If I were you, I would check your credit report IMMEDIATELY.
I'm in the same boat as you, except I'm in my 40s. Most companies use Experian or Equifax to do some sort of credit verification by asking these questions. However, about 5 years ago, the credit agencies merged my credit record with someone else with the same name, but entirely different birthday and location.
Evidently, they don't give a fuck because it took me years to get this wrong information off of my credit records. I don't understand how this isn't libel, since they are spreading false information about me, and that drastically affected my credit, and I had to jump through hoops to get everything corrected.
The thing that really sucks is that Experian STILL has the wrong information about me, so when I'm asked these credit questions, it's mixed with the other person's data, so I always fail the credit check. Despite having nearly perfect credit, I've failed the credit check numerous times, and like you, the decision has always been final, because no one appears to give a fuck.
The problem is I have no idea how to get Experian to refresh their data, even though it's several years old now.
It might be the case that the OP's credit history has been merged with someone else, and if this is the case, they need to fix it as soon as possible. Use the yearly free credit report to make sure there is no loans or credit cards associated with your name, and if so, you need to call every single credit agency and dispute it. It really sucks, and I don't understand how we let the credit agencies have this much power, where we the consumers have to suffer like this whenever THEY fuck up.
> [N]o consumer may bring any action or proceeding in the nature of defamation, invasion of privacy, or negligence with respect to the reporting of information against any consumer reporting agency ...
The brief version, with the exact search queries you'll want bracketed: you send a [debt validation letter] under the FCRA to the CRAs. This starts a 30 day clock, during which time they have to get to the reporter and receive evidence from the reporter that you actually own the debt. If that clock expires, the CRAs must remove that tradeline from your report and never reinstate it. Roughly simultaneously with that letter, you send the collection agency a [FDCPA dispute letter], and allege specifically that you have "No recollection of the particulars of the debt" (this stops short of saying "It isn't mine"), request documentation of it, and -- this is the magic part -- remind them that the FDCPA means they have to stop collection activities until they've produced docs for you. Collection activities include responding to inquiries from the CRAs. If the CRA comes back to you with a "We validated the debt with the reporter." prior to you hearing from the reporter directly, you've got documentary evidence of a per-se violation of the FDCPA, which you can use to get the debt discharged and statutory damages (if you sue) or just threaten to do that in return for the reporter agreeing to tell the CRA to delete the tradeline.
No response from the CRA? You watch your mail box like a hawk for the next 30 days. Odds are, you'll get nothing back from the reporter in that timeframe, because most debt collection agencies are poorly organized and can't find the original documentation for the debt in their files quickly enough. Many simply won't have original documentation -- they just have a CSV file from the original lender listing people and amounts.
If you get nothing back from the reporter in 30 days, game over, you win. The CRA is now legally required to delete the tradeline and never put it back. Sometimes you have to send a few pieces of mail to get this to stick. You will probably follow-up on this with a second letter to the reporter, asserting the FDCPA right to not receive any communication from them which is inconvenient, and you'll tell them that all communication is inconvenient. (This letter is sometimes referred to as a [FOAD letter], for eff-off-and-die.) The reporter's only possible choices at that point are to abandon collection attempts entirely or sue you. If they sue you prior to sending validation, that was a very bad move, because that is a per-se FDCPA violation and means your debt will be voided. (That assumes you owe it in the first place. Lots of the people doing these mechanics actually did owe the debt at one point, but are betting that it can't be conveniently demonstrated that they owe the debt.)
If the reporter sends a letter: "Uh, we have you in a CSV file." you wait patiently until day 31 then say "You've failed to produce documentary evidence of this debt under the FDCPA. Accordingly, you're barred from attempting to collect on it. If you dispute that this is how the FDCPA works, meet me in any court of competent jurisdiction because I have the certified mail return receipt from the letter I sent you and every judge in the United States can count to 30." and then you file that with the CRA alleging "This debt on my credit report is invalid." The CRA will get in touch with the debt collection company, have their attempt timeout, and nuke the trade line. You now still technically speaking owe money but you owe it to someone who can't collect on the debt, (licitly [+]) sell it, or report it against your credit.
I just outlined the semi-abusive use of those two laws, but the perfectly legitimate use (for resolving situations like mine, where my credit report was alleging that I owed $X00,000 in debts dating to before I was born) is structurally similar. My dropbox still has 30 PDFs for letters I sent to the 3 CRAs, several banks, and a few debt collection companies disputing the information on my report and taking polite professional notice that there was an easy way out of this predicament for them but that if they weren't willing to play ball on that I was well aware of the mechanics of the hard way.
[+] Owing more to disorganization and incompetence than malice, many debt collection companies will in fact sell debts which they're not longer legally entitled to. This happened to me twice. I sent out two "intent to sue" letters and they fixed the problem within a week.
[Edit: I last did this in 2006 and my recollection on some of the steps I took was faulty, so I've corrected them above and made it a little more flow-charty.]
