Wow. This reminds me of my experience with Coinbase. I find it interesting that they don't see how troublesome all this is. There's a human on the other end of the technology, and shutting them out without a solid reason, or the ability to reasonable appeal is crazy.
As a dev I love seeing these. Makes me feel better about myself when these companies with seemingly infinite resources suck at engineering as much as I do
Yup, but when the age has been (let's say) 23 for an year and becomes 13, the software should smell a mistake.
Of course I have no idea about the actual UI. It's a bad idea to ask for the age because it doesn't update after the birthday. A birth date is much better but it's also personal data and maybe not necessary. If all a site wants to know is if you're 18, just ask it and store a boolean. If you suddenly declare that you're not >= 18 anymore, especially after using the site for a while, smell a misclick on a checkbox, ask for confirmation and explain what's going to happen.
It’s an engineering cost decision. I imagine they get single figure numbers of people making this change each year. The cost of having a developer design and implement a system to catch it, reject the change but save it in a state where it can be applied later, and automatically open either a support ticket or have an automated resolution system is far too high. Much easer to just lock the account and ask the customer to get in touch.
(Assuming there is a save button on the screen and it’s not an auto save on an input change, in which case yes it needs a confirmation dialog)
The software does smell something is off. Typically the policy in this case is that legal told them to deny then access, because they don't want to deal with the legal hassle of serving someone who just told you themselves that they're not 13 yet. (Lawyers are often unreasonably risk-averse.)
>Yup, but when the age has been (let's say) 23 for an year and becomes 13, the software should smell a mistake.
some years ago the Danish electrical company Dong (wonderful name they've since changed for 'reasons') sent me a message - give us a meter reading for your house or we will send someone around to do it and it will cost you some money, so I figured fine I don't have to do anything they do it for me for money!
next year, the same thing.
third year, the same thing. In Christmas of the third year when I was in Berlin I got an email from Dong, you owe us 15 thousand dollars (approx. translating from dkk in head), then later same day you owe us 18 thousand dollars, and finally next morning you owe us 20 thousand dollars.
So naturally I called them up and said I sure would like to know what you all are thinking (which was a lie, I didn't really want to know but I figured I better find out anyhow)
So they said they had sent someone by to read our meter and we had used more electricity and they wanted their money or they were turning it off. So I said you think I used 20 thousand extra dollars in a year?
No, the meter hasn't been read for three years and this is your fault because when we send you a notice to go read the meter you have a moral obligation to do that.
I asked what about their moral obligation to go read the meter when they said they would (which point they did not understand) but anyway since I was supposed to pay 3 thousand dollars a year (which is somewhat high for a Danish family of 3) and paid that it seemed highly unlikely that I had managed to use over two times more than I was estimated to use per year without an increase in population of the house.
It took a lot of arguing to convince them that somehow there was something fishy in the situation and they might have made a mistake, before they would put it to off closing the electricity and do an investigation.
Some months of investigation later, which involved me going to take pictures of my meter etc., it turned out they had read the wrong meter.
tldr: even obvious discrepancies that systems could easily be set to catch will not be caught and you will have to do the work to fix the problems of the organizations providing you services.
Even if it is policy, they can probably have a better lockout page or make it 'disabled' but still let you login to talk to support, get records, etc to fix things. AFAIK it's a complete lockout.
If you work inside these companies, you quickly realize that the amount of work is far greater than the amount of people to do the work, and triage is always happening. The bigger the company gets, the more there is to do.
Another falsehood programmers believe about dates. ))
When immigrants move across borders, often if there is no record of date of birth the date used is the first of January on a best-guess year, and sometimes even the year is wrong. Later this information could be updated. I know of a case of a man whose birthday (immigrant from China) went from January 1st, 1900 to some date in the late 1890s upon documentation being found, just slightly before his 100th (living) birthday.
There are, of course, also reasons for deliberately falsifying a birth date. Accessing an online service is one, false claim of benefits (e.g. pension) may be another, avoiding or enlisting in armed forces, purchasing age-restricted material, renting a hotel or vehicle, the list goes on. A robust system must account for these possibilities.
While there are relatively few people in this specific situation still alive, my grandmother was born in a country that still used the Julian calendar at the time.
Not at all. Just last week my government approved a plan to bring in thousands (I think 3000 or 9000) of immigrants from Ethiopia, a large portion of whom do not have personal documentation.
Yes, but you are designing a system based on a once in 100,000 edge case. There is no reason why such odd and rare requests can't be handled in a customer support request.
...If your customer service team are sufficiently well staffed, trained and have escalation points. In the article the customer service team couldn't even read a decision made by 'The Back End Team'.
A more realistic case for you: People make far more mistakes than you think. Having done genealogy recently, the number of documents with people messing up their own birthdate or name is staggering. On top of the much larger number of registers where someone else have taken the information down wrong.
You're seriously underestimating gow much this happens with current rates of immigration. 1 in 1000 to 1 in 5000 seems to be the correct rate in my country.
Besides, Even with 1 in 100k, with the US population of 330 million, you've created trouble for 3 300 people based on this edge case alone.
Modern example: my father, who is still living, driving, and traveling internationally.
When he was 15, his parents decided it was time for him to start driving his mother around, who never learned how to drive. They wrote down his birth year to make him appear 16. The Texas Department of Public Safety in the 60s wasn’t quite as strict about proof of identity as it is now.
Fast forward to the late 90s, and digitized driver’s licenses. Fortunately, my mother had an inkling that life for my dad might get a bit complicated with a driver's license that didn’t match his birth certificate, so she pushed him to get it corrected.
