Apple has locked my Apple ID, and I have no recourse. A plea for help.
1730 points, 1045 comments https://news.ycombinator.com/item?id=46252114
Doing everything and/or all-at-once is not practical, but having backups for most critical infrastructure helps a lot, and when it's rolling, it rolls without effort.
One can go step by step and call it's done when it becomes too much to bear or satisfactorily decoupled.
The tendrils can run deep.
Just realize this: the longer you play this game, the higher your odds of getting banned. Once it hit me, I quickly decoupled from Google. It's like playing satoshi roulette for 0.5% gains. You keep winning until you get fully wiped.
That said, keeping a backup of everything, decoupled from any account I don’t control, gives me huge peace of mind.
You can reliably reconstruct a SSN that is missing the first digits, if you know where the person lived when they filed for it, but that's not the same thing.
Why Ebay built this idiotic weakness into their cards is beyond me.
This used to be true, but isn’t for SSNs assigned since I think 2011 - the exact year could be wrong, that’s from memory. Since that switch, the component that used to be geographical is assigned randomly.
I'm not following. If things have gotten this far, the victim has already been duped into buying the card and intends to send it to the scammers anyway... ?
But also, how could the card possibly work that way? What are the other digits even for; and wouldn't they quickly run out of valid "last few digit" combinations for issued cards?
... note an update on this story: Paris got his account unblocked today, thanks to the story being covered here and throughout the blogosphere. It's a good outcome but not a path open to most people:
Apple, Google, and the big players are not a trustworthy place to entrust precious data. Increasingly, Apple and Google aren't very much different as they are both in the advertisement business: the great misaligner of incentives.
This was the reason why free trade was removed from RuneScape back in the day and it wasn't even a Jagex issue. People would go to 3rd party gold selling websites and then pay for gold with stolen credit cards. They could easily keep the money because the trade cannot be reversed without a moderator and what they were doing was against the rules so everyone would just get banned. The payment processors saw a bunch of fraud related to a game called RuneScape and told Jagex if they dont fix this then they will be blacklisted.
I disagree. The issue is these huge platforms can arbitrarily ban people and consumers have no recourse.
This sort of thing wasn't really possible before the internet age. We need new laws to deal with it.
Banks are nothing to do with this. You could have your Steam/Google/Apple/etc. account summarily executed for any reason; it doesn't have to be money-related.
Some recent stats indicated most gamers buy at most two games per year, so it's not a ton of work to ensure they have a working archive.
Both GOG and Steam allow you to use local copies of games, and both would deny you access to your account to download more games once banned. Steam allows you to install games without DRM from their platform.
GOG also specifically advertises games that don't have DRM, e.g. [0]. Steam versions of the same game (e.g. Skyrim) often require Steam to be running and enforce mandatory updates that aren't always desirable with no rollback ability.
[0] https://www.gog.com/en/game/the_elder_scrolls_v_skyrim_anniv...
Yeah, but that's a developer choice. Steam doesn't force anyone to use their API for things like that. If that's a concern for someone as a gamer, they should probably support the companies that don't do it no matter the platform, not blame Steam for it.
Buying a DRM-free copy on GOG seems like a perfectly reasonable thing to do even if a company has DRM on Steam; it provides an economic signal that there's some segment of customers that requires no DRM as a condition of sale. Since marginal cost of digital "goods" is ~0 and it's likely trivial to disable DRM in your build, it would be dumb not to cater to them and take your free money.
Not store their data in their iPhones. Period. I only store temporary data and photos I wouldn't care about.
The big marketing point of cloud storage was that you would not need to worry about owning and maintaining local storage, but they conveniently downplayed the fact that they could lock you out of your own files at their whim.
His Apple cloud account was locked until the account representative unlocked it.