I put in a $100 this morning, let's get little baby Mathayo's head fixed :)
You could always buy bingo card creator.
Thank you for your time.
I happen to know that in America there are collections agencies which peak at bulk debt purchases then contact the debtor trying to illegally collect a debt they don't own.
Eventually the bulk debt package gets sold and a rightful collections agency calls them up trying to legally collect a debt.
Overall it is a very sleazy business.
To win a defamation suit, you have to prove (generally) a) you factually don't owe the debt and b) the CRA should have been aware that you factually don't own the debt. Those can be fairly difficult to demonstrate. (Quick, demonstrate that you don't owe $30,000 to Bank of America under account number #123456. Note you may be responding to a sworn deposition from a Bank of America representative which says "I have reviewed our firm's records, kept in the ordinary course of business, and they show that he does, indeed, owe us $30,000 on account #123456.")
To win a FCRA suit, all you need is a return receipt from a letter you sent and then observe "No return receipt for the letter they sent in response dated within 30 days? Then presumption is they didn't send one. Unless they can immediately produce documentary evidence to the contrary, they're facially non-compliant, and I win automatically. We never reach the question of whether I actually owe the debt at issue. It's irrelevant."
Don't we have unique identifiers call Social Security Numbers?
Source, the Straight Dope: http://www.straightdope.com/columns/read/141/why-does-my-old...
The SS card is a name-to-number mapping once the name is already identified by another document like a driver's license or passport.
Other countries (including Israel, where I live) do have ID numbers, and they are used universally -- by governments, employers, credit-card companies, and the like. I actually very much like the convenience that this gives me. I have one number to remember, and I don't worry very much about it being taken or used by someone else.
Furthermore, many sources of credit information do not have access to your social security number to use as a key. Your phone company, cable company, oil company, and so on all may need to send your bills to collections and put a mark on your credit report, but they don't have access to your social security number (they may ask for it, but you aren't required to provide it).
These documents often lack in consistency.
(I have changed my name for very different reason, I know precisely how much hassle it causes in the US.)
Our culture is encouraging more and more fast food and simple, short thinking. I don't quite value that value, especially from developer's point of view. As you can see, how complicated processes are involved in VLSI chip design and circuit design in iPhone. If people applied the same culture or manner or habit, we would not have those great products.
His problem is a dilemma because financial systems have to be that strict. There are just two many duplicated names even in one location. But I agree that simple name are more welcomed in the real life. So maybe our financial systems should be adjusted to use more field to uniquely identify a person.
On the other hand, did you see there is another post directly suggesting you to have your name changed with a middle initial. Don't think you are always 100% perfect and it's all other people's fault. This is another caveat in culture for the new generation. When conflict occurs, check on yourself side first. I gave you advice because I wish this type of thing would not happen to you again. If you don't learn the lesson, you may have more similar type of experience down the road. Didn't you see the other people's story with his credit record? Do you think it's fun?
You didn't get my point at all. Choosing simple name and always making job simple has the same culture background as fast food. I don't need to mention about the good or bad about it. Everybody can make his own choice. You may stick to your common name and have the other consequences. Other than you, yourself, who will care?
iPhone is not made with regular PCB design techniques, it's not that easy. VLSI design is not PCB design. With this type of attitude, you are not qualified for any of those professional work until you are trained or change your attitude. This is my point.
BTW, if you don't mind, can you please tell me how you down voted me? Is it done by complaining to the YC admin? I can have different opinion with you, but I'm helping you. I will not down vote you because I have different opinion with you. What a decent manner you have.
Right, I responded saying that I already have a middle initial which uniquely identifies me in the US, but Square won't take it on the signup form.
> Don't think you are always 100% perfect and it's all other people's fault. […] When conflict occurs, check on yourself side first. I gave you advice because I wish this type of thing would not happen to you again.
You are correct. However, I believe I made a genuine effort to find out what's going on: I spend hours researching on Square's website, comparing policies with other payment companies and other companies that use knowledge-based verification, and trying to ask them to clarify things I didn't understand.
> If you don't learn the lesson, you may have more similar type of experience down the road. Didn't you see the other people's story with his credit record? Do you think it's fun?
The person shared a name with someone else, so the system decided to merge their credit histories after awhile. That is not the customer's fault if they make a wholehearted effort to fix things.
> You didn't get my point at all. Choosing simple name and always making job simple has the same culture background as fast food. I don't need to mention about the good or bad about it. Everybody can make his own choice.
I did not choose my own name.
> You may stick to your common name and have the other consequences. Other than you, yourself, who will care?
For me, there is no way to win this game. Yes, I could waste a ton of time and money changing my name, updating government records, convincing everyone I meet that I am not an identity thief, re-purchasing things like domain names, etc. On the other hand, I could waste a bunch of time getting mixed up with other people named Kevin Chen.
