[DannyPage]

> Update 18 December 2025: We’re back! A lovely man from Singapore, working for Apple Executive Relations, who has been calling me every so often for a couple of days, has let me know it’s all fixed. It looks like the gift card I tried to redeem, which did not work for me, and did not credit my account, was already redeemed in some way (sounds like classic gift card tampering), and my account was caught by that. Obviously it’s unacceptable that this can happen, and I’m still trying to get more information out of him, but at least things are now mostly working.

It’s great that it has been resolved, but I’m still baffled by a number of things:

1) Why would redeeming a bad gift card result in a complete shut-down of the account? 2) Why is it seemingly impossible to get any support now unless you drum up a ton of press? 3) Should companies be restricted from growing too large where they can’t support their customers?

In my personal and professional experience, banks are the only companies that seem to actually know how to handle these issues appropriately when it comes to fraud or access. Rather than move to outright banning the account, there are intermediate steps that can be taken. Personal example, my Facebook account was recently banned because a hacker accessed my account uploaded a bad ID when FB requested an ID verification. Despite the request coming from a country I have never visited and would likely be on any high-risk list, my 20 year old account was banned literally overnight without having any recourse. There’s no number or even any email to use. Maybe I can see if the Register will write it up… (I do have all the info from my Facebook account download to show how it was compromised, and any internal support should have been able to see the same… if they cared.)

[xp84]

Banks can’t legally just take your money and lock you out permanently. There are some actual regulations. Plus they have a proper handle on your actual human identity, which means you ought to always have a route to going somewhere in person and proving you’re the rightful owner of your money.

“Online” accounts have zero regulatory requirements, plus many of them aren’t necessarily directly paid-for, so they frame themselves as doing you a favor by letting you have it in the first place. And they usually don’t have a route to prove identity because they don’t record a legal identity (passport/SSN/etc) to begin with (not that that was an issue here, of course - in this case Apple didn’t dispute that they were the owner, just asserted that they were some kind of criminal.)

[coldtea]

>Banks can’t legally just take your money and lock you out permanently.

Yeah, not permanently, only near "effectively" so...

[Terretta]

> There are some actual regulations.

How's that CFPB thing going lately?

[estimator7292]

Banks frequently completely freeze accounts for no discernable reason and with zero communication, support, or recourse.

You're just lucky that it hasn't happened to you. That does not mean it doesn't happen to anyone.

[ryandrake]

What I want to know is why does it always have to go straight from 0 to 100? There's seemingly no concept of proportion. For most online services, your account can be in one of two states: Totally good and "banned for life". There's no warning, no investigative period, no concept of scale (was the fraud $10 or $10,000?), no way to serve your time and come back if you actually were bad. It's just instant, silent BAN HAMMER.

[stackskipton]

As someone who worked in fraud, sometimes the $10 transaction is primer for 10k transaction that will really cost the company. When you don't know what's going on, you don't give a shit about end user and primary objective is prevent the company from losing money, shut it down and sort it out is easiest way.

Furthermore, without physical presence where you could sit down with someone, this becomes more difficult to deal with. Truth is, Apple should have option where someone could go to Apple Store, verify ID and talk to someone with power but they don't want to spend that money so here we are.

[NetMageSCW]

If you don’t care about the end user, you should be fired, your manager should be fired, and your company should be shut down.

[coldtea]

>What I want to know is why does it always have to go straight from 0 to 100? There's seemingly no concept of proportion.

Because anything else would require them to spend resources to examine your case and claims more deeply (to find the appropriate level of response), and they don't want to spend them, plus they don't care.

[sosborn]

At the scale these companies operate and the number of actual scammers they block because of their 0 - 100 policies, I can see how they got there. I bet all of us have had the luck (?) of out card being blocked because someone out there was able to get a hold of the credentials. Collateral damage like this, as devastating as it is to the individual, is probably a drop in the bucket for the company.

I'm not excusing this. What happened here shouldn't happen, and there should be quick resolutions and explanations available to the aggrieved parties.

[quesera]

It's not just corporate policy, it's regulatory requirements in the US.

