[conspire] More on patterns of automated stupidity

Rick Moen rick at linuxmafia.com
Wed Sep 28 12:33:30 PDT 2016 

I wrote:

> 'We are not responsible for marking files as harmful because anti-virus
> software does it.'  As I said, outsourced security is _really stupid_.
> (In fairness, I'm not saying scumware.org is stupid.  I'm saying it's
> just an otherwise meritorious aggregation site collecting stupidity from
> elsewhere.)

Once you start looking for it, you realise that the security-checking 
industry relies heavily on automated stupidity, and spotting the pattern
elsewhere.  This morning, while searching old saved e-mail for something
else entirely, I encountered something else entirely, an automated
e-mail from Bank of America warning me about a 'suspicious charge' to my
NCL (Norwegian Cruise Line) Mastercard.  It being specifically an _NCL_ 
affilate-merchandise card was incidental in context (yet funny), because
I happened to be on an NCL cruise when this happened.

Now, before going abroad, you want to officially advise your credit card
issuers of your travel dates and what countries you'll be visiting --
and I always scrupulously do so.  This is supposed to prevent your
attempts to use your card in Rome from being denied on grounds of your
being not a Roman (hence the charge being judged probably a fraud by one
of those sketchy foreigners).   (AmEx no longer asks for travel
details.  The others all do.)

I'd thus gotten BofA to enter into its records that I'd be spending the
time between Date A and Date B in the UK, Germany, Estonia, Russia,
Finland, Sweden, Norway, and Denmark, on an NCL cruise -- which record
they duly created.  Roll forward to my attempt to use the card at the
front desk for the shipboard room account while we're out in the North
Sea.  Denied!  Why?  Because it was a ~$2000 charge from Norwegian Cruise
Lines in Miami -- _not_ anywhere in the UK, Germany, Estonia, Russia, 
Finland, Sweden, Norway, or Denmark.  BofA's automated-stupidity
pattern-matching had kicked in, unable to understand that someone might
wish to use an NCL card to pay NCL while on an NCL cruise.

Instead, what did they do?  They left voicemail on my cellular number, 
_and_ sent me e-mail, advising me of a 'supicious charge' and telling me
to call BofA Security Department.  Except, guess what, guys?  My
cellular wasn't going to ring in the middle of the North Sea, nor was I
using hideously expensive satellite Internet to minutely follow e-mail
arriving while I was away on holiday, nor was I happy about the idea of
using equally hideously expensive satellite telephone calling, either.

I believe what I ended up doing, after being embarrassed by BofA's
stupid and unexpected refusal of my business, was switch to a different
card encumbered by less severe automated stupidity.  _And_ once I got
back to land, I _did_ telephone BofA Security Department:


RM:  Wasn't it within expectation that I'd want to pay NCL while on an
NCL cruise?  Didn't my travel advisory say 'cruise'?

Security:  Um....  {not wanting to admit that no human had reviewed the
denial, and that even if a human had, policy was doubtless to err on the
side of credit denial}

RM:  I'm trying not to just vent pique, and am sympathetic to credit
card security being a difficult problem.  What I'm really saying is, how
shall I prevent this problem recurring?

Security:  You can advise us in advance of the cruise of the origin
and amount of any anticipated charge.

RM:  This was a shipboard account, analogous to a hotel charging for
incidentals and room charges, so I wouldn't know in advance the exact
amount.

Security:  {flustered}  I guess you could estimate it.

RM:  Or I could just use a card that doesn't refuse my charges for a
cruise that I told the bank about in advance.


I could tell that Security Department was well aware of the problem,
but helpless in the face of the Great God Policy, which dictates that
the cardholder should just accept the Security Department telephone call 
or e-mail -- and, if the cardholder's in the middle of the ocean at the
time, hence incommunicado, so much the worse for him/her.


Sometimes your USA-affiliated mobile _will_ ring while on dry land abroad, 
and sometimes not.  I'm really not sure why.  I was startled to hear
mine ring the moment I stepped out of the Piccadilly Circus Underground
station in London's West End.  There I was, peering across traffic at
the famous Victorian monument to the Earl of Shaftesbury[1], when my
telephone rings, and some stranger says 'Is it a CABAL meeting today?'
(He hadn't bothered to look at the schedule.)

[1] https://en.wikipedia.org/wiki/Shaftesbury_Memorial_Fountain

More information about the conspire mailing list