Philosophically, that's asking humans to change themselves for the machine's convenience. As an engineer, I think that's a backwards concept and it should be the other way around.
> iPhone is not made with regular PCB design techniques, it's not that easy. VLSI design is not PCB design. With this type of attitude, you are not qualified for any of those professional work until you are trained or change your attitude. This is my point.
My attitude (as seen in other comments and in my post) is that I try to understand the other side and expect people to treat each other with courtesy.
> BTW, if you don't mind, can you please tell me how you down voted me?
If you were downvoted, I didn't do it. I just wanted to get some clarification on a seemingly off-topic comment.
I never suggested you to change your name because I know it's your personal choice. Since I ran through it even with mistake and run a couple of rounds and waiting forever to get it done, name changing is still not a process with tons of time and effort. From this kind of experience, we learned that it is the government process. Because you haven't encountered too much hassle yet, you feel like this kind of tedious is not bearable. No, it's not. A lot of things are more tedious than that. That's why I took iphone design as an example. The same for software development and deployment. So much hassle.
Now I feel your attitude is a lot better. You did some research and try to understand their system. But still if you don't pay them a loyalty fee, you cannot argue. It's their choice and your choice is either go with it or take other action like changing your name.
The credit report example told us that it may occur at any time, and they are not going to change their process for the time being. I discuss this issue generally from the culture perspective because it's an alert to other people, not specifically go against you.
I feel sad for you to have this frustrated experiences. In the real world, we also have a lot of such experience. Again, think from the other side point of view, if they allow you which may take a risk for having a lot of free customers complaining against their customer support for real financial issues, what can they do? Then you may feel a lot easier to accept their decision.
Thank you for not down voting me. I took my time to make you understand.
"Barry said she grew so frustrated exchanging e-mails with customer service representatives that she drove two hours to the company's San Francisco headquarters to get some help in person.
Instead, she cooled her heels in the lobby for a couple of hours. No one would speak to her, she said, and the security guards threatened to call the police. Then Square deactivated her account, saying "high-risk activity was detected."
I understand why they do it -- it's pretty clearly related to their anti-fraud / anti-spam / security systems, and I understand that by giving any further information, they're exposing those prevention measures to weakness. And I'm sure in cases of real fraud / spam / security risk, this is the right approach.
But man, does it stink for everyone involved when there's a false positive (i.e. in this case). There's got to be a better way of handling this. Some sort of escalation / appeal process?
(And if there isn't -- hint hint, companies that haven't gotten big enough to be immobile on this issue: Implement one.)
After two months, they closed my account because I was living in Puerto Rico at that time and there are no partner banks in Puerto Rico. Once I moved to San Francisco and linked Square with my new California bank account, I was able to accept payments again.
Then one day I got a notification indicating that my account had been closed, and that the decision is final. I contacted Support, and they reiterated that their decision was final, and could not communicate with me any further.
It is the weirdest interaction I've ever had with a company. I still use them as a payment method and I'm a big fan of the company, but I feel disappointed whenever I log in and they remind me that my merchant account is disabled.
Why? If you had such a bad relationship with a company, why use them and why being such a fan? I genuinely don't understand, if I had an interaction like this, I would never recommend them.
Aside from the refusal to explain why I cannot accept payments, I haven't had any negative interaction with the company. They just seem unable to provide any further information, for either legal or policy reasons.
Other than that, Mrs. Lincoln, how did you enjoy the play?
I agree with the GP poster, I'm at a loss to comprehend why you continue to "enable" companies like this to continue bad business practices.
I'm getting failed on a similar knowledge based identification on coinbase right now. Failed twice already. At least it's not a final decision, to their credit.
There needs to be laws against this almost certain dystopia. That's one reason why I support the EFF.
I wonder if there's an identity theft vulnerability waiting to happen here. You're getting questions based on other people and you know one of the answers must be correct. I wonder if an automated system could use that to find the correct answers for a given name.
(1) Consumer Financial Protection Bureau (CFPB): http://www.consumerfinance.gov/complaint/, and,
(2) New York State Department of Financial Services (DFS): http://www.dfs.ny.gov/consumer/fileacomplaint.htm.
This will make it more likely that you see a favourable resolution. Further, this assists due process in identifying and resolving problems in our financial system.
if they were holding your money without a schedule of release, that would probably be a stronger ground for a complaint.
Further, when consumer finance issues come up in D.C. or Albany it is these complaints which inform the debate. Having no documentation means regulators flying blind.
(4) If you research any other POS's reply here so I can see. ;)
I found it very surprising that Square doesn't provide an alternate method for identification, it's mind boggling even. Something like Instant Bank Verification (similar to what mint.com or venmo does) would be a good alternative and carries no additional overhead for Square.
That's the shakedown the GP was referring to. The BBB is a scam.
Prior to Square the individual / very small business market was underserved (for real-world transactions). You had to go through a PITA application and due diligence process with a processor. And you typically had to pay significant up-front costs and ongoing fees to maintain your account.