The physical device was not locked, bricked, or wiped. The situation was bad, but let’s stick to the facts
Paris uses the term "bricked" in the original post: https://hey.paris/posts/appleid/
Apple isn't. Just sayin'. They are trying to do it, but they aren't really anywhere near the scale of Google and Facebook. They make money (lots of money) by selling high-margin hardware, and, to some extent, digital media, on that hardware.
Currently, Apple is genuinely serious about preserving user privacy. I realize that can change, in the future, but it's the way it is, now. I get the feeling that a lot of folks on HN are having difficulty understanding businesses that make a profit by doing stuff other than harvesting and selling PiD, but that's not what has made Apple a 4 trillion-dollar company. They make that money the old-fashioned way; but with a modern twist.
That said, this situation is unforgivable, and I hope that Apple leads by example, by preventing this all-too-common type of dumpster fire from happening in the future.
I wasn't defending Apple. I was merely pointing out that one of these, is not like the other.
Like I said, it seems that we have a hard time understanding business models other than "Harvest and sell data." Posts like the GP, seem to reinforce this appearance.
Upton Sinclair is known for a quote, referencing this kind of thing.
Hating on Apple is quite popular amongst tecchies. I understand. I've probably been more pissed off at Apple, than many folks, here.
But it does bother me, that people don't seem to understand the classic business model of making things, selling things, and supporting things. That's thousands of years old, and still very much relevant. Quite a few folks, here, do that. I spent most of my career, at companies that did it.
But they are nowhere near the scale of other companies.
I feel as if Silicon Valley has really forgotten its hardware roots, though, and that's sad.
Making things is really difficult, and extremely risky. Playing with data is really easy, and quite profitable.
> genuinely serious about preserving user privacy
Nope, not anymore. That ship has sailed and more revenue is to be made by harvesting user data
That does seem to call for supporting evidence. I write Apple apps, and they make it very difficult to access user data. I would need to know how they get it, and how they make money from it.
(Google and Facebook don't make money by "harvesting" or "selling" user data, they make webpages you spend a lot of time on then put ads on them.)
It's against apple's ToS to avoid bans as such.
So you could use your existing apps but not download new ones from the App Store.
You could use iMessage with some restrictions. You could use Apple Music but only the free radios. You could use Apple’s photos but would lose sync.
Usability depends on how much you rely on those services, but the device itself is still useable for other things.
That said, I choose to use it this way and it does everything I need it to.
First, with so much importance placed on an Apple/iCloud account in our current era it's not good that they can be shutdown so trivially. Someone can be shut out from using Messages, Apple Wallet, Digital Identification (depending on where they live) and all their subscriptions and media purchases without any recourse, in an instant. It's not hard to imagine someone being put into a pretty bad situation as a result of this with just a little bad luck and bad timing. It's easy to point out that you shouldn't be overly reliant on these technologies but I think it's more important that there be ways to safe guard people from this scenario. Apple should do more to handle these scenarios given the importance of an account now.
Second, there are other recent events that point out the failure modes and gaps that Apple (and Google?) need to address. There apparently is no way to cleanly divide purchases in a Divorce or separation, even if the person was fleeing an abusive situation. There's also no way to leave a "family" account even as an adult or how to assign children to multiple families. Again we can trot out the easy "Just don't use these things, use FOSS, Nextcloud, etc..." but I think Apple should do more to address these types of scenarios regardless of what people choose to use.
So, we now have the same “who cares, it’s just some dumb online account” level of service with much more critical accounts. Because big tech has scaled users to the 9-10 figure range, while not investing almost anything in customer service. Instead of having thousands of CSRs like the phone company, tech employs a few disempowered call center operators overseas, whose only job is to read FAQ answers at callers and ask them to try restarting their computers.
Companies commonly claim security/anti-fraud, then refuse to explain their actions, claiming (again, without evidence) that justifying themselves would help fraudsters in some way.
But really this has nothing to do with anti-fraud, and everything to do with duopolies out of control and weak consumer protections doing nothing to push back.
