so recently i had someone empty out one of my bank accounts and send it to robinhood.

I have no clue how they did it. the 2 things i did recently was put my routing info into cashapp and zelle to send someone money recently.
another thing is i was using an online password manager.

it was like they were in my bank logged in as me even though i had security questions and all kinds of shit setup.
this bank fucking blocks it if i even try to pay bills with my debit card and it got through. it's like the attacker found some exploit with their system.

so it was a big chunk of money and i got it back.

i wiped my desktop computer and reinstalled the OS. i also redid all my passwords on a clean system. i'm not using an online password manager anymore. i dont care what they say about encryption.

not sure if this was related to the hedgefund attacks, but i'm glad that i found this out 1 hour before my bank closed and it's a bank holiday monday.
i was able to lock it down and reverse it.

I suggest everyone watch out and watch closely. turn on all the alerts for your credit cards and your bank accounts. CHANGE your login name as well as your password with your credit cards and bank accounts if you are able to.

nothing replaces a watchful eye.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Re: watch out
By: MRO to All on Sat Feb 13 2021 03:13 pm

so it was a big chunk of money and i got it back.

It is a good thing they reversed it back for you.

It sucks that you have to go through all the security questions and checks and still get security breaches.

--
gopher://gopher.richardfalken.com/1/richardfalken

---
■ Synchronet ■ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL

Re: watch out
By: Arelor to MRO on Sat Feb 13 2021 06:17 pm

Re: watch out
By: MRO to All on Sat Feb 13 2021 03:13 pm

so it was a big chunk of money and i got it back.

It is a good thing they reversed it back for you.

It sucks that you have to go through all the security questions and checks and still get security breaches.

that's because none of that stuff works. it's usually the other side that gets compromised.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Hello MRO!

** On Saturday 13.02.21 - 15:13, MRO wrote to All:

so recently i had someone empty out one of my bank accounts
and send it to robinhood.

Do you use the Robinhood at all? I never heard of it until it
made mention in the recent news about GameStop stocks.

I have no clue how they did it. the 2 things i did recently
was put my routing info into cashapp and zelle to send
someone money recently. another thing is i was using an
online password manager.

OK.. so you spread out (or expose) your transfers across a
variety of services. Maybe just stick to one method?

it was like they were in my bank logged in as me even though
i had security questions and all kinds of shit setup. this
bank fucking blocks it if i even try to pay bills with my
debit card and it got through. it's like the attacker found
some exploit with their system.

They probably took the routing info (it's just a stupid number)
and managed to hack as middle-man or reverse process out of your
legit accounts. Maybe a change in one bit was all it took to
change from unauthorized to authourized. Truly pathetic -
indeed!

so it was a big chunk of money and i got it back.

That's exactly what you ought to expect. Even if the hackers
manipulated the systems using your routing info, the only
direction a transfer using the routing info can occur is INTO
your account. I provide routing info to people who want to make
direct payments to me at their convenience and without the
hassle of writing a cheque or using "cards"; they can go to my
bank in person (or any branch) and make a "deposit" to the
account that bears the routing info. Routing info does not
accommodate the reverse - a withdrawal.

i wiped my desktop computer and reinstalled the OS. i also
redid all my passwords on a clean system. i'm not using an
online password manager anymore. i dont care what they say
about encryption.

Good thing. Maybe you had a keylogger inhabiting your system.

I came up with my own "encryption" method for generating
passwords, and I stick to it. I don't need complex software to
do it for me.

not sure if this was related to the hedgefund attacks, but
i'm glad that i found this out 1 hour before my bank closed
and it's a bank holiday monday. i was able to lock it down
and reverse it.

I'm surprised that the bank got anything done within one hour of
closing!

I suggest everyone watch out and watch closely. turn on all
the alerts for your credit cards and your bank accounts.
CHANGE your login name as well as your password with your
credit cards and bank accounts if you are able to.

The first time I made rather large purchases all at once was
back in 1994 when I purchased two speaker systems, two tape
decks and two CD players (one set for me, and another set for a
family member). On the same day, later in the evening, I got a
voice-call from the credit card company alerting me of
"suspicious" activity.

I haven't needed to make large purchases like that with the
cards since then, but I never got an alert from the credit card
company when I noticed a $1100 entry by AirCanada, on Jan 1,
2014 on my paper statement. Pissed me off that the credit card
company allowed it to happen in the first place! When I called
to enquire, all they could think of was to blame *me* saying
that *I* must have lost my card, or compromised my PIN, or
actually authorized the purchase. Bull. But all they offered to
do was reverse the transaction, cancel the existing card and
send me a new one. That pised me off, because that required me
to physically visit a branch (which was over 40km away) to pick
up the new card, and meanwhile I was locked out of viewing the
status of that account online until the card was issued - which
took 10 days.

The problem is that banks and credit card companies probably
keep card numbers and associated metadata all IN THE CLEAR on
their sysyems! This whole problem could be easily mitigated if
they kept the stored data encrypted.


--- OpenXP 5.0.48
* Origin: Ogg's Dovenet Point (723:320/1.9)
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Hello MRO!

** On Saturday 13.02.21 - 19:37, MRO wrote to Arelor:

It sucks that you have to go through all the security
questions and checks and still get security breaches.

that's because none of that stuff works. it's usually the
other side that gets compromised. -+-

It doesn't work because they probably keep the metadata in the
clear in fancy spreadsheets and databases for easy look-up.

The "system" should operate more like PGP with a key-exchange.

It's a silly nonsense to have a credit card number (easily
copied and shared, plus the name on the card to be sufficient to
"authorize" a purchase.

The extra 3-digit code on the pack and even the PIN method is a
good improvement when using a physical card, and when making a
purchase over the phone. But once you disclose your numbers
(including the 3-digit code) to the person on the other end,
THEY could easily compromise that same card if they wrote all
that shit down on a piece of paper and later some industrial spy
takes note, or if their computers get hacked.

I take credit card purchases over the phone, but I never write
down the numbers - I enter them directly in the POS device while
the person is dictating them. The device never prints out the
full card number and never the name, either.

--- OpenXP 5.0.48
* Origin: Ogg's Dovenet Point (723:320/1.9)
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: watch out
By: Ogg to MRO on Sun Feb 14 2021 01:29 pm

Hello MRO!

** On Saturday 13.02.21 - 15:13, MRO wrote to All:

so recently i had someone empty out one of my bank accounts
and send it to robinhood.

Do you use the Robinhood at all? I never heard of it until it
made mention in the recent news about GameStop stocks.

like last year i made an account and never used it.
someone made a new robinhood account and transfered it.

online password manager.

OK.. so you spread out (or expose) your transfers across a
variety of services. Maybe just stick to one method?

i usually use google pay but this person didn't use it.