There's a reason for that: the processor is financially liable for any fraudulent merchant charges. If a merchant signs up and puts through $10K of fraudulent charges and skips town with the money, it's the processor that pays.
So Square did two things. First it lowered the upfront costs by piggybacking mobile devices to turn them into low-cost swipers.
But the second very crucial thing they did is hidden on the back-end: they streamlined the signup process and support costs. They did that by doing exactly what you see here, using alternative ID and credit check methods. And making their customer support largely a self-service operation.
The good news is that the particular case you see here is probably fixable with continued improvement. But that's why it happened.. they are replacing an otherwise more costly and burdensome signup process with something largely automated. And there's a lot of money at stake if they screw it up and let fraudsters on board.
Everything I've seen of Square suggests that they really are adopting the Paypal approach of "fuck you unless you're big enough or can rally someone big enough to make us care".
That is not fixable, really, without massive change. As much as I'm loathe to say this, I think the financial-services industry is in dire need of waves and waves and waves of frivolous litigation. If it were possible for cases like OP's to end up costing Square even a few hours of a corporate lawyer's time to get the complaint dismissed, that would be enough to tip the scale and make real customer service the cheaper option.
Its certainly better than their response.
It doesn't matter very much that someone could use a stolen credit card for that $25 payment, because square would deny such a person during their deeper investigation and lose less than $25 dollars total. And there is little reason for the criminal to do this because it will get one of their nice card numbers blocked faster.
Or ignore the second paragraph and charge cash for the service of doing a better investigation with responsive customer support.
If they verify the identity and know they are going to make it back in fees or however square does business, then sure.
If your site does payment processing through Paypal then, through some accident of account processing or technology or the history of my account, I can't use any of my 3 payment cards to buy what you're selling, because Paypal believes it needs to (for reasons passing understanding) link directly to my bank account before any card with my name on it can be used through Paypal.
I thought that what guest checkout is for, even though it's a per-merchant configurable option: https://www.paypal-community.com/t5/About-Business-Archive/G...
I recently encountered this with Electronic Arts and their Battlefield 4 game. I forked out about $150 AUD for the base game and premium addition only to be informed my account has been permanently banned after coming back from a month in Europe on holiday because they said I was cheating. Well actually, they wouldn't give the exact reason, but that was essentially what their response implied. When I asked for whatever proof they had, they said our decision is final and we can't show you any proof.
I am in the process of getting a refund as I paid by credit card, but this is definitely a commonly recurring theme amongst larger companies who struggle to deal with their customers and ultimately retain them. What kind of business model punishes their customers?
Good luck, I think you have a real chance of getting some human response now that this is on the front page of Hacker News. My understanding is that this is how people get responses from people over at Paypal as well, create a loud enough noise for someone higher up to respond as to avoid a PR nightmare and get your problems resolved.
>Due to the nature of the origin of public record information, the public records and commercially available data sources used in reports may contain errors. Source data is sometimes reported or entered inaccurately, processed poorly or incorrectly, and is generally not free from defect. This product or service aggregates and reports data, as provided by the public records and commercially available data sources, and is not the source of the data, nor is it a comprehensive compilation of the data. Before relying on any data, it should be independently verified.
I'd guess the failure rate of using this service was deemed an acceptable trade off to implementing an independently verified service.
That will leave a mark.
First, I had worked for one of California State's departments as a contractor, but hadn't been paid in two months. I called my State Senator, said I had working for the California in his district without pay for two months, and that I needed his help. I got paid the next day.
Second, I had been wrongly charged over $10,000 USD at a city hospital, and hadn't been able to fix the situation. I contacted the Mayor, explained that I was being charged for a service I didn't receive, and asked for his help. The bill went away.
Last, American Express sent me to collections (related to the hospital bill above), and the collections agency was trying to con me into paying more than I owed. I called the office of American Express' Chairman of the Board, and asked if they could help me deal with the collection agency's shenanigans. They pulled my account of out collections, and started dealing with me directly.
Recommeneation => track down Jack Dorsey or someone on their board, and explain the situation. It just might work!
I'm sorry this happened to you. I personally believe the burden of proof should be on the company. However, that some choose to err on the side of caution is perfectly understandable.
The thing is that companies that handle credit card payments are very vulnerable to fraud because they are liable for consumer chargebacks , at least in the US. This is particularly unfortunate since US cards also happen to have pretty poor security (which also has probably something to do with the fact the merchants are liable, and not the banks). Stolen credit card numbers are extremely easy to obtain (cf. Target breach) , and once this is done fraudsters have basically two main ways to extract money out of it:
1) Use the card number to make purchases online, or better yet, find a self-service platform that lets you become a merchant then purchase your own offerings (eBay/PayPal, Eventbrite, etc.).
2) Duplicate the card (made much easier by the US' slowness in adopting chip-and-pin), and use it to pay for goods or to load the money on some account. Square is perfect for this since you own the card-reading device, which makes it much less risky than attempting to use a duplicated card at an ATM or at a retailer.