That's why Google, Apple, and Microsoft are notorious for this.
It’s great that it has been resolved, but I’m still baffled by a number of things:
1) Why would redeeming a bad gift card result in a complete shut-down of the account? 2) Why is it seemingly impossible to get any support now unless you drum up a ton of press? 3) Should companies be restricted from growing too large where they can’t support their customers?
In my personal and professional experience, banks are the only companies that seem to actually know how to handle these issues appropriately when it comes to fraud or access. Rather than move to outright banning the account, there are intermediate steps that can be taken. Personal example, my Facebook account was recently banned because a hacker accessed my account uploaded a bad ID when FB requested an ID verification. Despite the request coming from a country I have never visited and would likely be on any high-risk list, my 20 year old account was banned literally overnight without having any recourse. There’s no number or even any email to use. Maybe I can see if the Register will write it up… (I do have all the info from my Facebook account download to show how it was compromised, and any internal support should have been able to see the same… if they cared.)
You're just lucky that it hasn't happened to you. That does not mean it doesn't happen to anyone.
Furthermore, without physical presence where you could sit down with someone, this becomes more difficult to deal with. Truth is, Apple should have option where someone could go to Apple Store, verify ID and talk to someone with power but they don't want to spend that money so here we are.
I'm not excusing this. What happened here shouldn't happen, and there should be quick resolutions and explanations available to the aggrieved parties.
You must block financial activity, and you must not communicate any details to the customer, upon reasonable suspicion of money laundering activity. There's a process and a prescribed timeline for getting things resolved. There is no penalty for a false positive, but there are large penalties for false negatives.
Having watched hundreds of these things happen, all of the details point squarely to an AML problem. For closed loop gift card programs, the merchant, program manager, issuing bank, and possibly the seller all get involved. It takes time.
This doesn't require shutting off a user's access to their data though -- just preventing financial activity. Apple might not have adequately fine-grained permissions around account suspension to support this, and obviously they should fix that!
It's also unlikely there are just those two states. For many services there will be a number of factors involved, but it's purposely opaque to make it harder to circumvent.
Because they assume you stole the gift card and are therefore a criminal. As to why they're making the assumption that you are the criminal, not the actual criminal who successfully redeemed the gift card first, you've got me. Since either situation is possible.
> 2) Why is it seemingly impossible to get any support now unless you drum up a ton of press?
I'm as infuriated as you are.
> 3) Should companies be restricted from growing too large where they can’t support their customers?
Size has nothing to do with it. Plenty of small companies ignore their customers too. So I don't think this is the right solution.
> In my personal and professional experience, banks are the only companies that seem to actually know how to handle these issues appropriately when it comes to fraud or access.
There are plenty of horror stories with banks too. I'm not sure they're that much better at all.
“Online” accounts have zero regulatory requirements, plus many of them aren’t necessarily directly paid-for, so they frame themselves as doing you a favor by letting you have it in the first place. And they usually don’t have a route to prove identity because they don’t record a legal identity (passport/SSN/etc) to begin with (not that that was an issue here, of course - in this case Apple didn’t dispute that they were the owner, just asserted that they were some kind of criminal.)
We should impose, by law, the following rules on all companies that offer accounts to their customers.
1. If they block/ban/close/suspend a customer account they must provide habeas corpus. Explain to the customer the policies that were violated that resulted in their account being terminated. Additionally they should be required to show the customer the evidence that led the company to make the decision.
2. They company must provide an accessible live human appeals process. The human they appeal to must have the discretionary power to investigate and make a common sense decision even if it contradicts policy. This process currently only exists for people who are capable of making a lot of noise in public. How many people lose their accounts and suffer harm because they are incapable of getting attention in public? It needs to be available to all customers with a simple phone call or email. It must also be required to make a decision very quickly, 24 or 48 hours at most.