I imagine there are at least several thousand US citizens who have never lived elsewhere whose primary ID (driver’s license) shows a different birth year from the one on their birth certificates for similar reasons, and it’s a toss-up on which date they use for various purposes.
My grandmother "altered" her date of birth on her birth certificate so her husband wouldn't know she was older than he was.
That date ended up on their marriage certificate.
And then, after her husband passed away and she was approaching pension age, she realised she would only be eligible for the pension a few years later...
So DOB is not immutable.
(and another common source of DOB errors, mixing up the US MM-DD-YYYY versus the normal DD-MM-YYYY format used almost everywhere else...)
The US legal code doesn't give them a ton of flexibility here.
Coinbase has to push the boundaries of US legal code interpretation in plenty of other places... picking "letting pre-teens manage accounts" would be a dumb hill to die on.
Going into your profile on a trading app and saying "i am 12 and what is this", no matter the reason, seems like a reasonable signal that maybe you're not a customer I'm hugely concerned about retaining.
Quite common. On Discord, there are NSFW channels and before joining them, you have to provide your birth date (only once). If you set it to below 13, your account gets suspended/locked immediately.
Commonly the 1 unhappy customer might tell his story to ten of their friends or thousands+ of readers online. Fixing customer problems (especially drastic ones) carries large incentives, because those single stories will actually be observed, while the 1000 happy customers won‘t be mentioned.
The depressing bit is that they can make a rational decision to weigh that cost against the amount of money it takes to keep people happy (vs doing nothing). Not that I support it, but they might be following the financially superior option. There's a lot of incentive to get that answer "correct", so I suspect it's currently working out in their favour, even though it sucks for those of us caught on the shitty side of that equation.
While true that economies in their various forms can form unsympathetic relationships between producers and consumers, it seems that, broadly speaking, producers who align more strongly with consumer satisfaction tend to ‘win’ and those who broadly speaking don’t tend to ‘lose’ on a long-term basis.
To their credit, Apple seems to get this mostly right.
I was banned from Coinbase 4 years ago, and I am still unable, to this day, to create an account without it being banned within 5 minutes of creation and no one is able to give a reason as to why.
From having been behind the scenes of a web hosting company a while back: They almost certainly have decided that you're a scammer, and that any account you ever try to open is just an attempt to get around being banned for being a scammer.
The complete non-answers from support are almost certainly because they have that as a standard policy with people they've decided are scammers, because the genuine scammers out there are extremely good at manipulating literally any kind of even vaguely permissive support policy into enabling further fraud.
The bigger issue here is that when a company is actually good at this stuff (like that web hosting company I once worked for), there's a department specialized in handling these cases with knowledge of how to properly verify legal identities and filter out the scammers... but quite a few companies today both big and small have decided (possibly correctly, given how they're treated) that it's easier and more profitable to just skip that entirely and instead leave false positives locked out of the system permanently.
If it's in finance then unfortunately this is really just how it works in the US. If a bank has the slightest inkling that you're someone on a sanctions list (or that you have a connection to some "bad" country like Venezuela, Iran or Cuba) they'll drop you like a stone.
So yeah I agree it sucks, but the issue is not that every company which complies with OFAC is an incompetent loser. It's that the USA has declared a few countries as enemies and has some tough laws to enforce this both domestically and within its sphere of influence (foreign transactions with a "US nexus"[0] fall under OFAC). If I recall there's no upper bound on the fines for contravening OFAC and there's no leniency for accidentally breaking it even though you demonstrably tried to identify people, or were tricked. So these companies are incentivized to err on the side of extreme caution.
[0] - this is a fun one, iirc this can mean obvious things like "a company has a subsidiary or office in the USA", or "a transaction was conducted in USD" or even "an American citizen was in the room when the transaction was performed".
Traditional banks will cut you off as well. Move lots of money through your account, bounce it between a few accounts and back into your account. They'll cut you off.
In the UK I can raise this with my bank and if they don't resolve it I can raise it with the regulator, who has real teeth. Getting back on topic, who regulates Apple?
There are bank regulators in the US, it is heavily regulated. Businesses are still free to choose who they want to do business with. Banks will get smacked down by regulators if they helped laundered money so they error on the side of caution. The fact that is heavily regulated is the root cause.
That is correct. Yet it doesn't make it good. Customer focused communication even though some indicator tell you to terminate the account should avoid a "The process" situation. This is 2021, we have many amazing communication tools available.
At least in the UK, there are "tipping off" offences that make it very legally risky to tell people why they're suspended. Banks just tell their employees not to do it to avoid risk
It doesn't matter if they lose one customer by mistake if they screen out multiple fraudulent accounts this way. It's simply more profitable to do this in an automated way than to actually consider the human in the equation.
I'm not mad, I've still got my keys from 2014-ish. I only made a Coinbase account after a finance teacher in high school heard that I dabbled in crypto, and bet that he could build a better-yielding portfolio than I could. I logged onto Coinbase, spun up an account with $20 in it, and invested in Chainlink and Ether. Nowadays it's worth ~350 dollarydoos, which isn't absolutely necessary to retrieve. Honestly, it was worth it just to watch his enthusiasm crumble when his 30% APR high-risk portfolio paled in comparison to some dumbass high-schooler's prediction.
File a complaint with your state’s Attorney General, FINRA, the SEC, and NYDFS. Should help Coinbase along in recovering your account. Should take no more than an hour or two to file with all regulators I mentioned.
I'm surprised OP mentioned New York State Department of Financial Services (NYFDS), but this might be the local regulator if Coinbase's home state is New York.
I would still file with them, they can still escalate on your behalf since they are the regulator, or refer you to the agency you should file a complaint with.