Now, the problem is that you potentially need a lot of cushioning to withstand fraud attacks: while the processor only makes profit from the transaction fee, they are liable for the entirety of the charge, so one single fraudulent transaction can wipe out the profit of thousands of good ones. Being attacked by a fraud ring for hundreds of thousands or even millions of dollars in a single day is not impossible (in fact we've seen this happen, and Eventbrite's transaction volume is much smaller than PayPal's or even Square's), so this is a lot of risk to take on for a company, especially a startup.
Regarding the bad customer service you've received, there is a specific reason why companies often decline to comment on fraud security checks: by allowing you a way of recourse, they would be disclosing information about how their system works, which makes it potentially vulnerable to attackers. For example, if they said "sure, just send us a copy of your driver's license and we'll lift the ban", this would be a signal for fraudsters to try to fake such documentation.
Overall, it's a complex issue and unfortunately frustration is part of the game (trust me, if PayPal could have found a way to make operations smoother and less frustrating, they'd have done it). At Eventbrite we've chosen to assume this risk and be more liberal with verification because we decided that providing a good user experience is worth losing some money over (and because we have faith in our ability to keep up with the fraudsters), but this is a decision every company that handles money has to make and it's not an easy one.
 fun fact: you'd be surprised to see how big this underground economy is; it's so well-oiled that some sellers even provide customer service on the credit card numbers they sold, and offer money back guarantees if the card has already been deactivated
Google: Our products work for most people. If they don't work for you, we won't support you. Good luck with our competitors.
Paypal, Square: our fraud prevention metrics are generally reliable. If you're a false positive, we won't serve you. Good luck getting your money.
Comcast, Time Warner Cable, etc: Our Internet services work pretty well for most people. If they don't work for you, enjoy spending an hour or more in customer support hell. They may solve your problem. If not, good luck getting home internet from our non-existent competitors.
Imagine if the rest of the world worked like this:
* People whose legs work can use the toilets here. In a wheelchair? Good luck finding somewhere else.
* Only people who can drive a car can get state-issued ID. Can't drive? Good luck not officially existing in the eyes of many.
* Only people without a history of chronic illness can get free health care. Pre-existing condition? Good luck with your third job to pay for your treatments.
It is absolutely Square's prerogative to determine who they will and will not serve. And if you choose not to serve someone because they are an inconvenient minority, it's your call. And it makes you kind of a jerk. Expect to be called out on it.
Square: you are PayPal. You are Comcast. You are the old and busted status quo that the new hotness will usurp one day. Don't like it? Prove it otherwise.
1. It's a complicated problem. I will explain to you why it is complicated. Now it is your problem.
2. It's a complicated problem. I will own the problem. I will insulate you from the problem as much as possible.
It's not pyduan's fault, and I'm not asking him to own the problem. But explaining why the problem is complicated or excusing bad behavior because it stems from a complicated problem is an active barrier to actually fixing the problem. How many indignities do we suffer daily simply because complicated problems have entered the status quo and become our problems?
Hard problems should be challenges, not excuses.
> Hard problems should be challenges, not excuses.
Which is precisely why I mentioned in my original post that my preference (and Eventbrite's) goes towards doing the opposite and trying hard to give the user the benefit of the doubt. By doing this we expose ourselves to more risk because we want to transact with everyone -- without risking to disclose too much about our policies, you'll notice our system is very tolerant for mistakes and missing inputs, and in case something does go wrong we have a dedicated support team to deal with these issues. This makes building and training our algorithms that much more complicated if we want to keep our risk profile in check but it is a trade-off I'm happy to make, so I'd like to think I'm not guilty of what you're accusing me of.
Overall, my point was just to provide some context on where Square comes from since OP seemed confused about what they perceived as a ridiculous policy. The comparisons you picked (Comcast, Google) are a good example of why it's interesting to talk about fraud (which is a topic we rarely have in mind when building or using payment services): fraud is not a simple inconvenience for startups -- it's something that can potentially put the entire business at risk, so you have to have both the ability and the willingness to take on that risk. In the absence of controls I can think of many ways to defraud Square out of millions of dollars in the matter of hours. They're strong enough to take the hit it now, but one single such attack while they were younger could have put their success in considerable danger had they not taken some precautions.
Of course this is no excuse for not having a friendlier or more reactive support, but Square or not Square I just felt this is a topic worth bringing to the spotlight.
I took exception to your comment not because I thought you were representing Square but because it seemed like your comment was using "fraud prevention is hard" as an excuse to defend Square's treatment of OP.
> I just felt this is a topic worth bringing to the spotlight
It's always good to have an experienced, rational explanation of why a company might have engaged in some seemingly-ridiculous behavior. Thanks for providing that. Unfortunately, such an explanation often gets used as a crutch or an excuse for not aiming higher. How many years did individuals and small businesses have no recourse from PayPal before Stripe, Square, et al. came along? Do we really want to have that long of a gap again just because the new incumbents can hide behind the same "it's hard" mentality as the old?