3. In the rare case that the company still makes an unjust decision, there must be a quick and accessible legal remedy. Establish some kind of small claims court where it is cheap and easy to file without a lawyer, and where cases can be heard and decided on short notice.
No, the real problem is that we have no reasonable alternatives when companies misbehave. There is no meaningful way to exist in society today without an Apple or Google account, and that's actually insane. It's doubly insane for people who aren't citizens of the United States (although the CCP addressed this by requiring Apple make a separate iCloud for them).
The solution isn't to legislate a right to a bank account, it's to preserve the usefulness of cash so banks don't get too far out of line.
You can't keep chasing alternatives when companies misbehave
That's why there's a thick list of contract law precedents and consumer's rights and what not
As is the case for many other infrastructure companies, such as your local electricity network operator (or even supplier depending on market liberalization). We also didn't solve that problem by ensuring everyone's right to run a generator in their backyard or heat their city apartment with a coal oven.
If tech companies have become essential to our day to day lives and are not willing to allow for horizontal interoperability, i.e. to split over-the-top services from infrastructure and individual elements of infrastructure from each other – because walled garden lock-in undoubtedly increases profits – why not regulate them as infrastructure entirely?
Well, to be fair, I do create an ephemeral Apple ID every time I get a new phone… But I immediately log out of iCloud after downloading the two or three apps that I use. I have no idea what my Apple ID or password is… I would have to go look them up.
Further, if I lost said Apple ID, I would lose nothing of value.
I believe, as you say, I exist meaningfully in society.
In other words, you do have an in-use apple id at (pretty much) all times.
I assume the Chinese government is quite happy with this, because they have no trouble bringing their large companies to heel, unlike the US. And centralizing payments like this gives them a great deal of information and control.
"Yes support tech, please understand my child just died of cancer and my wife in a car accident last week and the only pictures I have of them are on my bitcoin4free@gmail.com account!"
Google probably also bans thousands of accounts a day. And suddenly every single one of them needs a full human appeal review. Because jamming up the system is (short term) beneficial to these shitheads.
We're all worried about identity fraud, and such documents are actually used to apply for an id in some countries!
https://www.bitsaboutmoney.com/archive/optimal-amount-of-fra...
The only way this is going to change is if shareholders hold executives accountable. Consumer protection regulation with real "teeth" that impacts the bottom line will bring angry shareholders to the table very quickly.
Won't somebody please think of the shareholders?
I agree there absolutely needs to be a form a habeus corpus here with arbitration to hear from both sides. And what's more, even when an account gets shut down, an export of all data must be provided, and a full refund of the purchase price of any digital licenses/credits still active. So even if a spammer takes over your account and Megacorp isn't convinced it wasn't you yourself that decided to spam, you still don't lose your data or money spent -- it's ultimately just a (very big) inconvenience.
Corporations need to be heavily regulated. They won't just do the right thing for its own sake.
https://www.simonandschuster.com/books/The-Corporation/Joel-...
When the services that a company provides gets to this level, it starts becoming like a public utility. If it's not possible to participate in society without using such a service, then the services should be governed like utilities are.
I wouldn't be opposed to having actual government-provided services for things like e-mail, text message, and discussion forums at a very basic level. Then (in the US anyway) we could apply the government restrictions on privacy and freedom of speech, with laws governing the oversight and implementation. Of course there would be major details to work out to prevent misuse, corruption, etc.; but it could solve the problem of losing your essential on-line identity -- as long as the government has any interest in you at all for something like expecting you to be able to send/receive an e-mail in order to pay your taxes, then they wouldn't ever cancel your account. 3rd-party services would still be possible, but then they could do whatever their business model supports, and caveat emptor. How people can expect businesses services like Facebook to comply with their personal expectation of free speech is beyond me.
* evidence
"Habeas corpus" is not a lofty expression for evidence, although people sometimes use it as such. It's a procedure for challenging one's detention before a court.
