Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
sosborn 4 days ago

At the scale these companies operate and the number of actual scammers they block because of their 0 - 100 policies, I can see how they got there. I bet all of us have had the luck (?) of out card being blocked because someone out there was able to get a hold of the credentials. Collateral damage like this, as devastating as it is to the individual, is probably a drop in the bucket for the company.

I'm not excusing this. What happened here shouldn't happen, and there should be quick resolutions and explanations available to the aggrieved parties.

quesera 4 days ago | parent [-]

It's not just corporate policy, it's regulatory requirements in the US.

You must block financial activity, and you must not communicate any details to the customer, upon reasonable suspicion of money laundering activity. There's a process and a prescribed timeline for getting things resolved. There is no penalty for a false positive, but there are large penalties for false negatives.

Having watched hundreds of these things happen, all of the details point squarely to an AML problem. For closed loop gift card programs, the merchant, program manager, issuing bank, and possibly the seller all get involved. It takes time.

This doesn't require shutting off a user's access to their data though -- just preventing financial activity. Apple might not have adequately fine-grained permissions around account suspension to support this, and obviously they should fix that!

browningstreet 4 days ago | parent [-]

AML and fraud are different, and the regulatory requirements you're talking about are only one requirement for banks to follow.. they have additional, internal policies of their own that may affect account and money access. If Apple isn't following a Suspicious Activity Report (SAR), then the actions are their own, and the policies are their own.

quesera 4 days ago | parent [-]

This is true, but potential money laundering is a UAR, and the issuing bank decides whether to turn that into a SAR (merchants do not file SARs, although at Apple's scale, the conversation between merchant and bank is continuous and both sides will have fraud and AML experts at every step).

The decision to create the SAR will depend on the outputs of the multi-party investigation, which is the thing that takes time and causes visible issues for consumers.