So while I'm sorry that I interpreted your comment incorrectly as defending the "fraud prevention is hard so let's marginalize the minority" argument, I wanted to make sure that I expressed my dislike for that mindset before it took hold.
So you're saying you were in too much of a hurry to jump on his back to read what he wrote? At least put the apology at the top of your comment rather than at the end of all the excuses.
What's the solution here? If I assume you aren't advocating legal requirements for how easy companies have to make verification (which, let's be honest, is a non-starter since laws generally make it harder to verify than easier), the only real solution is to call out companies that do this, which should in turn spur competition from those who think they can do better. It's unfortunate that it takes as long as it does, but I'm not sure if there is a better system.
That said, writing this post is exactly the type of response that should encourage improvement and competition.
The reality is that it's not solvable right now without compromises. Transaction fees are high until it get solved. It could take 5, 10, 20 years. We won't know until it gets solved. Big hairy problem. I don't think it's fair to get up and demand this be solved.
Who are you making this demand to?
These tend to be oligopolistic or monopolistic markets where where decisions are made methodically by algorithms, actuarial & statistical analysis & such. Low margin industries.
The problem is that accessing health or financial services is something bordering on the realm of human right. I understand and sympathize with the objection to the proliferation of"positive" rights. The "right to housing" for example has been tried and (not everywhere) failed or at least caused a lot of collateral damage.
But, I also sympathize with the statement that access to (for example) financial services is pretty fundamental and needs to be accessible to everyone in order to maintain a base level of egality necessary for democracy. So if by whisky you refer to…..
It's a hairy problem. I think square & paypal should make it a priority to be fair in a common sense way, even if it raises costs somewhat. If not, they will eventually get stuck with ombudsmen or regulators.
So you're saying a business discriminating based on credit rating is equivalent to discriminating against the disabled?
In each case it's not the customer's fault, and the customer should not be discriminated against. It's not an equivalence, it's an analogy. In each case the business is denying service for a reason that is not the customer's fault. There is an analogy to be drawn, even though it's not an equivalence.
It's a genuine distinction, but perhaps it doesn't really matter. Perhaps it does, but regardless, we're not really disagreeing. Square is refusing to provide access to the individual because they claim it is risky to do so. They're saying it's because they can't confirm his identity, but it's still a refusal to extend "credit" to an "individual."
Sounds like a lot of Europe.
The point was that Square has terrible customer service. The other payment co's mentioned actually support people with this problem.. they allow the user to mail proof of ID.
Square doesn't pay enough people to work support, instead opting to deliver an artisanally crafted, gorgeous "Fuck You".
Don't you think it's an overstatement? At least They responded to his question and he did not lose any money.
Frankly, it often seems as though many consumer financial companies (like Mint and Square, etc.) go out of their way to make their service harder to use simply to increase their "legitimacy."
Sites like Mint refuse to remember login information and automatically log users out after a short period of time. As far as I'm aware actual bank account can't be accessed from Mint; data is only reported. In the grand scheme, this information is not particularly important.
It would be far more catastrophic for someone to gain access to my email account or social network profiles (where they could actually do damage) than it would be for them to learn what (little) I have in my bank account. Yet, we all survive using only standard security on most of our other accounts.
Moreover, there seems to be a huge disparity between credit card security in the real world and credit card security online anyway. In the real world, I hand my credit card to numerous people with whom I have no relationship and whom I can't trust at all, every single day. No one thinks twice. Yet, when someone wants to look at their bank statement, they need to bend over backwards. It just doesn't make sense.
Integral pieces of the financial apparatus might need to be totally secure, but consumer web apps that don't ever handle money don't, and should put user experience first.
I think the parent comment (which seemed fairly well informed) actually says the complete opposite of this, that is, not only is square liable, they are specially exposed.
Additionally, if the fraud and charge back rates get too high, say over a few tenths of a percent (!), the cc companies will either cut them off or raise their interchange rate -- either one kills their business model.
I remember reading about someone (or some startup) trying to address this issue by using public key crypto to address the short-comings of credit cards in the states. The fees were supposed to be substantially lower and the major sources of fraud eliminated. But they kept hitting an invisible wall with every financial institution that was pitched the idea. It was a fascinating read (be sure to read all the parts).
Seriously: Why doesn't the US implement chip-and-pin?
The consumers don't implement chip-and-pin because they don't control ANYTHING.
The retailers don't implement chip-and-pin because they buy their point-of-sale terminals from some supplier and they choose the cheapest one, which only has a magstripe reader, not a chip-and-pin reader. They're not losing any business this way because everyone's card supports magstripe readers.