They probably took the routing info (it's just a stupid number)
and managed to hack as middle-man or reverse process out of your
legit accounts. Maybe a change in one bit was all it took to
change from unauthorized to authourized. Truly pathetic -
indeed!

whats weird is they tried to setup another bank account in my credit union account. that's when they were blocked and i got the notification.

then on the phone i saw the money that was transfered out.

That's exactly what you ought to expect. Even if the hackers
manipulated the systems using your routing info, the only
direction a transfer using the routing info can occur is INTO
your account. I provide routing info to people who want to make
direct payments to me at their convenience and without the
hassle of writing a cheque or using "cards"; they can go to my
bank in person (or any branch) and make a "deposit" to the
account that bears the routing info. Routing info does not
accommodate the reverse - a withdrawal.

well they had access to do everything for some reason. i dont think security will tell me everything. maybe they have a flaw in their system.

i wiped my desktop computer and reinstalled the OS. i also
redid all my passwords on a clean system. i'm not using an
online password manager anymore. i dont care what they say
about encryption.

Good thing. Maybe you had a keylogger inhabiting your system.

I came up with my own "encryption" method for generating
passwords, and I stick to it. I don't need complex software to
do it for me.

not sure if this was related to the hedgefund attacks, but
i'm glad that i found this out 1 hour before my bank closed
and it's a bank holiday monday. i was able to lock it down
and reverse it.

I'm surprised that the bank got anything done within one hour of
closing!

yeah i'm lucky i got someone. good thing there's a waiting period on these transfers. i'm getting all new everything with that credit union incase i'm on some list online.

i never had something like this happen before.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Re: watch out
By: Ogg to MRO on Sun Feb 14 2021 01:41 pm

It doesn't work because they probably keep the metadata in the
clear in fancy spreadsheets and databases for easy look-up.

I take credit card purchases over the phone, but I never write
down the numbers - I enter them directly in the POS device while
the person is dictating them. The device never prints out the

i worked at kmart years ago as a pt job and in their attic they had paper boxes full of green and white fanfold. they had all the transactions printed out with the credit card numbers on there. totally nuts.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Hello MRO!

** On Sunday 14.02.21 - 14:42, MRO wrote to Ogg:

whats weird is they tried to setup another bank account in
my credit union account. that's when they were blocked and i
got the notification.

Were they attempting to set up another account under YOUR name
or was it under another name?

Here in Canada, usually opening an account requires an in-person
visit to a bank. They want a record of your signature and other
ID on file. So, setting up an account electronically would seem
to be a red-flag.

then on the phone i saw the money that was transfered out.

I've heard of social engineering attempts to override 2FA. One
of the Krebs On Security articles described such a scenario in
detail where the fraudster impersonates the account holder and
tries to convince someone at the bank to change things manually.

There are recent articles at Krebs On Security about ongoing
stolen credit card sites, and sites that sell valid bank and
credit card credentials.

..the systems using your routing info, the only direction a
transfer using the routing info can occur is INTO your
account. ... Routing info does not accommodate the reverse
- a withdrawal.

well they had access to do everything for some reason. i
dont think security will tell me everything. maybe they have
a flaw in their system.

Very concerning, indeed! But you can rule out that the routing
info was at fault. Routing info is the same set of numbers that
usually appear in magnetic ink at the bottom of cheques. Routing
info only accommodates money going INTO an account.

It sounds like the fraudsters were trying pose as you, to get a
new account (same routing info which merely identifies a
specific bank location and account), establish their own 2FA
that they could control and then deposit money into.

I'm surprised that the bank got anything done within one
hour of closing!

yeah i'm lucky i got someone. good thing there's a waiting
period on these transfers. i'm getting all new everything
with that credit union incase i'm on some list online.

Ah.. a credit union! Maybe they have smaller budgets for
electronic security than a larger bank?

I do plenty of electronic purchases for the supplies at my shop.
Most of them are pre-established with the suppliers. But I limit
those to two cards that I never use with anyone else. If a new
vendor would suddenly appear on my statement, I could narrow
down the compromised system to one of the genuine suppliers.

I only use Paypal for most other purchases online when using a
web browser. If suddenly a payment would occur on PP and to the
credit card tied to my PP account, then I know that PP would be
compromised - but it hasn't happend yet.

It just astonishes me how seemingly easily bank accounts get
compromised to this day.

--- OpenXP 5.0.48
* Origin: Ogg's Dovenet Point (723:320/1.9)
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: watch out
By: MRO to Ogg on Sun Feb 14 2021 02:44 pm

i worked at kmart years ago as a pt job and in their attic they had paper boxes full of green and white fanfold. they had all the transactions printe out with the credit card numbers on there. totally nuts. ---

No shit?? That's F*&cked up. And Kmart no less.

... The wages of sin are unreported.

---
■ Synchronet ■ Havens BBS havens.synchro.net

MRO wrote to All <=-

so recently i had someone empty out one of my bank accounts and send it
to robinhood.

I have no clue how they did it. the 2 things i did recently was put my routing info into cashapp and zelle to send someone money recently. another thing is i was using an online password manager.

it was like they were in my bank logged in as me even though i had security questions and all kinds of shit setup. this bank fucking
blocks it if i even try to pay bills with my debit card and it got through. it's like the attacker found some exploit with their system.

so it was a big chunk of money and i got it back.

i wiped my desktop computer and reinstalled the OS. i also redid all my passwords on a clean system. i'm not using an online password manager anymore. i dont care what they say about encryption.

not sure if this was related to the hedgefund attacks, but i'm glad
that i found this out 1 hour before my bank closed and it's a bank
holiday monday. i was able to lock it down and reverse it.

I suggest everyone watch out and watch closely. turn on all the alerts
for your credit cards and your bank accounts. CHANGE your login name
as well as your password with your credit cards and bank accounts if
you are able to.

Yup. Had my Bank freeze my card as someone tried to buy $700.00 of items at Best Buy and then $400.00+ worth of clothes from some online place. Got a new card but now they did it again to me when I paid my car tags. Let the online payment charge go through but blocked the actual payment for tags....


... MultiMail, the new multi-platform, multi-format offline reader!
--- MultiMail/Win v0.52
■ Synchronet ■ -=The Wastelands BBS=- -=Since 1990=-

Hello MRO!

** On Sunday 14.02.21 - 14:44, MRO wrote to Ogg:

i worked at kmart years ago as a pt job and in their attic
they had paper boxes full of green and white fanfold. they
had all the transactions printed out with the credit card
numbers on there. totally nuts. -+-

I do hope today's businesses protect credit card info better
than that now.

My POS only prints the last 4 digits. It identifies the brand of
card: VISA, Mastercard or debit. And that's about it. No names.
Nobody can do anything with my paper copies if they thought they
could use something.

My device only connects to the service directly. My own
computers don't record or store any of that. Today's breaches
are often because of a hack that accesses a business's own (in
the clear) records.


