 |
| Image from author |
A
beautiful ring with the well-known Greek blue eye and a bracelet. That was my
daughter's loot in that nice little shop in Neos Marmaras. When paying with her
card, the shop lady noticed that the payment had not been successful. Well
then, good old cash to the rescue. A little later, the transaction was actually
visible in the bank's app. That was the beginning of a curious series of
events.
We
were still in that village and of course we went back to the store. The
shopkeeper was visibly shocked and immediately went to check both her PoS terminals.
Look, she said, nothing. I saw some Greek letters on the displays, which could
mean anything, but her words and facial expressions were convincing. Moreover,
as we only noticed then, the ING app stated 'reservation' with the amount. We came
to the conclusion that it would be fine.
A day
later, the transaction was still in the app, but now without 'reservation'
added to it – the money was now really gone. Oh dear. What now? I called the
bank and explained the situation. The gentleman who spoke to me could see what
had happened, but he couldn't help me. I would have to go back to the store and
explain it there and ask for my cash. Well yes, I protested, that shop is not
in our village, I would have to drive all the way there again. Then maybe call
them? The telephone costs could be higher than the amount in question. Anyway,
the ING gentleman couldn't do anything for me.
Wait
a minute, I said; a bank transaction must either succeed or fail, but not something
in between. Isn’t it unthinkable that a PoS says that the payment has failed,
and that the payment is then made anyway? No, he agreed with me. But he still
couldn't do anything for me. I mentioned that I wanted to make a complaint
about this and asked him what would happen next. He could only write down the
complaint and pass it on, otherwise it was out of his sight.
What
to do? We are talking about an amount of just over two tenners – money from my
teenage daughter, so a relatively large amount. That shop was about a
twenty-minute drive from our stay, which was doable. And so we went there again
that evening. Fortunately, the same lady was in the shop and she asked what was
wrong right away. She called in her boss (from the store across the street),
who let me take pictures of the PoS's printouts, which showed that no
transaction had taken place for that amount. She even let me take photos of her
banking app, which also showed no sign of my daughter’s payment. The attitude
and helpfulness of this lady convinced me that she was in good faith.
That
was Friday night. On Monday she would immediately call her bank to inquire, and
then she would contact me by email. But on Saturday morning, when we were
already on our way home, we noticed a strange entry in my daughter's account: 'PoS
reversal payment'. The money was back! But how? Did an automated process take
place here, whereby the Greek bank and our ING together established that there
was 'half' a transaction? Or did someone from our bank get to work in response
to my complaint? I can hardly imagine the latter, especially because of the
timeframe (weekend). But I have not (yet?) received any feedback on my
complaint.
In
information security we talk a lot about the aspect of integrity. In our
context, this concerns the correctness and completeness of data and processes.
Nothing may change unjustly and everything must be complete. In the above story,
that integrity was violated: money had disappeared from my daughter's bank
account and that money had not arrived anywhere. Such a transaction should be
binary: right or wrong. It can't be half. I hope someone from the bank will
explain to me how this could have happened. Or maybe someone from the banking industry
in my network (are you reading along, Oscar?).
The
blue eye, which is on the purchased jewelry, is a symbol in Greece to avert
disaster. That eventually worked. Not that I'm superstitious, though.
And in the big bad world…
This section contains a selection of news articles I came across in the
past week. Because the original version of this blog post is aimed at readers
in the Netherlands, it contains some links to articles in Dutch. Where no
language is indicated, the article is in English.
- many victims of ransomware are attacked again.
- malware masquerades as ChatGPT.
- not only the cloud, but also AI is just someone else's computer.
- you can now log in to Google more easily and more securely.
- you will receive security patches for your Apple equipment faster from now on.
- T-Mobile in the US recorded the second data breach of this year.
- earphones
can also have a security vulnerability.
[DUTCH]
- the
Dutch police will remain active on TikTok, but
on dedicated
equipment. [DUTCH]
- In
the fight against phishing/smishing, the
Dutch Tax Administration now sends text messages to entrepreneurs themselves
(without a link, of course). [DUTCH]
.jpg)
No comments:
Post a Comment