The card issuers are actually kind of interested in chip-and-pin, and have been for a couple of decades. But there are some serious problems. The cards cost more, and it's not fun to shoulder that expense without some benefit. Worse yet, the chip-and-pin cards are harder to use (you have to memorize a pin) and that loses customers. A couple of experiments with more advanced cards (notable the American Express Blue Card which had some SERIOUS advertising money behind it) have been abject failures.
But this is all about to change. The rate of credit-card fraud by organized crime has finally reached the point where the credit card companies realize that they MUST act. While some of the cost gets pushed onto merchants, the majority is absorbed by the credit card companies and that's cutting into their profits. They can start issuing chip-and-pin capable cards, but it won't help because there aren't any reader terminals in the US. So they've found a way to fix that problem: by pushing the cost onto someone else.
Starting in late 2015, any card-present transaction done with a chip-and-pin capable card (or chip-and-signature which will be used more heavily in the US because of that usability issue) which is found to be fraudulent will be the liability of the merchant, not the credit card issuer, if the merchant had a magstripe-only card reader. This, they hope, will finally change the US infrastructure, motivating major retailers and mom-and-pop small businesses throughout the country to spend collectively 100s of millions to billions of dollars on new card reader hardware.
SOURCE: I work for one of the top US credit card issuers.
When the banks issued people chip and pin cards, we upgraded our terminals. We had to because people needed to use the chip and pin cards. We didn't have an option to resist it because all that does is harm our ability to take payment.
I also notice though that from consumers, interac debit seems to be more popular than credit cards for general purpose, and those have always required a pin.
Does the US consumer primarily use credit cards? Or do they at least use them more than Canadians (or maybe Europeans?).
I can see the difference in behavior between knowing a pin and not having to being a big difference in consumer adoption, moreso than retailers being willing to accept the cards. Like I said, when we had chip and pin introduced years ago, we just had to be able to support it whether we wanted to or not unless we wanted to start turning people away.
But if consumers have always used primarily credit cards or cash, I can understand them avoiding the move towards having to remember a pin.
The way that it was dealt with here is: If the merchant has a magstripe-only reader, my card will not be accepted. Everyone card is a chip and pin card, and people rarely carry cash. If you don't upgrade your hardware, it's not just a matter of being liable for fraud, it's simply that you can't continue to do business.
Canada also has far stronger central controls on, for example, their banking system than does the US. In the US, such things would be considered onerous government regulation, even if the long term impact was positive.
Interac is a Canadian-only thing, BTW.
It doesn't seem like such a big investment for a mom and pop.
Wal-Mart/Target would have to buy 50-75 per store but the costs would be relatively the same.
Empirically, I can say that despite the credit card industry asking nicely, almost no merchants anywhere in the US have installed pin-and-chip readers. (Of course, there has been essentially no benefit to them either.)
Chip and PIN was shown to be flawed in 2010 at CCC. This isn't why the US doesn't use it, but it it's a bit of a disaster in its own right.
Then companies, like the one you work for, need to band together and lobby for change. This is classic 'security through obscurity' bullshit and its hurting user experience.
Stop fucking using IP addresses in conditionals. Same goes for anything else that is not a username+password or unguessable token. Period. If you're in a job that's prolonging this behavior, quit. There is an endless supply of places you can work at if you're a good developer.
So if they have the data, why couldn't a pirate, NSA officer or errant banker?
Perhaps a better test is what I choose to forget.
(I realize I could possibly answer this experimentally, but I'd rather keep this theoretical)
All of this ignores the fact that these are multiple choice questions. Attackers don't have to win every time. 1/64 of targets would be vulnerable given no knowledge whatsoever. This is just an upper bound on how useful this set of questions is for Square, while the rest of TFA constitutes a convincing lower bound on how harmful they are to those who would legitimately use Square.
But this is seriously upsetting, the tone of this writing wants to rip my heart out for the author. I can only wish that this gets resolved decently.
His comparison also reminds me how Amazon's customer service is absent as much as possible. Automation and all that. Yet on that topic, it seems people don't mention Google as much. (I wonder if they filter that out in their results..)
I do know that in fraud prevention it's common to not explain what the problem is, because it tells fraudsters which filter they've tripped (and potentially how to evade it on their next attempt), but it certainly doesn't help genuine people caught in a false positive.
Yet I sold a camera lens on Marketplace. Perhaps the tenth thing I'd sold. I was willing to be patient to get a better price. Nine items sold, no problem.
This one arrived three days after the "expected delivery date". The buyer complained, and my Marketplace account was canceled. I could appeal. I pointed to history, inclement weather. Said I'd be willing to be flagged "Fulfilled By Amazon-only", if that was possible.
"After review, our decision stands and you will remain permanently disqualified from using Amazon Marketplace."
Any decent support operation would actually talk to this guy, provide workarounds for their broken system (which is clearly broken for this particular occurrence), apologize and promise to improve things.
The fact they they provided a shitty service would be the top on my root causes list.