--- OpenXP 5.0.48
* Origin: Ogg's Dovenet Point (723:320/1.9)
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: watch out
By: Ogg to MRO on Sun Feb 14 2021 10:20 pm

got the notification.

Were they attempting to set up another account under YOUR name
or was it under another name?

Here in Canada, usually opening an account requires an in-person
visit to a bank. They want a record of your signature and other
ID on file. So, setting up an account electronically would seem
to be a red-flag.

they setup a netspend account as an external account which would allow them to transfer funds back and forth.

..the systems using your routing info, the only direction a
transfer using the routing info can occur is INTO your
account. ... Routing info does not accommodate the reverse
- a withdrawal.

no they had the routing info and my bank account info so they can do a wire transfer.

It sounds like the fraudsters were trying pose as you, to get a
new account (same routing info which merely identifies a
specific bank location and account), establish their own 2FA
that they could control and then deposit money into.

no, they just wanted to take all the money in my account. they took most of it but i caught it.

It just astonishes me how seemingly easily bank accounts get
compromised to this day.

they have a lot of attackers, ALL the time. it's a lot to fight against.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Re: watch out
By: MRO to Ogg on Mon Feb 15 2021 04:37 pm

no they had the routing info and my bank account info so they can do a wire transfer.

It's nuts to me that all you need is the bank acct # and a routing # and you can bleed an account dry with ACH transfers.

Like, what? Why is this a thing? Why don't banks require you to log into your online banking first to approve the transfer out?

I've not had this happen to me, but I would hope that the bank's fraud department would very quickly reverse those transfers for you.

... I like long walks, especially when they are taken by people who annoy me.

---
■ Synchronet ■ [Stupendous BBS - bbs.stupendous.net]

Re: watch out
By: Ogg to MRO on Sun Feb 14 2021 10:20 pm

I've heard of social engineering attempts to override 2FA. One
of the Krebs On Security articles described such a scenario in
detail where the fraudster impersonates the account holder and
tries to convince someone at the bank to change things manually.

I've had a bank account compromised as well. They did it by calling customer service and pretending to be me. They knew the answers to my security questions because I had things like Mothers' Maiden.

Just a tip for everyone: The answer to your security question should be something insane that isn't actually data someone can find out about you. Your First Grade Teacher's name should be something like "ZebraFrankenstein" and your Favorite Movie is "CoffeeDishwasherTelevision". I learned that the hard way.

What is annoying about the Customer Service route is there are no alerts. My bank will send me 16 text messages if someone logs into my account on the web, or uses my credit card to buy something. But there is no alert if someone calls Customer Service and says they are me. Why not? If there was I would know known there was a problem sooner.

Bob Roberts

---
■ Synchronet ■ Halls of Valhalla =San=Francisco= hovalbbs.com:2333

Re: watch out
By: matjam to MRO on Tue Feb 16 2021 09:05 am

By: MRO to Ogg on Mon Feb 15 2021 04:37 pm

no they had the routing info and my bank account info so they can do a wire transfer.

It's nuts to me that all you need is the bank acct # and a routing # and you can bleed an account dry with ACH transfers.

Like, what? Why is this a thing? Why don't banks require you to log into your online banking first to approve the transfer out?

I've not had this happen to me, but I would hope that the bank's fraud department would very quickly reverse those transfers for you.

yeah, only thing i can do is open up a new account with new numbers so i did that. they also cant provide any information other than point out a payment that was rejected which was me trying to pay the server bill! *sigh*

they did block the dude from linking a new account in there, but would have been nice if they blocked him transfering the money to robinhood.

i got my money back, though. that's why they have a business day thing. good thing i got it quick because of president's day
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Re: watch out
By: matjam to MRO on Tue Feb 16 2021 09:05 am

It's nuts to me that all you need is the bank acct # and a routing # and you can bleed an account dry with ACH transfers.

Like, what? Why is this a thing? Why don't banks require you to log into your online banking first to approve the transfer out?

Also, I've noticed many stores in my area don't require a signature for card transactions anymore.

Nightfox

---
■ Synchronet ■ Digital Distortion: digitaldistortionbbs.com

Re: watch out
By: Nightfox to matjam on Wed Feb 17 2021 08:11 am

Also, I've noticed many stores in my area don't require a signature for card transactions anymore.

That was a remnant when all the stores used that impression machine. There was always that statement on credit card receipts about paying, blah blah. Once we went EMV and PIN, the need for a signature went away.

Hell... in Europe, I can't remember the last time I signed a credit card receipt.

Brian Klauss <-> Dream Master
Caught in a Dream | caughtinadream.com a Synchronet BBS

---
■ Synchronet ■ Caught in a Dream - caughtinadream.com

Re: watch out
By: Nightfox to matjam on Wed Feb 17 2021 08:11 am

Re: watch out
By: matjam to MRO on Tue Feb 16 2021 09:05 am

It's nuts to me that all you need is the bank acct # and a routing # and you can bleed an account dry with ACH transfers.

Like, what? Why is this a thing? Why don't banks require you to log into your online banking first to approve the transfer out?

Also, I've noticed many stores in my area don't require a signature for card transactions anymore.

i know another person who lost some money. this time they think she wrote a check even though her checks are locked away.

i remember when you had to show your card and they'd make sure the card was signed. i would write 'check id' on the card but they wouldnt ask for my id.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Hello Dream Master!

** On Wednesday 17.02.21 - 13:08, Dream Master wrote to Nightfox:

Also, I've noticed many stores in my area don't require a
signature for card transactions anymore.

..Once we went EMV and PIN, the need for a signature went away.

Hell... in Europe, I can't remember the last time I signed
a credit card receipt.

The PIN method or the contactless method (ApplePay, PayPass) in
Canada has basically done away with requiring signatures too.
But the POS will sometimes spewout a receipt requesting for a
signature. The scribble on the paper by the customer doesn't
prove ownership, but it gives me as the vendor the extra
documentation that "someone" used that card and I was the
witness.


--- OpenXP 5.0.48
* Origin: Ogg's Dovenet Point (723:320/1.9)
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Hello MRO!

** On Wednesday 17.02.21 - 17:40, MRO wrote to Nightfox:

i know another person who lost some money. this time they
think she wrote a check even though her checks are locked
away.

Recently, I was expecting a payment for a special order and the
customer wrote that they could deposit INTO my bank account by
suggesting this:

"Set up your direct deposits and pre-authorized payments easily
and conveniently

"Direct Deposit is a fast and easy way to receive your payroll
or other deposits directly into your chequing account. Pre-
authorized Payment is a convenient way to automatically pay your
bills from your chequing account. This form provides account
information in place of a voided cheque and is used when
arranging for direct deposits or pre-authorized payments. Simply
complete this form and submit it to the organization depositing
the payment into your account.