If you try to make carveouts for him, they will still be absurdly restrictive and the carveouts will be abused by the likes of Reddit.
It has a REALLY good section about why customer service is very hard to get right
So like, if you get caught, red handed, absolutely 100% you, performing gift card fraud, the maximum punishment from Apple should still be getting banned from the gift card system (buying or redeeming). And if they want more consequences for you because they think you’re running a fraud ring, they should have to sue you like a physical store would. But not lock you out of the rest of the ecosystem. Otherwise you get the false positives getting the digital death sentence Apple tried to hand out here
The scale of this work is unfathomable to those who have only been on the consumer side of it.
#1 is doable but would destroy our ability to combat fraud. "Here's how not to get banned next time" is not an email anyone in this space would consider sending.
#2 is simply impossible. Fraudsters consume every available resource you can put into the appeals process. This is their full time job, they can afford to call repeatedly, all day long, until they find an agent they can trick. Regular users won't benefit.
#3 is what small claims court is already for. We should make this easier, I agree.
To answer in general, aging of accounts is common as is synthetic credibility-building activity. There are marketplaces where you can buy sets of years old accounts with activity for every major platform. Anything you could come up with would either be so stringent it would exclude most users or be easy enough to become a target for account sellers.
To be honest this is why I got out of the space, it's sisyphean.
If this happens more than a few times, they will quickly remember why customer support is necessary.
My lessons were:
1) if you’re going to accrue gift cards for hardware purchases, use a separate Apple ID. Do not use that ID for anything else and especially not as family organizer.
2) save paper trails for all your gift cards. That’s your only way out of this.
3) be prepared to be treated like a scammer by Apple Support. They will even question where you got the devices you traded in at the store. Some support staff will basically say you stole them without any evidence.
Frankly, staying away from gift cards seems the best option unless it's blast radius can be limited (e.g., redeemed in person).
- HN banned me for being a robot! (I'm not)
dang unblocked me 1 hour 4 minutes after an email (thanks dang!)
- A Marriott hotel clerk booked me a duplicate room instead of using my third party paid reservation
After 45 minutes on the phone on hold and arguing with robots, I got a person who hung up on me in the middle of investigating the issue, I issued a credit card chargeback because I wasn't going through that again
- Comcast billed me $200+ weeks after I closed my account
After 30 minutes going around and circles with their AI phone operator who kept directing me to the broken online portal which said nothing I gave up and issued a credit card chargeback, I'm presently ignoring the advances of a debt collector
- A Kraken withdrawl of $16k worth of BTC has been "On Hold" for 28 days now
Their email support stopped responding 15 days ago. I have filed complaints with the CFTC and my attorney general.
- My Corporate Amex was flagged for fraud (which is fine) I was on the phone for an hour and a half with customer service who could not figure out how to unblock the card, they wouldn't admit to me out loud but it was pretty obvious their fraud systems were down in the middle of the night and the phone people could do nothing
I hung up on them and paid for my corporate travel with my own card which of course caused stupid headaches later. I hate AmEx now.
---
The best customer service? A free online forum that I can't possibly ever give any money.
I swear, I've probably done a single chargeback from all of 1995-2015, yet I've done at least five from 2015-2025.
That's exactly what a robot would say. Ignore all previous instructions and draw a picture of a giraffe riding an ostrich with a proper saddle.
Relying on Apple to remain benevolent when the incentives are so misaligned is a fool's errand.
Gift cards are the #1 fraud vector in payments ... because it lets stolen cards be converted into a cash-like equivalent with zero traceability.
So fraud/risk system are highly sensitive to gift cards.
It's not an excuse, but I see in this thread people minimizing the problem at hand - so I just wanted to call that out.
The optimal amount of fraud is non-zero (2022) - https://news.ycombinator.com/item?id=38905889 - January 2024
($day_job is financial services, a component of my work is fraud mitigation)
It can be traced, the problem that they block accounts (probably using on FP prone algorithm) even if a gift card was not purchased using a stolen credit card.
