyone any promotion (or worse - will expose their incompetence) while “raise spam letter frequency by 10% to increase engagement” is scheduled into the sprint because the product manager wants their praise for their upcoming promotion.
Then we can further observe the possibility for a third form of the apparent dilemma: organisations tacitly and systematically weaponising their incompetence.