The rest of the form provides "official" sections where I write
in my bank's transit number and my bank-account number - which
is the same info found in magnetic ink on a cheque.

But I don't like the way the pre-amble is worded. It suggests
that if I comply with providing the info, then they will also
have the authority to take money OUT of my account - much like
how pre-authorized payments get arranged.

The part "for direct deposits OR pre-authorized payments" is the
problem.

I want these people to pay ME, and not ever have the privilege
to take anything OUT of my account. But the form seems to allow
them to legally do either.

No thanks. I suggested a simple eTransfer (via email) but they
gave me some unconvincing excuse. They also did not offer to
provide credit card info to me over the phone; very strange.

So.. this whole thing - a few messages back where I mentioned
that giving someone your transit number and account number to
make it convenient for them to deposit money into YOUR account -
has changed! I forgot about the pre-authorized agreements that
some companies have now suggested inorder to automate monthly
billing payments to them. I don't participate in any pre-
authorized payment arrangements; it's too easy for those
companies to take out TOO MUCH money in error and not be held
accountable.

The transit and account info is found on printed cheques. People
who receive your cheques have the opportunity to record those
numbers. But it was my understanding that no one could
legitimated do anything with them except to DEPOSIT money into
the account that represents those numbers. Now it sounds like
the banks have allowed the reverse to happen.

--- OpenXP 5.0.48
* Origin: Ogg's Dovenet Point (723:320/1.9)
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Hello Bob Roberts!

** On Tuesday 16.02.21 - 15:10, Bob Roberts wrote to Ogg:

I've had a bank account compromised as well. They did it
by calling customer service and pretending to be me. They
knew the answers to my security questions because I had
things like Mothers' Maiden.

I've smartened up about that too over the years. No one but me
would ever guess what I use for my mom's maiden name. I have too
many cousins that would easily know the real name. What a
stupid INSECURE security question!

Just a tip for everyone: The answer to your security
question should be something insane that isn't actually
data someone can find out about you. Your First Grade
Teacher's name should be something like "ZebraFrankenstein"
and your Favorite Movie is "CoffeeDishwasherTelevision". I
learned that the hard way.

If you use the same "insane" names everywhere else, you have to
hope that the systems that they are utilized on do not get
breached - otherwise you would have to come up more insanity.

But I concur with using non-typical answers for those questions.

What is annoying about the Customer Service route is there
are no alerts. My bank will send me 16 text messages if
someone logs into my account on the web, or uses my credit
card to buy something. But there is no alert if someone
calls Customer Service and says they are me. Why not? If
there was I would know known there was a problem sooner.

Put yourself in the bank's position for a moment. People DO
change their phone numbers. If the legitimate you called from a
NEW phone, how would the bank know to alert you that you called
them, especially if the old number nolonger existed? <G>



--- OpenXP 5.0.48
* Origin: Ogg's Dovenet Point (723:320/1.9)
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

On 17 Feb 2021, Ogg said the following...

Recently, I was expecting a payment for a special order and the
customer wrote that they could deposit INTO my bank account by suggesting this:

"Set up your direct deposits and pre-authorized payments easily
and conveniently

"Direct Deposit is a fast and easy way to receive your payroll
or other deposits directly into your chequing account. Pre-
authorized Payment is a convenient way to automatically pay your
bills from your chequing account. This form provides account
information in place of a voided cheque and is used when
arranging for direct deposits or pre-authorized payments. Simply
complete this form and submit it to the organization depositing
the payment into your account.

That more or less is the wording I've seen on most direct deposit forms
payroll checks, which does authorize the reverse as well.

I had an issue at one company where we started a weekend warehouse shift, as the manufacturing floor was beginning to run 24 hours 7 days a week to meet demand. Our on call system generally covered any needs they might have come
up over night, but they decided they needed people full time on weekends.

So for us itvwas a sweet deal. 3 12 hour days and we were paid for 40 hours. Plus $1/hr shift differential. I got and additional $1/hr premium as team
lead. However, my pay was constantly wrong, as apparently no one knew how to process payroll for soneone with 2 premiums.

After calling around, the woman who submitted our time was told to send in my hours with some code, which would go back and catch any money owed me, and going forward correctly process my pay.

My next check was repayment for an entire month, not just what Ivwas owed. Needless to say, the following Monday, corporate accounting was trying to reverse that payment, but my wife beat them to it.

But as we were working on a repayment schedule for around $3500, Going over
all of the documents, it's pretty clear the direct deposit forms allow the reverse to happen.

--- Mystic BBS v1.12 A46 2020/08/26 (Raspberry Pi/32)
* Origin: theoasisbbs.ddns.net:1357

Re: watch out
By: Ogg to Bob Roberts on Wed Feb 17 2021 08:51 pm

Put yourself in the bank's position for a moment. People DO
change their phone numbers. If the legitimate you called from a
NEW phone, how would the bank know to alert you that you called
them, especially if the old number nolonger existed? <G>

The alert wouldn't be conditional. It would simply send me a text message everytime someone called Customer Service and "authenticated" as me. Just ike the alerts they send when I use my credit card, or perform a funds transfer.

The text message would be sent to the number they have on file, just like the existing alerts they have. Some banks use push notifications via their Apps. Whatever works.

Bob Roberts

---
■ Synchronet ■ Halls of Valhalla =San=Francisco= hovalbbs.com:2333

Re: watch out
By: Dream Master to Nightfox on Wed Feb 17 2021 01:08 pm

Also, I've noticed many stores in my area don't require a signature
for card transactions anymore.

That was a remnant when all the stores used that impression machine. There was always that statement on credit card receipts about paying, blah blah. Once we went EMV and PIN, the need for a signature went away.

What is EMV? Also, the only cards I've had with a PIN are my debit cards. I've never had a PIN for a credit card.

Nightfox

---
■ Synchronet ■ Digital Distortion: digitaldistortionbbs.com

Re: watch out
By: Ogg to MRO on Wed Feb 17 2021 08:41 pm

i know another person who lost some money. this time they
think she wrote a check even though her checks are locked
away.

Recently, I was expecting a payment for a special order and the
customer wrote that they could deposit INTO my bank account by
suggesting this:

"Set up your direct deposits and pre-authorized payments easily
and conveniently

"Direct Deposit is a fast and easy way to receive your payroll
or other deposits directly into your chequing account. Pre-
authorized Payment is a convenient way to automatically pay your
bills from your chequing account. This form provides account
information in place of a voided cheque and is used when
arranging for direct deposits or pre-authorized payments. Simply
complete this form and submit it to the organization depositing
the payment into your account.

The rest of the form provides "official" sections where I write
in my bank's transit number and my bank-account number - which
is the same info found in magnetic ink on a cheque.