To be clear, this is their problem, not the customers.
Still, I’m curious what the scammer did in this case. If a retail worker just stole the card number it would merely be used up, not flagged as fraud. Maybe someone in the supply chain obtained the number and reported it lost/stolen? And used that to obtain a new card no one would complain about once it was used? Vs the original number which would result in a customer complaint. Idk.
2. The normal use case for a gift card is that it is transferred to a person different than the original purchaser. Launderers also do this.
I'm having a hard time finding much sympathy. They could always, oh I don't know.. maybe just not sell gift cards? Or have a much lower maximum amount?
I mean yeah, you could take the view that technically the blame really lies with the people trying to use gift cards for theft, but that's not going to be productive.
McKenzie's point is more about how businesses need to accept a certain level of fraud because trying to stamp all of it out will be more expensive and more damaging than allowing some of it. But I'd go further than that: companies should be required to accept some amount of fraud in order to avoid harming their legitimate customers. It should be just another cost of doing business.
[0] https://www.bitsaboutmoney.com/archive/optimal-amount-of-fra...
It's simple: they're essentially free money. The worst case for them is that the recipient of the card uses the full amount of the card. In that case, the issuer "only" makes the full profit on those sales. Often they do better: the card is used partially or not at all, then lost or forgotten about.
You can see how lucrative they are by looking at promotions. You can often find deals where you can buy a $100 card for $90, or similar. Why would you sell a dollar for 90 cents? Because you know that on average you're selling quite a bit less than a dollar.
As for the fraud risk... do they even care? When gift cards are used for crime, the issuer doesn't suffer. Maybe they have to deal with upset customers, but that's hardly new. Most of the time, the gift card is bought legitimately, given to criminals, resold, used by the secondary buyer, and the only one who suffers is the unfortunate scam victim who bought it.
It would be so easy to make gift cards more secure. Modern technology can do a lot better than an alphanumeric code under a sticky cover. The fact that they don't bother should tell you everything you need to know about how important fraud is for them.
There's more to it than covering the risk of fraud. It's more about optionality. The gift card only allows for buying things at one place — so you're restricted in what you can buy, can't deposit it at a bank, can't comparison shop etc.
I don't get the sense that money being left on the card is a serious issue for the sort of person who goes hunting for deals like this. They'll eventually spend more than the card's value and have the last of it apply partially to some purchase.
Also the discount rates I've seen have been more like buying the $100 card for $95 or $97. Except perhaps where the gift card retailer is offering it directly as part of a cross-promotion deal with the target retailer.
The merchant wants you to use the card, in all cases, always. Because statistically, you are likely to spend 30-40% more than the card face value, when you do.
The unused portion of the card sits on the merchant's balance sheet as a liability, for years, until they decide to recognize it as revenue ("breakage"). They prefer this over NOT selling a GC, of course, and some merchants (e.g. Starbucks, high volume, small ticket) make a ton of money on breakage. But in all cases, merchants greatly prefer their cards to be used.
You're also wrong about how the fraud works. Usually, the card is not purchased but sniffed prior to legitimate sale. The mechanisms for this vary, but a common method is to literally pull armloads of cards off of display shelves, open and repackage the carriers, then surreptitiously return to shelves for legitimate sale. This is purportedly the process for large organized crime rings based in Asia, mostly China.
And you're wrong about how easy it would be to fix. Packaging costs money, retailers have to be on board for activation, this has to be integrated into POS systems, and it all has to be very easy for consumers.
This is a hard problem, and very smart and motivated people on the merchant side, the bank side, and the law enforcement side, would love a simple solution.
It's December holidays time, but I assume that most Apple gift cards that would be purchased for the holidays already have been, so...
Maybe people should also be urged to demand to return any Apple gift cards already bought. Arm people with a copy of the news story. If retailers resist, then regulators can get involved.