You must block financial activity, and you must not communicate any details to the customer, upon reasonable suspicion of money laundering activity. There's a process and a prescribed timeline for getting things resolved. There is no penalty for a false positive, but there are large penalties for false negatives.

Having watched hundreds of these things happen, all of the details point squarely to an AML problem. For closed loop gift card programs, the merchant, program manager, issuing bank, and possibly the seller all get involved. It takes time.

This doesn't require shutting off a user's access to their data though -- just preventing financial activity. Apple might not have adequately fine-grained permissions around account suspension to support this, and obviously they should fix that!

[browningstreet]

AML and fraud are different, and the regulatory requirements you're talking about are only one requirement for banks to follow.. they have additional, internal policies of their own that may affect account and money access. If Apple isn't following a Suspicious Activity Report (SAR), then the actions are their own, and the policies are their own.

[quesera]

This is true, but potential money laundering is a UAR, and the issuing bank decides whether to turn that into a SAR (merchants do not file SARs, although at Apple's scale, the conversation between merchant and bank is continuous and both sides will have fraud and AML experts at every step).

The decision to create the SAR will depend on the outputs of the multi-party investigation, which is the thing that takes time and causes visible issues for consumers.

[sceptic123]

When money is concerned, any kind of suspected money laundering / fraud investigation generally requires you to pause that account until the check is complete. What happens afterwards will be down to the results of the investigation.

It's also unlikely there are just those two states. For many services there will be a number of factors involved, but it's purposely opaque to make it harder to circumvent.

[Steve16384]

The same with Youtube. Broken an unknown rule on one of your vids? Your whole account and all the videos are deleted instantly.

[bookofjoe]

My experience with YouTube was different. Two or three times, up to around five years ago, I got an email from them stating I'd done something wrong — used protected music/content etc. — and that this notification wasn't a strike but I should contact them and explain why they were wrong to put a hold on the video and they'd withdraw the notice. I did so and they then responded that the email was erroneous, all good.

[tgsovlerkhgsel]

Because it's easier for the companies and there is no (serious enough) downside to doing it this way.

[chrismorgan]

Depending on the jurisdiction, there may be a financial ombudsman you can appeal to. From what I have heard, Australia’s is effective.

[tuetuopay]

Well for banks your account is usually tied to a local brick-and-mortar agency, where it's definitely someone's problem if a customer comes in and refuses to leave. It's one of the reasons I'll never go with fully online banks.

[coldtea]

>It's one of the reasons I'll never go with fully online banks.

Offline banks are increasingly phased out in many places (closing branches, limiting options, strick appointment only visits, reducing stuff, etc).

[charcircuit]

The police can remove you from the building if you refuse to leave.

[Lx1oG-AWb6h_ZG0]

patio11 wrote a great article and podcast about debanking and anti-money laundering processes last year, it was eye opening how kafkaesque these things are: https://www.bitsaboutmoney.com/archive/debanking-and-debunki...

[SoftTalker]

A bank might freeze an account for suspicious activity but you can walk in to a any local branch and talk to someone about it.

[huslage]

Yes. But that doesn't make it right.

[asadotzler]

Banks are well regulated and will face meaningful consequences for getting this wrong with any regularity.

[bonsai_spool]

> Banks [...] will face meaningful consequences for getting this wrong with any regularity

That's false, unfortunately. There's amazing levels of discretion that banks enjoy and minimal accountability to end users. The CFPB (in the USA, anyway) was a countermeasure but has been recently weakened.

[swat535]

The point is that you have more recourse when dealing with banks than you do with big tech thanks to legislation.

[miki123211]

More important than "well-regulated" is that a bank account is very clearly tied to a single geographic jurisdiction where the bank's headquarters, as well as all its branches and employees, are located.

Apple would be much harder to regulate, as it wouldn't even be clear what jurisdictions should be involve in the process, and what a "change of jurisdiction" would entail. It would also create the opportunity for fraudsters to choose the jurisdiction which gives them the most consumer protections but has the loosest identity verification requirements.