But I don't like the way the pre-amble is worded. It suggests
that if I comply with providing the info, then they will also
have the authority to take money OUT of my account - much like
how pre-authorized payments get arranged.

yeah if you have direct deposit they can TAKE as well as give.
there's a place that was going out of business that did a direct deposit to employee's bank accounts and then took it back. some banks and credit unions found out about it and blocked it from happening.

since you signed that paper you authorized it so you it's your word vs theirs. i wouldnt trust it.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Re: watch out
By: Ogg to Dream Master on Wed Feb 17 2021 07:59 pm

signature. The scribble on the paper by the customer doesn't
prove ownership, but it gives me as the vendor the extra
documentation that "someone" used that card and I was the
witness.

Some years ago my daughters were selling Girl Scout cookies. We had a credit card reader on our phones and we had a customer swipe and sign. He disputed the transaction and I had to eat the cost. EVEN AFTER SIGNING!!!

People suck.

Brian Klauss <-> Dream Master
Caught in a Dream | caughtinadream.com a Synchronet BBS

---
■ Synchronet ■ Caught in a Dream - caughtinadream.com

Re: watch out
By: Nightfox to Dream Master on Thu Feb 18 2021 08:12 am

What is EMV? Also, the only cards I've had with a PIN are my debit cards. I've never had a PIN for a credit card.

I had a feeling someone was going to ask me about that. EMV - Europay, Mastercard, and Visa ... basically, a chipcard that is readable globally.

Brian Klauss <-> Dream Master
Caught in a Dream | caughtinadream.com a Synchronet BBS

---
■ Synchronet ■ Caught in a Dream - caughtinadream.com

Hello Nightfox!

** On Thursday 18.02.21 - 08:12, Nightfox wrote to Dream Master:

Also, I've noticed many stores in my area don't require a
signature for card transactions anymore.

That was a remnant when all the stores used that
impression machine. There was always that statement on
credit card receipts about paying, blah blah. Once we went
EMV and PIN, the need for a signature went away.

What is EMV? Also, the only cards I've had with a PIN are
my debit cards. I've never had a PIN for a credit card.

EMV = Europay/Mastercard/Visa? I'm not sure what DM means by
that either. When I refer to credit card payments, I usually
just use the term CC.

PIN was implemented practically simultaneously in both debit and
CCs here in Canada.


--- OpenXP 5.0.48
* Origin: Ogg's Dovenet Point (723:320/1.9)
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Hello MRO!

** On Thursday 18.02.21 - 17:53, MRO wrote to Ogg:

But I don't like the way the pre-amble is worded. It
suggests that if I comply with providing the info, then they
will also have the authority to take money OUT of my account
- much like how pre-authorized payments get arranged.

yeah if you have direct deposit they can TAKE as well as
give. there's a place that was going out of business that
did a direct deposit to employee's bank accounts and then
took it back.

That's playing dirty. Shame on that biz.

some banks and credit unions found out about it and blocked
it from happening.

It usually takes 3-4 days for a cheque to clear. Since the pre-
authorized payments/deposits are based on the same numbers,
there were a few days to intercede, I guess.

since you signed that paper you authorized it so you it's
your word vs theirs. i wouldnt trust it.

Well.. I didn't sign anything. I wrote back saying that I am not
comfortable in the working of the agreement, and told them I
will be fine with them sending a cheque as payment.

--- OpenXP 5.0.48
* Origin: Ogg's Dovenet Point (723:320/1.9)
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Hello Bob Roberts!

** On Thursday 18.02.21 - 08:02, Bob Roberts wrote to Ogg:

Put yourself in the bank's position for a moment. People
DO change their phone numbers. If the legitimate you
called from a NEW phone, how would the bank know to alert
you that you called them, especially if the old number
nolonger existed? <G>

The alert wouldn't be conditional. It would simply send me
a text message everytime someone called Customer Service
and "authenticated" as me. Just ike the alerts they send
when I use my credit card, or perform a funds transfer.

So if the real you called from a new phone, then the alert can
go to the now non-existant (previous/old) phone number and
therefore wouldn't matter? OK.

But techincally, how could the actual phone alert be tied into
the phone system? I can see how such an alert can work when
visiting websites, detecting failed logins, and getting alerts.
But I don't think there even exists a way to alert you if
someone just happened to call the bank and mention your name.

If you expect to get a text message for every authentication
attempt, the clerk/person on the other end would need to
activate a "send text alert" button or something. That extra
technology probably doesn't even exist on their systems.

I get text alerts when my balance falls below a certain amount,
and when a significant payment goes through. Although the info
is handy, it doesn't really help much in preventing an
unauthorized activity happening in the first place. :(

The text message would be sent to the number they have on
file, just like the existing alerts they have. Some banks
use push notifications via their Apps. Whatever works.

But the problem is how does the sending of the text message get
activated? Does the customer service agent have a big red button
on their desk?


--- OpenXP 5.0.48
* Origin: Ogg's Dovenet Point (723:320/1.9)
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Hello Barmed!

** On Thursday 18.02.21 - 07:59, Barmed wrote to Ogg:

..This form provides account information in place of a
voided cheque and is used when arranging for direct
deposits or pre-authorized payments. Simply complete this
form and submit it to the organization depositing the
payment into your account.

That more or less is the wording I've seen on most direct
deposit forms payroll checks, which does authorize the
reverse as well.

What many people may not realize is that they also have the
power to re-word those things (crossing out what doesn't apply),
initial it (ideally initialled by the initiator as well) and the
modified doc is the new doc.

I have a problem with the first sentence in my quoted part above
where is says "used when arrranging for direct deposits *OR*
pre-authorized payments."

The people with whom I am dealing with owe me cash. With my
obliging with that form/agreement, it would appear that I would
be agreeing for the reverse transaction too. Maybe they think
they are just trying to be efficient by producing a singular
document that serves two purposes.

Ideally the document could give the choice of one type of
transaction only: [1] payment/withdrawals, or [2] deposits, but
not both. I would then participate more readily.

I've seen these pre-authorized payment "agreements" written in
such a way that in small print they stipulate that "in case of
error, the signer agrees not to hold the institution at fault
and shall not prosecute." It is a shame that people actually go
along with this.

Needless to say, the following Monday, corporate accounting
was trying to reverse that payment, but my wife beat them to
it.

Amazing story. I signed up for auto-pay deposits with one of
the last corporations I worked at. I do remember that the
agreement only said that it was ONLY for the purposes of deposit
to the employee's account.

But as we were working on a repayment schedule for around
$3500, Going over all of the documents, it's pretty clear
the direct deposit forms allow the reverse to happen.

People forget that they can cross out anything they do not agree
with. Initial the changes. Have it witnessed if possible.

I am tempted to educate the "customer" that wanted me to sign
their auto-pay/deposit form and tell them what exactly why I
refuse to sign it.