After living in that apartment a bit longer we got some mail for old tenants that seemed to indicate some sketchy activity. I believe they may have been fraudsters. However, despite several emails and calls to Amazon I am told there is no appeal whatsoever any reason, and that's that. The callous disregard for customers is breathtaking.
Needless to say I use DigitalOcean, ebay (that a company can be more user-hostile than ebay is shocking) and avoid Amazon whenever possible.
A good payment system has to fix the leaky abstractions below it someday somehow, to be really great.
I was implementing payment system for https://appenlight.com from paypal to some other solution that would not require paypal account. We've evaluated Braintree and Paymill - as App Enlight is european company, so our options were limited. Before Paymill took its time to reply to me (~22 days), I already managed to validate, sign all the papers and actually implement Braintree solution to our application.
One more thing at first Braintree support told me they might not be able to work with us because of some restrictions on company legal form by processor bank, but after I have sent them all the documents, everything went fine and got approved. Maybe you can try with them.
I'm making an assumption that your ancestry is Chinese, I believe it is even more popular in Taiwan.
Apparently, according to a summary of the 2007 census there were 7 surnames which were shared by over 20 million people, of which one of them was "Chen".
For a comparison, the article also mentions that the most common surname in the USA, "Smith", is occupied by 2.4 million people.
Let's look at some population estimates:
China is estimated to have 1,360,720,000 people, whereas the USA is estimated to have 317,559,000. The first article states that the frequency of "Smith" is about 0.84%. A quick calculation on the old python interpreter gave the frequency of "Chen" as roughly 1.47%.
What surprised me reading those two articles is that the USA is the third largest country by population.
I though I'd look to see if my surname, "Tucker" (no prizes for guessing which expletive it rhymes with) was popular in the UK. I first looked at this:
... Listing the 50 most popular surnames. I didn't find it, but the list has a column titled "Associated Town" (I was not aware of this convention). At the bottom of the list is "Davis", which is associated with the town of Gloucester, my home town. I'll have to look a bit harder for its actual frequency, it is also used as a first name for both boys and girls. My first name is "Robert", which can also be used as a surname if appended with an 's'. I could have been called "Robert Roberts", or "Tucker Tucker". Reminds me of Rik Mayall's character "Richard Richard" off that vile comedy "Bottom", while co-star Ade Edmonson's character had the charming name of "Eddie Hitler".
Come to think of it, what's the etymology and frequency of "Hitler"? ....
Taking the decision of a data set that is known to have flawed data on at least a small percentage of the population as final, and having no way to appeal is pretty terrible really.
Considering the limitations they allow for to keep costs and risk down, at the expense of decent customers being caught in the net.
Until we accept that centralized payment systems only benefits the central entities, we're going to be stuck with these problems.
In the time it took him to write the post complaining about Square, OP could have integrated BTC payments via Coinbase. He could even offer a BTC discount, since he's saving 2-3% on processing fees. If his product is in demand, customers will find a way to pay for it, even if they haven't used Bitcoin before.
There is a very, very tiny competitive advantage to supporting Bitcoin. There is a catastrophic competitive disadvantage to not supporting the basic method of Internet transactions.
That's beyond ridiculous. The main reason here is that they are trying to prevent their service from being used for fraudulent purposes. How would Bitcoin change that? Realistically, there would still need to be some form of identity verification. The actual problem here is that it's really hard to verify a person's identity over the Internet. The questions in the article can be answered by a determined attacker, so it's clearly the verification system that's broken.
As far as not shipping a product you paid for, economics takes care of that. Not delivering purchases is a bad business model.
As a merchant it would be lovely to accept payments only via bitcoins. As a customer I'll avoid purchasing anything if I cannot issue a chargeback. So the only way to get me to actually buy anything via bitcoins is to remove all alternatives.
Even if this were true, there are still X number of people who got ripped off with no recourse.
> With Bitcoin, your credit card can't be skimmed or stolen
No, but your private key can be stolen/lost, and in that event, you don't have the benefit of fraud protection.
The "central entities", whatever they may be, are certainly not the only parties that benefit. To be successful, we must broaden the appeal of the changes we hope to see.
But, I'll admit to thinking the exact same thing. 2-3% transaction fees and the BS admin overhead that comes with accepting CC payments is ridiculous.
Oh yea, and merchants are (usually) liable if they accept a stolen credit card. What a crappy system...
In your opinion, what regulations/protections are required that don't currently exist?
How is this not an information leak? If I know there is only one other person with my name within the area, then I can obtain information from him this way. (Since there will be multiple choices about that person suggested in that questionare)
As long as Stripe made clear what their position was, as to not waste this person's time or money, I don't see a problem here. It can be a business decision to flip a coin and permanently turn away all the customers that get the wrong side, if doing that magically increases profits. You can't even call it bad customer service since they are not a customer and will never be one.
Funny name confusion, they're both payment processors, one deals with magnetic stripes and the other one is named Stripe.