[coldtea]

Not even close to the reality

[benced]

In the US, that doesn't mean they steal your money though.

[crazygringo]

> 1) Why would redeeming a bad gift card result in a complete shut-down of the account?

Because they assume you stole the gift card and are therefore a criminal. As to why they're making the assumption that you are the criminal, not the actual criminal who successfully redeemed the gift card first, you've got me. Since either situation is possible.

> 2) Why is it seemingly impossible to get any support now unless you drum up a ton of press?

I'm as infuriated as you are.

> 3) Should companies be restricted from growing too large where they can’t support their customers?

Size has nothing to do with it. Plenty of small companies ignore their customers too. So I don't think this is the right solution.

> In my personal and professional experience, banks are the only companies that seem to actually know how to handle these issues appropriately when it comes to fraud or access.

There are plenty of horror stories with banks too. I'm not sure they're that much better at all.

[bigyabai]

"No Way To Fix This" Claims Only Digital Ecosystem Where Catastrophic Lockout Regularly Happens

[crazygringo]

I know the headline you're referencing, but "only digital ecosystem"? I'm pretty sure accounts getting blocked is an issue with all of them. So I don't know what point you're trying to make. It's certainly not like Google is known to be any better.

[bigyabai]

Google's digital ecosystem doesn't doctrinally prevent owners from installing software or reflashing bricked hardware. Their OEM might, but iOS is the only smartphone ecosystem I've seen that enforces it universally.

But hey, at least Apple's universal lockout capability is able to deter theft! Every non-negotiable backdoor has a silver lining.

[crazygringo]

I feel like you're conflating three things -- software installation, account closure and disabled hardware.

Software installation has nothing to do with account closure, so I don't know why you're bringing it up.

Account closure doesn't disable your devices. You can set them up with a new account.

And if devices are disabled due to theft and can't be reflashed for sale on the black market, that is a good thing. I haven't heard any reports of people's legitimately purchased devices being disabled due to theft.

Clearly you have things you don't like about Apple, but I don't see what they have to do with the subject at hand, which is account closure.

[fmajid]

Google and PayPal are notorious for locking customers out with no recourse.

[InterlooperX]

Still, with Point 1) I wonder what exactly was happening. To think straight away "suspected fraud/criminal activity" for merely entering a voucher code a second time?

As a sane person I would expect a mere popup saying "Voucher code was already redeemed. try another one" Nothing more.

The ONLY other thing I can currently think of why Apple straight away went to "criminal" would be that the brick and mortar store failed to activate the card when they sold it.

You know, someone shoplifts such a card thinking they got it made. Even though you'd think everybody should know that the code you scratch of that card is only active after the clerk at the register did his thing.

If Apple then receives this voucher code that they must have in their databases but it has a big "not activated flag" next to it, THEN I could start to believe why they would lock down the account that tried to redeem, it.

And even then it seems iffy. Because how should I as the consumer know if the clerk did everything right with the activation?

[crazygringo]

I'm not defending Apple here. But I think the logic is, if you rightfully bought the card then nobody but you should be able to activate it. So the first person activating it is legit, and a second person attempting to activate it is necessarily trying to engage in fraud, having stolen it from a trash can or something.

But this breaks down for the reasons described, that thieves get the code before you do and manage to spend it first once the cashier activates it but before you get home and actually use it.

So maybe that's new and Apple hasn't updated their scam detection logic? It's the only thing I can think of.

[coldtea]

>.As to why they're making the assumption that you are the criminal, not the actual criminal who successfully redeemed the gift card first, you've got me. Since either situation is possible.

Why the fuck couldn't it just be that you forgot and tried to redeem twice?

Just reject the card and be done with it, no action required.

[WorldMaker]

On the subject of (1) I wonder if a complication in this specific case might be a variant of the clbuttic Scunthorpe problem that the last name on the account that redeemed a bad gift card included the word "Butt" and an algorithm or underpaid reviewer (or both) flagged it also as a suspiciously named account.

(2) and (3) remain great questions without enough good answers.

[Artoooooor]

4. Why locking account bricks any device? It should work without registering anywhere.