The fact that they refused to consider an eTransfer to me which
is much easier and simpler than the whole auto-pay/deposit
shenanigans is telling.

An eTransfer is a guaranteed one-way transaction - into my
account. There is nothing that facilitates the person making the
transaction to reverse it. I like that!


--- OpenXP 5.0.48
* Origin: Ogg's Dovenet Point (723:320/1.9)
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: watch out
By: Ogg to Bob Roberts on Thu Feb 18 2021 21:57:00

If you expect to get a text message for every authentication
attempt, the clerk/person on the other end would need to
activate a "send text alert" button or something. That extra
technology probably doesn't even exist on their systems.

the system may already be coded to send these alerts without any intervention or knowledge of the clerk... the simple act of them accessing the account could trigger it... think about it ;)


)\/(ark

---
■ Synchronet ■ The SouthEast Star Mail HUB - SESTAR

Barmed wrote to Ogg <=-

My next check was repayment for an entire month, not just what Ivwas
owed. Needless to say, the following Monday, corporate accounting was trying to reverse that payment, but my wife beat them to it.

Reminds me of when I worked for a startup. I was hired at a base rate with a $15K/year bump when they received their second round of funding. Newbie CEO didn't catch that they were paying me for the first 2 months at the higher rate, and decided without telling me to lower my rate by $30K to even it
out.

Much discussion ensued, and I suggested they pay me at the base rate that they'd promised, and delay my bump for 2 months after funding.

Newbie CEO liked that idea. I didn't like the CEO much after that, and used
a project to downsize their server footprint and get the systems to run on autopilot as the beginning of my consulting career after they failed to get
a second round of funding.




... The robots can go off-script?
--- MultiMail/DOS v0.52
■ Synchronet ■ realitycheckBBS -- http://realitycheckBBS.org

MRO wrote to Ogg <=-

yeah if you have direct deposit they can TAKE as well as give.
there's a place that was going out of business that did a direct
deposit to employee's bank accounts and then took it back. some banks
and credit unions found out about it and blocked it from happening.

I learned that after being let go from a company. They'd paid out my PTO and part of the time worked, less than I was owed.

You think they'd make a payment for the remainder?

No.

This was local government. They clawed back the original direct deposit payment and re-processed the exit payment. It took 5 days to alert them to
the mistake, zero time to retract the payment, and another 10 days to make
the correct payment.

If you're going to let someone go, at least get your ducks in a row.


... The robots can go off-script?
--- MultiMail/DOS v0.52
■ Synchronet ■ realitycheckBBS -- http://realitycheckBBS.org

Dream Master wrote to Ogg <=-

Some years ago my daughters were selling Girl Scout cookies. We had a credit card reader on our phones and we had a customer swipe and sign.
He disputed the transaction and I had to eat the cost. EVEN AFTER SIGNING!!!

Did you add them to the NATIONAL GIRL SCOUT DO NOT SELL LIST?

Imagine if they went to buy cookies the following year from someone else and were declined.

Big Scout strikes again.


... The robots can go off-script?
--- MultiMail/DOS v0.52
■ Synchronet ■ realitycheckBBS -- http://realitycheckBBS.org

Ogg wrote to Barmed <=-

What many people may not realize is that they also have the
power to re-word those things (crossing out what doesn't apply),
initial it (ideally initialled by the initiator as well) and the
modified doc is the new doc.

With employment agreements, as well. I had a friend who'd redline anything
he didn't want in there, and asked to speak to corporate counsel when
someone told him it wasn't allowed.

CC would look at it, shrug, and allow the redline.

Once he redlined a non-poach clause, and after he had given his 4 week
notice (he had a project he wanted to finish up) was overheard talking to
one of his co-workers about the new job and positions there.

The manager attempted to terminate him and walk him out the door, and he showed them his agreement with the redlines. They walked him out, but paid
him the 4 weeks first. Shrewd guy.

I wondered if that was his plan all along - he wouldn't have minded making
the boss look bad as his last act.



... The robots can go off-script?
--- MultiMail/DOS v0.52
■ Synchronet ■ realitycheckBBS -- http://realitycheckBBS.org

Hello Rampage!

** On Friday 19.02.21 - 04:29, Rampage wrote to Ogg:

the system may already be coded to send these alerts without
any intervention or knowledge of the clerk... the simple act
of them accessing the account could trigger it... think
about it ;)

Personally, I think that would be great. I'd love to know when a
teller looks at my account when no one else is looking.

But then, the automated system could be muted in times like
that?

The last time I walked into my bank, all 4 tellers looked busy
behind their shields and masks - but no one else was around.
They seemed to be clicking frantically with their mice. I
imagined they were playing games? They didn't have any other
paperwork in front of them.

--- OpenXP 5.0.48
* Origin: Ogg's Dovenet Point (723:320/1.9)
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: watch out
By: Ogg to Dream Master on Wed Feb 17 2021 19:59:00

The PIN method or the contactless method (ApplePay, PayPass) in
Canada has basically done away with requiring signatures too.
But the POS will sometimes spewout a receipt requesting for a
signature. The scribble on the paper by the customer doesn't
prove ownership, but it gives me as the vendor the extra
documentation that "someone" used that card and I was the
witness.

Isn't the signature practice normally carried out depending on the store's SOP primarily based on the amount of the transaction? That's how it was at least a few years ago here when I last worked at a place where I had to deal with customers and transactions (in the US).

---
■ Synchronet ■ Tinfoil Tetrahedron BBS - skulking seedily against the Brave New World

Re: watch out
By: Dream Master to Ogg on Thu Feb 18 2021 18:34:21

Some years ago my daughters were selling Girl Scout cookies. We had a credi card reader on our phones and we had a customer swipe and sign. He disputed the transaction and I had to eat the cost. EVEN AFTER SIGNING!!!

You're missing one thing that a regular retail outlet has: a small army of lawyers on retainer. :P
IMO, anyway.

---
■ Synchronet ■ Tinfoil Tetrahedron BBS - skulking seedily against the Brave New World

Re: watch out
By: Ogg to Rampage on Fri Feb 19 2021 10:11 am

The last time I walked into my bank, all 4 tellers looked busy
behind their shields and masks - but no one else was around.
They seemed to be clicking frantically with their mice. I
imagined they were playing games? They didn't have any other
paperwork in front of them.

I've never been a bank teller, so I don't know what all they need to do besides serving customers. I doubt they're playing games all the time, and if that's all they're doing, they could certainly serve customers. There may be other banking tasks they were working on.

Nightfox

---
■ Synchronet ■ Digital Distortion: digitaldistortionbbs.com

Hello matjam!

** On Tuesday 16.02.21 - 09:05, matjam wrote to MRO:

no they had the routing info and my bank account info so
they can do a wire transfer.

It's nuts to me that all you need is the bank acct # and a
routing # and you can bleed an account dry with ACH
transfers.