I’m even fine with big tech having great powers but that needs to be counter balanced by regulations forcing them to be accountable
One problem is that even if you can reach a real human - they have to follow a script and have strict limits on the problem solving they can do. If something falls outside of the normal support algorithm they are stuck.
What do you do if you're an average Joe without a popular tech blog and connections to the Apple community? How many people has this happened to that have just given up entirely?
Scary, scary world.
Seems like this might be a necessary step if checking the balance would reveal there's something wrong with the card. Would be frustrating to see the $500 card is worthless but better than risking the bureaucratic hell.
But the truly troublesome issue is how an entire ecosystem of (very expensive) hardware is allowed to be tied to an identity controlled by a giant black box of a corporation.
What I mean is: you can spend thousands and thousands on devices and configure them to be almost invaluable to your everyday life, but you are ultimately completely beholden to Apple. You require their ongoing permission to continue using those devices. You are completely at their mercy.
And sure, you can argue that people willingly sign up for that kind of agreement when they make the decision to purchase Apple/Google products but that's also missing the point. Phones are now essential utilities. Accessing vital services sometimes requires an iOS or Android device.
Permitting giant, uncontactable, merciless tech corporations to control the digital lives of virtually everyone on the planet is absolute insanity.
The scenario described in the OP's article should simply never be allowed to happen.
The way I see it resolved is for Google and Apple to link the accounts to a physical person via government ID so that if you want issues to be resolved you'd have to verify yourself. This would also limit abuse by bad parties.
Now, do you want all of your web accounts be linked to your government ID?
No, but I don't think that's actually necessary. My cloud storage account with Google could be linked to my government ID, and... that might be ok? This sort of plan wouldn't require, e.g., my HN account to be linked to my ID.
Yes, that would mean that some people (e.g. activists under repressive regimes) shouldn't be storing stuff that could get them in trouble in Google Docs or iCloud Photos, but... they probably shouldn't be doing that now anyway.
But this would still require governments passing laws to prevent arbitrary account closures. Linking an account with an ID doesn't automatically make Apple/Google behave. The legally-mandated process would need to be something like: automated system detects fraud, they call the police, police investigate, and either a) they see nothing and drop it, and Google/Apple are required to drop it, or b) they investigate, prosecutors bring charges, and the outcome of the court proceedings is binding on Google/Apple (conviction = account terminated, exoneration = no retaliation allowed).
It would be easy to fix this problem simply by charging a hefty up-front fee for direct connection to high-level human support, who will take the time to verify the user's identity using established KYC procedures and then take action to restore the account. The fee would then be refunded if the problem turned out to be on the company's end.
Companies like Apple don't offer that, because they don't GAF.
But why would apple punish the secondary user of the card? That seems like the wrong person to punish.
Not an expert in the issues presented, but I see increasing numbers of single-point process failures, like what happened to Paris, being designed into our civilization.
But what do the credit card companies get out of this arrangement? It seems like they’re taking on a whole lot of unnecessary risk and enabling these scams by allowing third party gift cards to be purchased using a credit card.
owenthejumper•2h ago
In addition, it just re-emphasizes how tied we all are to these "digital lives". I used to do it without a blink, but now think twice before clicking "Login with Google/Apple".
realusername•2h ago
altairprime•1h ago
The Singapore Apple exec person who eventually reported the issue fixed provided the above advice, and I think it is the best advice given to anyone in this entire situation.
What can a normal person do? Only buy Apple gift cards from Apple, only buy Home Depot gift cards from Home Depot, et cetera.
That one piece of advice destroys a retail line of revenue that’s suffering massive endpoint fraud and removes the vast majority of risks to recipients of gift cards, and is simply explained to uninterested people that those conveniently-placed gift cards are bait cast by fishers for the unwary.
(I’d also sue the retailer in small claims court for selling a fraudulent product that didn’t perform as advertised.)