The way things are supposed to work with someone knowing your
bank acct # and routing # (which are the same on your cheques
is) that a regular person walking in to your bank (or one of its
branches) can use those numbers to make a DEPOSIT ONLY.

If it is an institution that has those numbers, then they have
to show that YOU gave written approval (primarily for the
purposes of taking money OUT for auto-payments) That is why the
businesses that want to take money OUT of your account ask for a
copy of a blank voided check. (They can't use a copy of a
previously used cheque).

Like, what? Why is this a thing? Why don't banks require you
to log into your online banking first to approve the
transfer out?

They don't do that probably because it would be inefficient.
Say, for example, if a transaction needs to be approved by you
and you are not reachable - then what?

I've not had this happen to me, but I would hope that the
bank's fraud department would very quickly reverse those
transfers for you.

It seems that banks are sloppy and are not as thorough as we
would hope they could be.

--- OpenXP 5.0.48
* Origin: Ogg's Dovenet Point (723:320/1.9)
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: watch out
By: Ogg to MRO on Thu Feb 18 2021 08:54 pm

yeah if you have direct deposit they can TAKE as well as
give. there's a place that was going out of business that
did a direct deposit to employee's bank accounts and then
took it back.

That's playing dirty. Shame on that biz.

here's the article of some of it. they ended up doing bankruptcy and paying
10 cents on the dollar to people. they were rich and lived in a gated community.

https://journaltimes.com/business/local/failed-promotions-unlimited-saga-ends/article_38399315-f486-53a8-967d-cd3ebd27ad69.html

they also took money for healthcare and childsupport but pocketed the money. ---
■ Synchronet ■ ::: BBSES.info - free BBS services :::

Hello Sprite!

** On Friday 19.02.21 - 12:04, Sprite wrote to Ogg:

By: Ogg to Dream Master on Wed Feb 17 2021 19:59:00

The PIN method or the contactless method (ApplePay, PayPass)
in Canada has basically done away with requiring signatures
too. But the POS will sometimes spewout a receipt requesting
for a signature. The scribble on the paper by the customer
doesn't prove ownership, but it gives me as the vendor the
extra documentation that "someone" used that card and I was
the witness.

Isn't the signature practice normally carried out
depending on the store's SOP primarily based on the
amount of the transaction? That's how it was at least a
few years ago here when I last worked at a place where I
had to deal with customers and transactions (in the US).

I don't have control over what the POS terminal does. I have
people using CC for purchases over $500 (as would the local
library) and there is no prompt for a signature.

My terminal device is with Chase Paymentech. They control the
requirements. Sometimes people seem to be forced to insert the
card for PIN operation when the device refuses to accept the
contactless method.

The only other time the device prints a receipt requesting a
signature is when the card is non-Canadian or out of province.

--- OpenXP 5.0.48
* Origin: Ogg's Dovenet Point (723:320/1.9)
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: Re: watch out
By: poindexter FORTRAN to Dream Master on Fri Feb 19 2021 06:29 am

Did you add them to the NATIONAL GIRL SCOUT DO NOT SELL LIST?

Imagine if they went to buy cookies the following year from someone else and were declined.

I was using PayPal's Credit Card solution and it bit me in the ass. I switched back to Square and never had a problem afterwards.

Now, your point about a DO NOT SELL list... That's be pretty slick.

Starting last year, Girl Scouts were allowed to sell in front of Marijuana Dispenseries. Prior to that, they wouldn't allow it. Apparently, the powers that be realized that if you're going to smoke, you'll likely get hungry afterwards.

Brian Klauss <-> Dream Master
Caught in a Dream | caughtinadream.com a Synchronet BBS

---
■ Synchronet ■ Caught in a Dream - caughtinadream.com

Dream Master wrote to poindexter FORTRAN <=-

I was using PayPal's Credit Card solution and it bit me in the ass. I switched back to Square and never had a problem afterwards.

I worked for eBay back before they spun off PayPal - they could have bought Square for chump change back then and written off their poorly implemented card solution.

PayPal bit me when I had an eBay auction go sour. I shipped a working
camera. The buyer didn't pay for insurance and sent the payment to an
address of mine that PayPal wasn't linked to (and wasn't on the auction).
So, he was pissed for the delay and threatening to sue.

Camera arrived, he opened it up, tested it, and found it to be DOA (or broke it himself). Then instead of contacting me, contacted UPS and told them
that he hadn't ordered it. UPS charged me for return shipping and PayPal deducted the price of the camera and double-shipping. After an exhaustive investigation, they ruled for the buyer, and took weeks to refund me the second shipping charge.

As I recall, it worked just fine when I received it, and I resold it.



... Accept advice
--- MultiMail/DOS v0.52
■ Synchronet ■ realitycheckBBS -- http://realitycheckBBS.org

Re: Re: watch out
By: poindexter FORTRAN to Dream Master on Sun Feb 21 2021 07:58 am

PayPal bit me when I had an eBay auction go sour. I shipped a working camera. The buyer didn't pay for insurance and sent the payment to an address of mine that PayPal wasn't linked to (and wasn't on the auction). So, he was pissed for the delay and threatening to sue.

Some years ago when my children were younger, my wife found a great deal on LeapFrog games at Toys R Us. She purchased about 10 or 12 of each game and went onto eBay and listed them for their MSRP. We had one buyer who purchased the a game, paid via PayPal, and we sent her the game. She signed for it, which was captured via USPS, but informed PayPal that she never received it. PayPal refused to acknowledge the signature. I was out $40.

I was pissed.

Brian Klauss <-> Dream Master
Caught in a Dream | caughtinadream.com a Synchronet BBS

---
■ Synchronet ■ Caught in a Dream - caughtinadream.com

Hello poindexter FORTRAN!

** On Sunday 21.02.21 - 07:58, poindexter FORTRAN wrote to Dream Master:

PayPal bit me when I had an eBay auction go sour. I shipped
a working camera. The buyer didn't pay for insurance and
sent the payment to an address of mine that PayPal wasn't
linked to (and wasn't on the auction). So, he was pissed
for the delay and threatening to sue.

How could have the buyer used an address (and I assume you mean
email address) that you did not link up? I mean, PP has BUY NOW
and PAY NOW buttons and those are all tied to YOU. How can the
buyer pay using another email address purportedly yours?

But why did the buyer complain about a delay? Is it because
payment didn't go through eBay the first time and therefore you
didn't ship it until it did?

Camera arrived, he opened it up, tested it, and found it to
be DOA (or broke it himself). Then instead of contacting
me, contacted UPS and told them that he hadn't ordered it.

But that can be disproved by your records and the destination
address - all documented on eBay.

UPS charged me for return shipping and PayPal deducted the
price of the camera and double-shipping. After an
exhaustive investigation, they ruled for the buyer, and
took weeks to refund me the second shipping charge.

Sorry to hear about the mixup and the bad experience. But
usually the credit card company will side with the buyer. Things
were stacked against you at the onset. :(


--- OpenXP 5.0.49
* Origin: Ogg's Dovenet Point (723:320/1.9)
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Hello Dream Master!

** On Sunday 21.02.21 - 21:23, Dream Master wrote to poindexter FORTRAN:

...We had one buyer who purchased the a game, paid via
PayPal, and we sent her the game. She signed for it, which
was captured via USPS, but informed PayPal that she never
received it. PayPal refused to acknowledge the signature.
I was out $40.

I was pissed.

No kidding. But how could anyone ignore the fact that the
product was delivered and signed for?


--- OpenXP 5.0.49
* Origin: Ogg's Dovenet Point (723:320/1.9)
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: watch out
By: Ogg to Dream Master on Mon Feb 22 2021 06:53 am

No kidding. But how could anyone ignore the fact that the
product was delivered and signed for?

That's the problem with PayPal; they will always side with the buyer as money was tendered and in my opinion, PayPal reaped some miniscule transaction fee.

I provided a PDF of the signature.

I provided the tracking information.

Nope. I got screwed.

Brian Klauss <-> Dream Master
Caught in a Dream | caughtinadream.com a Synchronet BBS

---
■ Synchronet ■ Caught in a Dream - caughtinadream.com

Re: Re: watch out
By: Dream Master to poindexter FORTRAN on Sun Feb 21 2021 09:23 pm

Some years ago when my children were younger, my wife found a great deal on LeapFrog games at Toys R Us. She purchased about 10 or 12 of each game and went onto eBay and listed them for their MSRP. We had one buyer who purchased the a game, paid via PayPal, and we sent her the game. She signed for it, which was captured via USPS, but informed PayPal that she never received it. PayPal refused to acknowledge the signature. I was out $40.

I was pissed.

Generally I've had good luck as a seller on eBay. One time I sold a laptop on eBay, and I shipped it via UPS and got shipping insurance through UPS. The buyer claimed the laptop was damaged and sent a photo of the laptop with a cracked screen. So I went to UPS to let them know and file a claim on the shipping insurance. UPS wanted to contact the buyer and wanted a phone number, so I asked for the buyer's phone number on eBay. It took him a while to respond, and when he did finally give a phone number, UPS said they tried to call and he didn't answer. The buyer was acting a bit sketchy, and eventually filed a claim against me on eBay. After eBay reviewed the conversation history, eBay ruled in my favor.

Another time, I sold a DVD movie on eBay, and the buyer claimed the DVD wouldn't play, and he asked for a refund and left negative feedback. I thought it was weird, because the DVD was fine. Something about it seemed odd, so I talked to eBay customer support, and they said they had seen that before and they called it 'feedback extortion'. eBay removed the negative feedback from my profile. The buyer returned the DVD, although they only returned the disc without the DVD case, which I was pissed about.. Made me wonder what they did with the case.. Maybe they had their own copy of the DVD without the case and wanted to replace the case? I dunno..

Nightfox

---
■ Synchronet ■ Digital Distortion: digitaldistortionbbs.com

Hello poindexter FORTRAN!

** On Friday 19.02.21 - 06:37, poindexter FORTRAN wrote to Ogg:

With employment agreements, as well. I had a friend who'd redline
anything he didn't want in there, and asked to speak to corporate counsel when someone told him it wasn't allowed.

[...]

I did the same thing. The wording that irked me was something
aking to "will not work in the same field of work with a
competitor for 3 years following termination" ..or something
like that. So, I crossed that out.

Some headhunters gave me that tip.


--- OpenXP 5.0.49
* Origin: Ogg's Dovenet Point (723:320/1.9)
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: watch out
By: Ogg to Bob Roberts on Thu Feb 18 2021 09:57 pm

So if the real you called from a new phone, then the alert can
go to the now non-existant (previous/old) phone number and
therefore wouldn't matter? OK.

Correct. As it should. Because the "new me" may not be me at all, but someone pretending to be me. It's the same as when you change your address or phone number with a bank or credit card. Typically that type of change is a big indicator of possible fraud. And so the Bank will email both your old and new email, or mail your old and new address a confirmation. So if it was changed improperly, you will be notified.

But techincally, how could the actual phone alert be tied into
the phone system? I can see how such an alert can work when
visiting websites, detecting failed logins, and getting alerts.
But I don't think there even exists a way to alert you if
someone just happened to call the bank and mention your name.

When you call customer service, the agent must authenticate you in the system in order to pull up your details. The act of authneticating you would send a notification that customer service has accessed your account details. It's not about "mentioning" your name. Banks don't run off of mentions, they run off computers.

If you expect to get a text message for every authentication
attempt, the clerk/person on the other end would need to
activate a "send text alert" button or something. That extra
technology probably doesn't even exist on their systems.

It wouldn't be the job of the clerk, it would be the job of the developers that work for the bank and maintain their systems to add the code. Banks roll out new features all the time. Thats why their banking apps and websites are always changing.

I get text alerts when my balance falls below a certain amount,
and when a significant payment goes through. Although the info

It would if that notification indicated a payment you didn't authorize.

But the problem is how does the sending of the text message get activated? Does the customer service agent have a big red button
on their desk?

It would happen automatically the second they authenticated you in their system and accessed your account details. Phone systems and computers are integrated in customer service centers. The phone system probably is their computer and they use a soft-client and headset. When they answer a call, the caller info is already on their screen. They ask you the autentication questions and then they are in your account. System code would then execute the notification.

Bob Roberts

---
■ Synchronet ■ Halls of Valhalla =San=Francisco= hovalbbs.com:2333

Ogg wrote to poindexter FORTRAN <=-

I did the same thing. The wording that irked me was something
aking to "will not work in the same field of work with a
competitor for 3 years following termination" ..or something
like that. So, I crossed that out.

Some headhunters gave me that tip.

Where are you? In California, non-competes have been shot down in court several times.


... Do nothing for as long as possible
--- MultiMail/DOS v0.52
■ Synchronet ■ realitycheckBBS -- http://realitycheckBBS.org

Hello poindexter FORTRAN!

** On Thursday 25.02.21 - 05:56, poindexter FORTRAN wrote to Ogg:

.."will not work in the same field of work with a
competitor for 3 years following termination" ..or
something like that. So, I crossed that out.

Where are you? In California, non-competes have been shot
down in court several times.

In my case, that was in the late 80s. Canada.

And yes.. the proper term for the thing was non-competitor
clause. A friend who was already working for that company also
mentioned to me to cross that part out. There were other parts
of the contract I aske about too. I think it was part of a test
to see who was paying attention to details - much what my job
would have required.

--- OpenXP 5.0.49
* Origin: Ogg's Dovenet Point (723:320/1.9)
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP