A 24-Year-Old Scammed Apple 42 Times In 16 Different States

redletterdave (2493036) writes "Sharron Laverne Parrish Jr., 24, allegedly scammed Apple not once, but 42 times, cheating the company out of more than $300,000 — and his scam was breathtakingly simple. According to a Secret Service criminal complaint, Parrish allegedly visited Apple Stores and tried to buy products with four different debit cards, which were all closed by his respective financial institutions. When his debit card was inevitably declined by the Apple Store, he would protest and offer to call his bank — except, he wasn't really calling his bank. So he would allegedly offer the Apple Store employees a fake authorization code with a certain number of digits, which is normally provided by credit card issuers to create a record of the credit or debit override. But that's the problem with this system: as long as the number of digits is correct, the override code itself doesn't matter."

Wow ...

[gstoddart]

But that's the problem with this system: as long as the number of digits is correct, the override code itself doesn't matter.

Who the hell came up with that idea?

That's no security in any meaningful sense of the word.

I'm betting some lobbyist made it so that the banks didn't really need to do anything concrete, just look like they were.

If that's all that's required, the banks deserve to be getting ripped off.

Re:Wow ...

Except they're not, Apple was. TFA states that since they accepted it even after it was denied, Apple's on the hook for it.

Re:Wow ...

[netsavior]

The truth is that credit card interest is the highest profit gig in the whole world. Because of this, Visa/Mastercard and all the myriad banks that work with them have a vested interest in making credit/debit card purchases VERY EASY.
Visa wakes up, takes a dump, then wipes its ass with $300,000 dollars. It is nothing compared to the billions they make in clearing fees alone.
Vendors are not even allowed to do things like require an ID, (I know they do, but it is against the vendor agreement), even though it would make purchases a lot more secure, because EASY trumps everything, EASY makes billions. Secure override codes... Who cares?

Re:Wow ...

[Sockatume]

The way it's supposed to work is that the store calls the issuer and requests an override code, and then keys it in themself. The bank can then tally the auth code against the store's call at the end of the day and process the charge. I have never seen a situation where the customer calls up the bank themselves.

Re:Wow ...

[Krojack]

If the override code is submitted back to the bank and they accept it then it's on the bank not Apple.

1. Run card... denied..
2. Run card again with override code.. accepted..
3. Leave store with items.

Re:Wow ...

[hawkinspeter]

As the bank didn't provide an override code and have no record of providing an override code, why should they accept liability?

Re:Wow ...

[the_skywise]

It's not a unique security code - it's a TRACKING NUMBER. This whole part of the process is designed specifically to work around an issue where the computer records might be incorrect or the computer system is in error and an actual human has to issue an authorization code.

The actual fault in the system is that the Apple Employees let Sharron make the call and GIVE them the number. Instead THEY should've called Chase directly and gotten the code.

Re:Wow ...

[Sockatume]

It's not a security code, it's a reference number. The transaction isn't formally authorised by the bank until the end of the day when they receive that reference number and tally it with the corresponding phone call from the retailer. *Then* the transaction is authorised. (Assuming said phone call included verbal authorisation of the transaction.)

That the Apple Store didn't know this is how the system works means it was completely open to abuse.

Re:Wow ...

[PlusFiveTroll]

If you printed your own card and put a number for an issuer that you controlled I don't see what the difference is.

Re:Wow ...

[Sockatume]

That would take at least five minutes' more effort than this guy had to put in. Good idea though, I might try that one myself.

Re:Wow ...

[naughtynaughty]

Visa/MC and the banks have security measures in place, merchants who follow the process aren't liable for loss from fraudulent cards. Asking for ID provides no additional protection to merchants and to the extent they rely on it instead of established Visa/MC processes it can lessen security. But you are correct that making customers spend an extra 30 secs digging out their ID and having some clerk eyeball it and hand it back is not easy and in fact that 30 secs times all the legitimate transactions is more costly than the RARE case of credit card fraud that could be prevented by asking for ID (which is easily circumvented). The problem here is not the authorization code but that Apple didn't follow the proper procedure of contacting the bank for an override code themselves. There is no need for a secure override code.

Re:Wow ...

[medv4380]

Oh, blame the lobbyist? Is your "Free Market" soul hurt? This is a process by the Credit Card companies and the Banks. Lobbyists have next to nothing to do with it. Apple screwed up by not contacting the bank themselves. Apple screwed up by allowing a bully customer to steamroller them. Most companies don't even allow their employees to do this process because doing so says you're absolutely sure you've followed the process, and will accept the charges. It's typically only done on big ticket purchases were the bank won't authorize anything above a set limit unless all the verification steps are done.

Re: Wow ...

No, no one ever contacted the bank. Apple's Point of Sale software was configured to accept any number based on length() of the number string. They held the number until the end of the day or some other convenient time, when they'd process it with the banks. That was stupid, and the scam is common. Retailers are starting to learn to call and verify immediately (before clearing tge transaction), not to wait until the end of the day.

Re:Wow ...

[idontgno]

I understand the long-running and much-honored Slashdot tradition of not reading TFA, but couldn't you at least have read The Fucking Summary?

When his debit card was inevitably declined by the Apple Store, he would protest and offer to call his bank — except, he wasn't really calling his bank. So he would allegedly offer the Apple Store employees a fake authorization code with a certain number of digits....

There was ample dumbshittery (and liability) to assign here, but it's all on the Apple Store drones. No bank involved.

Re:Wow ...

[Chas]

Because, apparently, the banks system accepted the transaction.

No. An override code is a local thing. It doesn't communicate back to the bank.

Re:Wow ...

it is up to the cashier to hold the card, read the number and call it themselves

the instant that the apple store cashier accepted that the customer called the right number is when they failed

Re:Wow ...

[ericloewe]

The summary does not make it clear whether the stores' POS systems interacted with the banks' systems.

Re: Wow ...

[gruber76]

Without a central authority, even this is dangerous: simply print out a fake card with a fake phone number on it. [wish I cared enough to inveigh for or against bitcoin or ssl at this point.]

Re:Wow ...

[Roskolnikov]

Well, maybe, but maybe the fault lies with the criminal, they printed credit cards that looked and felt real enough to fool a store clerk who handles them every day, what are the odds that clerk called the bank with the phone number on the back of the card? I have worked in retail, the check/credit card fraud was amazingly simple back then and still they got away with it, the rule of more secure less convenient does come into play but Apple understands this, each sales person is also a 'register' and the the clearing service they use needs to be explicit in dealing with all rejections, sometimes saying no is really a good thing.

Re: Wow ...

I was employed by a large chain department store and electronics store 15 years ago and this procedure was standard even then. If a card was declined, no merchandise left until I called the financial institution (by dialing the phone number printed on the card myself) and the payment was processed in real time. The funds either cleared or they didn't.

Re:Wow ...

[Solandri]

Visa/MC and the banks have security measures in place, merchants who follow the process aren't liable for loss from fraudulent cards. Asking for ID provides no additional protection to merchants and to the extent they rely on it instead of established Visa/MC processes it can lessen security.

The info on the ID is the security measures Visa/MC have in place. They allow a merchant to enter info like address or phone number, and their computers will tell the merchant whether or not it matches the address/phone they have on file for that card. When you pay for gas with a credit card and the pump asks you to punch in your zip code, it's not collecting marketing information. It's using the zip code as a (rather flimsy) security measure to protect against someone buying gas with a lost/stolen credit card. Yeah you can ask the customer to recite their address, but any burglar who stole the card from a house or mugger who got their victim's entire wallet would know the address. A photo ID with that info, while fairly easy to fake, requires a bit more effort on the part of the thief.

Credit card security is in the dismal state it's currently in because Visa/MC/Amex have successfully transferred all the damage from fraudulent transactions onto the merchants. Since they lose practically no money to fraud, they have very little incentive to improve security. (The exorbitant interest rates are to cover the cost of credit card holders who default on their debt.) For market forces to work correctly, financial penalties for risks which fail must be linked to financial profits when those same risks succeed. What Visa et al have done is decouple the penalties from the profits (profits go to them, penalties to the merchant), leading to a situation where they are not penalized when the risks they take (poor security) fail. Consequently there is no motivation for them to improve credit card security beyond the laughable state it's currently in.

Re:Wow ...

The store doesn't call the card issuer for approval. The store calls their merchant bank that provided them with card processing facilities. The merchant bank then calls the card issuer to seek approval for the transaction. The merchant bank do not source the phone number of the issuing bank from the card, they use a lookup table provided my Visa or Mastercard.

Re: Wow ...

[metrix007]

The bank supplies Apple's POS software, so the bank is on the hook.

Pretty simple really.

Re:Wow ...

[RavenLrD20k]

Hell, at the retail outlet I used to work at, manager made a blanket policy that if the POS returned a request for an Auth code we just outright declined the transaction, handed the customer an Experian business card and asked if they had another form of payment. If the customer asked if he could call his bank to get an Auth code (Red Flag) we would say that our business system did not allow for manual authorizations (which was true. The system the manager put in place didn't allow for ManAuths, even if the POS did).

Re:Wow ...

[lgw]

The truth is that credit card interest is the highest profit gig in the whole world. Because of this, Visa/MasterCard

Visa/MasterCard make $0 off of interest. They charge a fee for the convenience of not having to use cash. They're not in the "loaning money" business at all, and of course TFS talks about debit cards, not credit cards.

Vendors are not even allowed to do things like require an ID, (I know they do, but it is against the vendor agreement), even though it would make purchases a lot more secure, because EASY trumps everything, EASY makes billions.

Easy is what the customers want. For normal fraud with actual credit cards (nothing to do with this story, of course), it's the merchant who eats the fraud for ID theft. But merchants sign up for that, because they'll have less business if they're inconvenient for their customers.

Security is not the primary goal here, nor should it be. The only goal of any security here is to limit losses system-wide to something manageable. And it does that just fine.

Re: Wow ...

[parkinglot777]

The bank supplies Apple's POS software

Are you sure about that??? I highly doubt. The software can be from anyone (or merchant). I don't think banks supply POS software. I believe the only thing that bank supply is the validation between the bank and retailers/corporations.

Re:Wow ...

[lgw]

The customer didn't print special cards here - they're just normal, expired cards.

The store doesn't call the number on the back of the card - the store calls their own merchant bank.

This was just straightforward grift (a con game), not some glaring flaw in the banking system. The sales clerks got suckered, perhaps due to lack of training by Apple, or perhaps the con-man was just that good.

Re:Wow ...

The truth is that credit card interest is the highest profit gig in the whole world. Because of this, Visa/Mastercard and all the myriad banks that work with them have a vested interest in making credit/debit card purchases VERY EASY.

Visa wakes up, takes a dump, then wipes its ass with $300,000 dollars. It is nothing compared to the billions they make in clearing fees alone.

Vendors are not even allowed to do things like require an ID, (I know they do, but it is against the vendor agreement), even though it would make purchases a lot more secure, because EASY trumps everything, EASY makes billions. Secure override codes... Who cares?

You don't understand how this industry works. They make more off the transaction fees from merchants, which is why they make spending easy for you, and even PAY you rewards. They are perfectly happy with you paying them back their money every month and charging you no interest even though your average daily balance was > zero. They want you to pump more transactions through that you wouldn't if you had to pay financing charges on it.

They'd rather have you buy a $2000 sofa set that you had NO intention of financing, and give them their money back the next day than sit on their $2000 for months while the value of your sofa slowly deprecates. They want you to run EVERYTHING through your card, and you probably wouldn't if you had to pay for your average balance.

Re:Wow ...

[Serenissima]

I used to work at The Apple Store. And that's really the way it should work. However, from my time there, we had credit cards declined all of the time. The Apple Store is a huge place for fraudulent purchases and credit cards routinely auto-blocked access when purchases were for Apple and outside of typical purchases. We actually had the VP of BOEING's Business credit card declined. The standard procedure was to have the customer call the bank, validate that they were them, and that they indeed DID want to make the purchase. After about a minute, we could re-run the card and it'd work.

Now, when the payment device asked for an Override code, it was the job of the EMPLOYEE to got to the back and call up the bank. We're provided special numbers to call and special codes we have to type in. It's a horribly clunky and long process which everyone hated to do, but that was it. So, this is completely the employee's fault - albeit it's really a training issue and the blame rests with Apple. I can totally see why an employee would

#1) Not want to go through that process when they need to get to the next sale

#2) Possibly be new and not completely understand the process

#3) Be susceptible to some clever social engineering - ie: There are some cases where the customer must call the bank. I need an override code from the bank to process this. The customer is calling the bank, so that means I don't have to!

So it's a big f-up, but I can totally understand how and why it happened.

Re: Wow ...

[geekoid]

That makes little sense, or are you saying all banks supply them with POS software?
Because it would work with any bank. BofA(Bastar^H^H^H^H^ bank of America) , Well Fargo, et. al.

Re: Wow ...

[madhatter256]

Not really, I know people who write POS code for a company that competes with NCR. They have no ties to banks. it's all about talking to processors, like VISA, Mastercard, etc.

I guess people are trying to pin this on the bank because banks are evil. #wallstreet #99% #ideserverwhatyouworkedfor #givemestuff

Re:Wow ...

[ddtmm]

Seems to me Apple should have been the one calling for authentication, not the customer. Definitely Apple's err.

Re:Wow ...

[Concerned+Onlooker]

"Visa wakes up, takes a dump, then wipes its ass with $300,000 dollars."

This must be the reason that all those money laundering schemes exist.

Re:Wow ...

[netsavior]

I like how you cut off the quote of my post where I talk about the banks who work with visa and then the clearing fees... then "disagree" with me, in a way that completely agrees with me. Weird.

Re:Wow ...

[hawkinspeter]

The bank didn't "verify" the transaction. An accomplice of the trickster "verified" the transaction and the Apple store employee thought that the bank had verified it.

Re:Wow ...

[idontgno]

Other than mentioning that the store declined the debit card (which is by definition an interaction between the POS and the credit/debit clearinghouse).

But since you've raised the issue, you've shown exactly where you missed the boat.

The exploit is completely OUTSIDE of the POS<->bank interaction. (Cuz, "debit refused"). The exploit occurs in the "call a fake bank, offer up a fake reference number, have the Apple Store drones accept it as proof of a valid credit/debit transaction" phase AFTER the machine-to-machine part.

Apparenly, you've fallen for the same trick the Apple Store drones did: fixating on the machine-to-machine debit transaction (which failed as expected) and completely neglecting the social engineering that followed.

Re:Wow ...

"merchants who follow the process aren't liable for loss from fraudulent cards"

I am a merchant. Merchants cover the losses for fraud, every time. I am a merchant.
I have never seen a case where the bank or Visa/MC/Amex actually covered the loss.

Re:Wow ...

[EvilJoker]

When you pay for gas with a credit card and the pump asks you to punch in your zip code, it's not collecting marketing information. It's using the zip code as a (rather flimsy) security measure to protect against someone buying gas with a lost/stolen credit card

Sometimes. Other times, it's explicitly used for marketing purposes, and has nothing to do with card security. Gas at the pump is usually security, but any time a cashier is involved it's usually marketing.

Re:Wow ...

[vux984]

it is up to the cashier to hold the card, read the number and call it themselves

It is up to the cashier to call THEIR OWN BANK.
They are not supposed to call the number on the back of the customers card -- for reasons that should be pretty bleeding obvious.

Re:Wow ...

[thinuspollard]

Ok, they way it is supposed to work

• 1. The POS is offline, or the card cannot be "read" by the POS device
• 2. The MERCHANT is supposed to call the bank to obtain manual authorisation
• 3. The bank actually performs the transaction against the backend, reserves the funds and issues an auth code to the merchant. This auth code is a reference number. A pretty large financial switch supplier I used to work with would use the local time (HHMMSS) as an auth number. Nothing wrong with that, transaction has already been authed online via the call centre.
• 4. The merchant enters a manual transaction on the POS device, entering the auth number on the POS device to form part of the transaction.
• 5. The POS does not send anything at this point in time to the bank. Remember, in obtaining the auth number, the transaction was already submitted and approved. The POS keeps this transaction in storage with the auth number
• 6. End of day, the POS submits all transactions to the bank. This is called Banking the POS or settlement.
• 7. Since all online transactions has been performed, these settlement records acts as a reconciliation. At this point the customer's bank account gets debited and the merchant only gets settled for the settlement transactions that were submitted to the bank, not for the online autos. If this settlement transaction does not match exactly with the original auth, the merchant does not get settled for this transaction. (It is slightly more complicated than this, since floor limits allows for the case where there was no original auth and the settlement tran is the only message seen, but for the amount of an Apple Store purchase, this would not come into play)

So the system is relatively secure, but the MERCHANT should have called the bank, not the customer, that is where it broke down. This system also allows for floor limits, where the merchant is willing to accept a certain level of risk and the POS device approves transactions for an amount less than a set limit. At the end of the day the POS device submits these transactions to the bank and if the cardholder does not have sufficient funds, the merchant loses out.

All these protocols have been in place for many years and dates from a time where communication between the POS and the bank was relatively expensive and slow. Dialling up for every transactions was not an option, so you would try to batch them together to achieve a lower cost per transaction.

This is a very high level explanation of the issues involved here, but should convey the general ideas.

Yes, the Apple Store managers and employees were idiots in this case

Re:Wow ...

[Chas]

It's a system for a company to call into the credit card clearance office and obtain an authorization in case their system cannot contact the CC company (like during maintenance periods, etc). It's had historical use in the past. And yes, it should probably be phased out at some point. The fact is, it exists now and there's a legitimate reason for it existing.

Re:Wow ...

[kiwi_jackal]

I've worked in banks in New Zealand and the UK for the past eight or nine years, and we try to tell people that it's the merchant who's meant to contact *their* bank to get the auth code. The only merchants who refuse to do this are in the states. I've always just assumed things work differently over there.

Re:Wow ...

[Serenissima]

Exactly. Apple Store employees (or Retail Employees in General) couldn't give a shit when they're incredibly busy. One person on a (somewhat) busy day could easily make up 10 times whatever revenue was lost due to that bad transaction.

Re:Wow ...

[OakDragon]

Just like hacking* into the system in an 80s movie:

PASSWORD?
>> OVERRIDE PASSWORD

ACCESS GRANTED
>>

* I know "cracking" is the preferred word among hackers; I just cannot bring myself to use it.

Re:Wow ...

[rsilvergun]

The Business doesn't call the number on the Card, they call a number provided by their Point of Sale Vendor and/or bank to get the code.

Re: Wow ...

[Belial6]

Exactly. Apple was stupid for just taking the "customer's" word for it that the phone number called was valid. It is no smarter than someone who gives out their bank info and password to a cold caller that claims to be from their bank.

Re:Wow ...

[cant_get_a_good_nick]

I sorta second the "marketing purposes" asking for ZIP.

You can usually refuse this, and besides that, about 50% of the time they ask you for zip after the transaction has gone through anyway. They can read Track 1 of your card, which includes your name. Name + zip is a decent proxy for unique ID, and Axciom probably has your name anyway.

Re:Wow ...

[jythie]

It is about the same amount of security as writing a check. It is probably a hold over from just that.

Re: Wow ...

[jythie]

The bank supplies an API that people connect to, or at minimal the intermediate network provides an API. All the bank does is plug in to the same network.

Re:Wow ...

[jythie]

I doubt it will be phased out any time soon. While this particular care of abuse is getting a lot of attention and ranting that it should be fixed immediately, it is no worse then how stores handled (and continue to handle) checks for decades now. If retailers and banks have not closed the hole that allows check fraud in all that time, I doubt they are going to rush to make this process more secure either. Last time I checked, writing bad checks is as easy as ever.

Re:Wow ...

[jythie]

Given how pissy customers can get when they have to wait an additional 30 seconds, can you blame them?

Re:Wow ...

[BronsCon]

It also costs them exactly 0.00, whereas preventing it would cost them more. The point is still valid, even if it wasn't presented effectively.

Re:Wow ...

[ericloewe]

I thought it was clear that I was talking about the scam itself, not the setup.

In any case, I did not know how the method works - I do not work as a cashier/salesman and I do not work at a bank.

Re: Wow ...

[BronsCon]

The fee the merchant pays goes to their card processor; the fee their card processor pays goes to Visa, MasterCard, or whatever card company. The fees and interest you pay go to your bank.

Re:Wow ...

[EvilJoker]

Per this article, either you're doing things wrong, or you are a very specific type of merchant.

Generally, if the card is swiped, your card processor (merchant account) eats the loss. If the card number is entered manually, you eat the loss.

Re:Wow ...

[naughtynaughty]

When a clerk asks to check your ID they are likely not doing an address verification, they are looking at the ID and looking at the credit card and seeing if the names match. In California, the Song-Beverly Credit Card Act prevents a brick and mortar merchant from requesting your address under most circumstances. With card present transactions, it isn't clear that merchants bear the loss on approved transactions where the merchant followed all the rules but the card was used fraudulently. The banks do lose a lot of money due to fraudulent transactions and have much improved algorithms for detecting suspicious usage. They are pressing forward with a plan to force Chip and PIN on all merchants with merchants who don't install Chip and PIN terminal equipment no longer being protected from fraudulent transactions. The removal of this protection is pretty suggestive that merchants do not currently assume the burden from all fraudulent usage.

Re: Wow ...

[luis_a_espinal]

No, no one ever contacted the bank. Apple's Point of Sale software was configured to accept any number based on length() of the number string. They held the number until the end of the day or some other convenient time, when they'd process it with the banks. That was stupid, and the scam is common. Retailers are starting to learn to call and verify immediately (before clearing tge transaction), not to wait until the end of the day.

Bingo! The way Apple stores were doing baffles the mind. It is so unbelievably stupid. Every store I have known (Sears, K-Mart, Home Depot, etc) has their cashiers phone the banks or credit card agencies themselves from pre-defined 1800 numbers or from the 1800 numbers off the credit cards' backs. Once they establish contact with a representative, they hand over the phone to the complaining customer (or they establish a 3-way conference call or something.)

Such a system, they way stores do in general, is very resilient to the kind of scam being described here. How Apple would think this ridiculous implementation would work is just stupid beyond belief.

Re:Wow ...

[naughtynaughty]

I disagree https://support.authorize.net/... "When a brick and mortar merchant accepts a credit card, and the charge is authorized, and assuming the merchant conforms to regulation, the merchant will get paid, even if a stolen card is used." http://creditcardforum.com/blo... "Even if the millions of consumers burned in the most recent rash of breaches start clamoring for EMV cards, those cards will offer no extra defense unless retailers update their equipment. That will cost merchants money, but the card networks (Visa, MasterCard, AmEx and Discover) are giving both them and card-issuing banks an incentive to upgrade by October 2015. At that point, the networks will institute a “fraud liability shift.” That’s a fancy way of saying “adapt or pay.” If a consumer’s card is involved in fraud, whichever party involved in the transaction (the bank that issued the card or the merchant that accepted it) that didn’t upgrade to EMV will be held accountable." Linked from the previous link a white paper titled Card Payments Roadmap in the United States: How Will EMV Impact the Future Payments Infrastructure? http://www.smartcardalliance.o... "The contact interface requires the issuance of contact chip cards and the installation of contact chip readers at merchants and ATMs and is required if merchants wish to protect themselves from counterfeit magnetic stripe liability shift. " If merchants get protection from a liability shift if they convert to Chip and PIN then they must not currently have liability. Otherwise there is no shift.

Re:Wow ...

[AthanasiusKircher]

So it's a big f-up, but I can totally understand how and why it happened.

Yeah, I suppose. Except for the part where you had a card declined, and you trusted the customer to provide authorization for the transaction.

I completely get the situation you're talking about -- i.e., where Apple is flagged as an "unusual large transaction," and the customer has to call their bank to clear it. But, as you noted, in that case you can often re-run the card in a few minutes and all is fine. At no point are you trusting the customer's word on ANYTHING -- from your perspective, the card didn't work, but they did some magic dance or sprinkled magic dust, and now the card does work... thus the transaction is authorized.

But here you're talking about a cashier denying a transaction and then manually authorizing it based on what a customer told them. This has a half-dozen red flags all over it. If you were this cashier, would you accept some other lame excuse? "My dog ate my checkbook, so I had to do a special money order thing-o, which didn't show up on my credit statement yet, so they froze everything, but I talked to the bank this morning, and they said it was all honky-dory, so please won't you accept my transaction?" If you wouldn't accept this load of crap from a customer, why would you trust that they called their bank and obtained "authorization"?

And if you'll accept that, I have a set of speakers in my van that I can sell you for 90% off retail. I have a catalog to show you what the "real price" is [wink, wink]. But I need cash now. Honest... I can even show you a nearby ATM where you can get some....

Re:Wow ...

[Serenissima]

But that was the point I was making :)

It's totally the employee's fault. They violated the store policy in exactly the way that you're saying. I'm not agreeing with, or condoning it. I knew enough not to make that mistake, but knowing what I know about the pressures put on you as an Apple salesperson, I was saying I can totally see how someone less experienced or who didn't give a shit would do that. ;)

I'm totally not disagreeing with you at all. If you've spent any time in Retail, you'll know that 90% of the time, Customers really have no idea what they want or what the rules are. Most customers are pretty dumb. Hell, I couldn't even trust them to remember a password that they JUST created minutes before. They are the absolute WRONG source of any useful information - especially about transactions.

Re: Wow ...

[lgw]

As sibling says, Visa charges this fee to the merchant, not the customer. Visa is in the transaction-processing business; it's banks that loan money.

Re:Wow ...

[flyneye]

FDIC insured, you noticed the SS was involved, they get special feelings about bank fraud after the first $100,000 or so.

Re:Wow ...

[JoelKatz]

I doubt that system complies with Federal law. It's unlikely that you had the legal authority to reject an offer of credit if it was approved by the issuing institution. (Unless this was a long time ago before this was heavily abused and the laws were tightened.)

Re: Wow ...

[Nikker]

Because they accepted the transaction ?

Re: Wow ...

[hawkinspeter]

No, the bank refused the transaction (declined the card). The Apple store employee was then tricked into thinking that the bank had authorised it with a manual code though they had done no such thing.

Re:Wow ...

[nitehawk214]

it is up to the cashier to hold the card, read the number and call it themselves

It is up to the cashier to call THEIR OWN BANK.
They are not supposed to call the number on the back of the customers card -- for reasons that should be pretty bleeding obvious.

What good would that do? Their bank doesn't know if the customer's credit card is valid.

Re:Wow ...

[vux984]

What good would that do? Their bank doesn't know if the customer's credit card is valid.

By their "bank" I mean their merchant processing account. And they absolutely can validate the card, and/or contact the customers bank themselves if necessary.

This is the proper documented process. Look it up.

Re: Wow ...

[Cramer]

Nope. The $1 charge is "pending"; they have received authorization to charge you, but they never complete it. This is how they verify the card information. The gas you pump is charged immediately after the transaction is completed -- i.e. as soon as there's a final amount to charge. Most places will show up within minutes; if they wait for hours, the card could be over the limit and the charge refused.

Re:Wow ...

[Patent+Lover]

The few times I've been asked for ID when using a credit card (oddly only in the Las Vegas are), the clerk merely checks that the names match. Most of them do not even look at the picture. It's not really any security at all.

Re: Wow ...

[mr.scoot]

Apple's POS system is an Apple internal system. It is in no way supplied by the banks.

Re:Wow ...

[Altrag]

The article isn't clear. It states the override was "against the instructions of Chase Bank," but it sounds like the instructions are just a generic "overrides are bad mmkay" (in which case what's the point of having them at all?)

The vagueness of the article means we really have no idea what the basis of any case that Apple might bring against .. anyone .. or if they even have a case. A few possibilities:

1) The bank just issues a generic "we recommend you don't do overrides" and calls it a day. They're still shitty for even allowing an unauthorized transaction but they've taken the EULA way out and instead of fixing a problem, just outright disclaim any liability and walk away.

2) The bank issued a specific recommendation to deny this particular authorization. 100% on Apple's shoulders in this case.

3) Some third party equipment or software manufacturer accepts the override on the bank's behalf and does it in a shitty way, unbeknownst to Apple. The Bank's generic warning in this case may be due to the equipment in question so that they don't take liability for some third party's problem, but the third party may still have some liability.

You're right though that the bank probably doesn't have any liability, even if its just due to the #1 scenario of them flat out disclaiming it.

Re:Wow ...

[hawkinspeter]

It was option 2. The bank declined the transaction and then Apple was tricked by the customer pretending to phone the bank whilst actually phoning an accomplice. The accomplice then "authorised" the transaction with a manual code, which Apple believed was from the bank.

Apple should have phoned the bank itself using a known good number. That would have caught out the scammer and Apple wouldn't have lost money.

Re:Wow ...

[hawkinspeter]

I don't think that would apply as he was talking about refusing to do an auth check on an already refused transaction. I'm surprised that you legally have to accept any form of credit, though, as that doesn't sound very practical (and I've seen places that don't accept various cards).

Re: Wow ...

[Plumpaquatsch]

That makes little sense, or are you saying all banks supply them with POS software? Because it would work with any bank. BofA(Bastar^H^H^H^H^ bank of America) , Well Fargo, et. al.

Are you claiming Apple and all other stores write their own credit card processing software?

Re:Wow ...

[Plumpaquatsch]

I understand the long-running and much-honored Slashdot tradition of not reading TFA, but couldn't you at least have read The Fucking Summary?

When his debit card was inevitably declined by the Apple Store, he would protest and offer to call his bank — except, he wasn't really calling his bank. So he would allegedly offer the Apple Store employees a fake authorization code with a certain number of digits....

There was ample dumbshittery (and liability) to assign here, but it's all on the Apple Store drones. No bank involved.

Nope, its all on a system that accepts random numbers of a certain length with the only safety "feature" being that the store clerk is supposed to call the bank himself so they can tell him a code that he can make up on his own. IOW that override is seriously broken. And has been used to defraud for ages, because the criminals know how it works.

The only reason this is "news" is because one guy hit one chain of stores. No, wait, it's because that chain is Apple.

http://www.tampabay.com/news/c...

"It does not actually matter what code the merchant types into the terminal," the U.S. Attorney's Office in New Jersey stated publicly in February after a similar case there. "Any combination of digits will override the denial." (The Tampa Bay Times is withholding the number of digits so as not to inspire anyone.)

Re:Wow ...

[Plumpaquatsch]

The way it's supposed to work is that the store calls the issuer and requests an override code, and then keys it in themself. The bank can then tally the auth code against the store's call at the end of the day and process the charge. I have never seen a situation where the customer calls up the bank themselves.

And the con man's solution to that is a man in the middle attack. And the store still has to pay.

Re:Wow ...

[Plumpaquatsch]

This was just straightforward grift (a con game), not some glaring flaw in the banking system. The sales clerks got suckered, perhaps due to lack of training by Apple, or perhaps the con-man was just that good.

Yeah, the fact that an override code is just any random n-digit number without even a CRC is not a flaw. Not at all.

Re: Wow ...

[Plumpaquatsch]

Visa/MasterCard make $0 off of interest. They charge a fee for the convenience of not having to use cash. They're not in the "loaning money" business at all, and of course TFS talks about debit cards, not credit cards.

BULL-FUCKING SHIT.

I have NEVER been charged a fee "for the convenience of not having to use cash". That fee is the couple of percent cut they take from each transaction, and the merchant has to eat the cost.

IOW it's not a fee you have to pay, it's a surcharge every customer has to pay, including those who pay cash. Because the merchant sure as hell won't eat the cost, thank you very much.

Re:Wow ...

[david672orford]

It's not a security code, it's a reference number. The transaction isn't formally authorised by the bank until the end of the day when they receive that reference number and tally it with the corresponding phone call from the retailer. *Then* the transaction is authorised. (Assuming said phone call included verbal authorisation of the transaction.)

That the Apple Store didn't know this is how the system works means it was completely open to abuse.

In other words, the way it works is completely counter-intuitive. Any reasonable person observing the process would assume that the bank was contacted both times. Even if you train employees to use differnet procedures, the strong (though false) reassurance provided by the part of the process which they can observe will cause them to get lax.

Re:Wow ...

[david672orford]

There is no need for a secure override code.

The problem here is that when used in POS this code looks like a secure code, walks like a secure code, and quacks like a secure code, but isn't a secure code.

Re:Wow ...

[JoelKatz]

You don't legally have to accept any form of credit. However, you cannot selectively refuse to accept credit if the bank accepts the transaction. *You* aren't issuing the credit, so there is nothing for you to accept or refuse. If you run the transaction, you are agreeing to accept it if the bank does. You can't say, "well, the bank agreed to accept credit, but nevertheless, I won't accept it." You used to be able to, but this was horribly abused by businesses who would reject credit cards from young people, people who looked poor, and so on.

I'm not sure the fact that the bank initially rejected the transaction would help here. If the bank accepted the transaction, you then have a legal obligation to do so. "We have no way to do that" doesn't seem like a reasonable argument unless you actually do have no way. But here you clearly could run the transaction again. So it seems, at least to me, like this policy doesn't comply with the law and creates exactly the situation the law was trying to prevent -- people who have credit transactions accepted by their bank still have them refused by businesses that have no legal authority to accept or decline the offer of credit.

Re: Wow ...

[metrix007]

Really? Who do you think makes those Chase terminals? The Stores?

Re: Wow ...

[metrix007]

I may well have been wrong. I was under the impression the bank supplies the equipment (i.e. the card readers and pinpads) and therefore at least the core software to process those cards and authenticate them.

Re:Wow ...

[aestrivex]

I don't understand what is the issue here. (IANAL and I don't really have any knowledge of what the actual law says, I am just an observer curious about common law rather than actual law).

I agree that it seems reasonable that the merchant cannot selectively deny credit if the bank accepts the credit. In this scenario, however, the bank clearly does not accept the credit, it says "no I reject the credit." So we are not talking about whether or not the merchant is liable for accepting the credit that the bank issued, we are talking about the situation in which the customer wants to appeal the bank's rejection and whether or not the merchant is liable for refusing to process this appeal.

Independently of the merchant, the customer can go to the bank and settle the issue (i.e., have the restrictions on the card revoked). I understand that some merchants might want to sell their goods and so would help the customer process the appeal, that's great. But it seems like a thing that should be at the discretion of the merchant. Why should the merchant be liable for not agreeing to do that and telling the customer "I don't trust you. Go settle this with your bank, and if you do and your bank offers me credit I will be happy to take it"?

Re:Wow ...

[JoelKatz]

Why should the merchant be liable for not agreeing to do that and telling the customer "I don't trust you. Go settle this with your bank, and if you do and your bank offers me credit I will be happy to take it"?

Because that's not what the merchant does in this case. In this case, the bank has offered the credit and the merchant refuses to process it on the grounds that they don't trust the customer. But that's exactly the decision merchants are prohibited from making. They don't get to decide whether to trust the customer or not, that's the bank's decision. Once the merchant makes a request, if the bank has decided to extend the credit, the merchant has to process it. "Our system isn't set up to do that" is not going to cut it.

If the bank says "process the transaction", the merchant can't stick their hands in their ears and say "lalalalala, I am not listening, I don't trust this customer".

Re: Wow ...

[aitikin]

And Apple Stores ran the card AGAINST their cardholder agreement (which states you cannot run a card for a declined charge again on the same business day, even though everyone does it), so Apple is out $300k.

Re: Wow ...

[lgw]

The concept of merchants eating costs is a bit nonsensical anyhow: most of what we buy on a daily basis is sold on a very thin margin, so when an external cost is imposed across the market, it has to come from the customers.

Re:Wow ...

[Yaztromo]

When you pay for gas with a credit card and the pump asks you to punch in your zip code, it's not collecting marketing information. It's using the zip code as a (rather flimsy) security measure to protect against someone buying gas with a lost/stolen credit card.

I had never seen this done prior to a trip through the US earlier this year. Of course, it wouldn't accept my Canadian postal code (which is a six character mix of alternating letters and numbers). I had to cancel the transaction and go in and have the cashier run everything manually, and then go in after filling up to complete the transaction.

Not the end of the world, I suppose. I suspect we don't bother with doing that here in Canada due to a) stronger privacy laws and b) near global use of chip-and-pin for credit cards. At the time, my natural first thoughts were "why on EARTH would you need to even ask me that???". Now I know why, and will know better the next time I'm down that way.

Yaz

Re:Wow ...

[lgw]

There are plenty of smart engineers working for Visa. How much would $CLEVER_IDEA cost? How much does this sort of fraud cost? You can bet someone did the math.

Re:Wow ...

[s0nicfreak]

here is no need for the number on the card, but one that the store should have written down somewhere

I know that for cards issued by a credit union, at least, the number called must be the credit union, not the card company. (It makes for one hell of a pain when you have an issue during the weekend. Which just happens to be when I do most of my buying and in-person selling.) The store/vendor can't be expected to keep every local credit union's number on file, and call the correct one when there is an issue. And if it isn't local, well you get the idea...

Re:Wow ...

[s0nicfreak]

What reasons? Because it isn't obvious. I have never seen/experienced a merchant calling their own bank for this - always the customer's bank. Though I've always seen it as the customer reading off the number, not the merchant holding the card and reading it.

Re:Wow ...

[s0nicfreak]

The 1 single time I've been asked for ID when using a credit card, the card wasn't even in my name, it was in my husband's name. They still let me use it.

Re:Wow ...

[s0nicfreak]

Nevermind, I just realized the reason - because the card could be fake. I suppose they ARE actually calling their bank who then checks it against a list.

Re:Wow ...

[david_thornley]

Some time ago, my wife went to an Apple Store to just look at things. While she was out, I got a call from our credit card provider asking if a certain large charge at an Apple store was legit. I approved it.

Re:Wow ...

[vux984]

What reasons? Because it isn't obvious.

Printing a fake card is dirt cheap, and the 'customer can put an accomplices number on the back. Remember, the whole scam revolves around the card not working properly in the machine; so they can pretty much hand you anything.

You must call your own merchant account provider, and THEY will look up any bank phone numbers that they might need to validate the card and authorize the transaction.

Re:Wow ...

[Plumpaquatsch]

There are plenty of smart engineers working for Visa. How much would $CLEVER_IDEA cost? How much does this sort of fraud cost? You can bet someone did the math.

Ohh, I see. It's not a flaw because fixing it would cost more money than it would save. Well make that: It would cost VISA more than it would save them, because they are never affected by the fraud, only the merchants, so VISA's cost is always zero.

Re:Wow ...

[lgw]

Visa has to keep the merchants, and the banks. The cost of fraud to the merchants is likely less than the cost to the merchants of an alternative system.

Slashdot, OTOH, is full of people who are convinced the professionals in some field are idiots because they're not doing what 30 seconds of thought showed was the obviously right thing.

Re: Wow ...

[mjwx]

Not really, I know people who write POS code for a company that competes with NCR. They have no ties to banks. it's all about talking to processors, like VISA, Mastercard, etc.

I guess people are trying to pin this on the bank because banks are evil. #wallstreet #99% #ideserverwhatyouworkedfor #givemestuff

This.

A lot of POS software only does validation locally (I.E. making sure the numbers match the right mask and the checksum). With POS software it's all about getting the transaction done fast, not right because morons, sorry, customers don't like waiting around for the bank to approve their spending.

Knowing how shitty a lot of POS systems are, is one of the big reasons I like using cash. I know one minor chain store that has PCEFTPOS sitting on a computer out the back... unpatched XP box that the staff use for emails/general internet access.

Re: Wow ...

[Mondor]

I've never seen the bank to supply either POS software (thing that works at touchscreen-enabled device) or card payment terminal - the latter is usually supplied by a processing center company which works with many banks.

However, if that was the customer's (Apple) wish to only process the override numbers at the end of the day, then perhaps Apple is the victim, not the processing company or the bank. In fact, I don't see the "bank" in this scheme at all. It's either Apple or the processing company, which might or might not belong to the bank.

What Sharron and Temeshia (oh, these anglo-saxon names...) did to Apple and Victoria Secrets was one of many possible exploits to imperfect system of card transaction. When you are entering your PIN code using corded pin pad, the data is encrypted in transit (where "transit" is that short cable) using DES algorithm. The system consists of two parts - business rules and technology. However, it only protects itself against technology attacks.

The algorithms of higher level, the workflows of the whole process, are made to comfort the customer. Until that final moment of ultimate discomfort, which is regarded as "nonsense fantasy" during the development process. So you don't have to beat the technology if you know the business rules.

Re:Wow ...

[Samizdata]

I doubt it will be phased out any time soon. While this particular care of abuse is getting a lot of attention and ranting that it should be fixed immediately, it is no worse then how stores handled (and continue to handle) checks for decades now. If retailers and banks have not closed the hole that allows check fraud in all that time, I doubt they are going to rush to make this process more secure either. Last time I checked, writing bad checks is as easy as ever.

Just about every decent size merchant I would consider doing business with any more uses third party check verification services. I have seen checks declined before due to said services. Generally they give the customer the service's number and tell the customer "Sorry, it's been declined. You need to talk to these people to find out why."

in fairness...

It might have been 300k retail sales but it only cost Apple 500 bucks.

Re:in fairness...

[Type44Q]

...but it only cost Apple 500 bucks.

500 bucks plus the lives of three Foxconn employees, the services of one street-cleaning crew and a large, counterfeit bottle of [Chinese-knockoff] Simple Green all-purpose cleaner (not quite as effective as the real thing but still more than adequate for getting reasonably fresh bloodstains off of sidewalks). ;)

Re:in fairness...

... it only cost Apple 500 bucks

If you believe IP == worthless, then yes.

No, Apple believes Chinese children are worthless.

Re:in fairness...

[lgw]

If your costs for a box are $1 production, $1000 R&D, then your replacement costs for shrinkage and shipping damage and so on are: $1/box. This guy mightt be 1 lost sale, but he certainly isn't 40.

Re:in fairness...

[EvilJoker]

I fail to see how that article supports that claim. In fact, it shows that Apple is putting forth considerable effort to reduce child labor, and punish suppliers that get caught using it.

Re:in fairness...

[nedlohs]

What IP does Apple now not have do to this fraud?

Re:in fairness...

[lister+king+of+smeg]

I fail to see how that article supports that claim. In fact, it shows that Apple is putting forth considerable effort to reduce child labor, and punish suppliers that get caught using it.

correction apple publicly makes effort to reduce child labor after they were caught using it for years, if they had not been called on the carpet as it were would they have ever tried to reduce it?

Re:in fairness...

[Plumpaquatsch]

iPhones aren't build at Samsung factories.

Re:in fairness...

[david_thornley]

Who else was using child labor? Apple may not be perfect, or even good, but they may be better than most of their competitors.

Brilliant...

[Kyokugenryu]

Brilliant tactic, but dumb enough to use it 42 times? He had to know he was pressing his luck the FIRST time, why would he keep going?

Re:Brilliant...

[Sockatume]

Presumably he was treating it as a source of income rather than a source of Apple hardware.

Re:Brilliant...

[ArcadeMan]

Because.... 42?

Re:Brilliant...

Brilliant tactic, but dumb enough to use it 42 times? He had to know he was pressing his luck the FIRST time, why would he keep going?

Well, dishonest people are essentially stupid - it is their dishonesty that proves their stupidity, even if circumstances create -to them and/or others- impressions of "brilliancy"...

Re:Brilliant...

[Jodka]

from your Puffington Host link:

"The participants were first asked about their wealth, schooling, social background, religious persuasions and attitudes to money in an attempt to establish their perceived social class."

Interesting experiment. The methodology is broken.

Because of the possibility that dishonest people will lie about their own income and social status the conclusion that wealthy people are more dishonest is unfounded. According to the description of the experimental methods, subjects categorized as "wealthy" in the study would have included both the genuinely wealthy and the non-wealthy liars. That is, the study misidentifies poor liars as wealthy liars. And with some degree of idiocy; The experimenters simultaneously identify a group as dishonest and believe their self reports of income, without recognizing the contradiction in that reasoning.

Then, also, more intelligent subjects would seem more likely both to be wealthy and to recognize that lying and cheating within the artificial context of a human psychology experiment causes no real harm and is part of the game. Human subject guidelines would mandate that these experiments be performed with informed consent of the subjects, so no doubt the smarter ones understood this was not real life. Snookering others in games vs real life is a similar distinction to killing others in video games vs real life. Just because you murder others in virtual online environments does not make you more prone to do that in real life. So does lying in games contrived by psychologists make you more prone to lie in real life?

Re:Brilliant...

[clovis]

I tend to ignore the text in any Huff post articles and go to any source if mentioned. The same applies to /. as well.
For this one, here you go:
http://www.pnas.org/content/ea...

It's not an experiment, it's several. and the loose ethics of the wealthy have been noted throughout history.
We don't have to accuse people of lying about their social status because hardly anyone knows what they are except at the extremes.
So, generally the participants weren't directly asked their social status, it was inferred from a tool used in other social studies designed to discover social status without directly asking for it.

Also, two of the studies didn't involve game mechanics - they involved actual theft.

One study was observing behavior in traffic and status (real or imagined) was inferred from the class of automobile.

On the other hand, continuing your theme of poor methodology some studies were done on amazon's mechanical turk using people answering adds on craigslist, an environment not known to me for attracting the wealthy. It's not only a self- selected group, but a particular subset of a self selected group.

Re:Brilliant...

[naughtynaughty]

You only read about the crooks that get caught so naturally you would conclude that crooks are stupid. The smart ones go completely undetected, the slightly less smart ones are never identified but the crime is detected The brilliant ones have enough money and lawyers to make their crime unprosecutable

Well, they got what they deserved

[thieh]

Fool them 41 times, shame on the scammer. Fool them 42 times, shame on them. But c'mon, the fact that no system exists to check this means lawsuits are coming to towns.

Re:Well, they got what they deserved

[Immerman]

As others have said, there is a system to check this - the vendor calls the bank in question and gets an authorization code for the transaction. However, by allowing the scammer to "call his bank" and provide them with an "authorization code" rather than doing it themselves the Apple store employees left themselves wide open to being exploited.

And now..

[justcauseisjustthat]

He'll be serving 5-10 yrs. Brilliant.

Re:And now..

[Zero__Kelvin]

Don't forget the free sex!

Re:And now..

[Jason+Levine]

Don't worry. He's called the parole board and says that they said he should be released as per override code number 12345.

Re:And now..

> He's called the parole board and says that they said he should be released as per override code number 12345.

I hope they arrested him again for stealing the combination on my luggage.

Re:And now..

[FuzzNugget]

"Hey, I'm actually supposed to be getting *out* of prison today, so..."

"You're in the wrong line, dumbass!"

Re:And now..

[wonkey_monkey]

Crucifixion? Good...

Re:And now..

[BronsCon]

The Secret Service was involved and his crime spree crossed state lines. He'll be going to one of the good ones.

Re:And now..

[Zero__Kelvin]

Nobody mentioned rape, and nobody wished it on anyone.

$7142.85

[NoImNotNineVolt]

That's over $7142.85 per "scam". How the fuck do you spend that much money at a fucking Apple store?!

Re:$7142.85

Buy a laptop? :o

Re:$7142.85

[Zero__Kelvin]

I once went to the Apple website to price my ideal server. It cost well over $10,000.00. It was more like 18 thousand IIRC.

Re:$7142.85

[ogdenk]

You aren't far off, a couple high-end 17" MacBook Pros would easily get there pretty quick.

Re:$7142.85

[DJCouchyCouch]

A couple of iPhone cables, iTunes gift cards, iPod socks. Pretty soon it adds up.

Re:$7142.85

[NoImNotNineVolt]

... Apple ... ideal server ...

*head asplodes*

Re:$7142.85

[Zero__Kelvin]

Did I say the price was out of line with the industry? I must have missed that.

Re:$7142.85

[Thruen]

Seriously? They sell computers. I'm more curious how he didn't spend more in there, you could spend more than that on just one computer there with all the options.

Re:$7142.85

[petermgreen]

A 6-core mac pro plus an apple thunderbolt display plus a high end macbook pro for when you are on the road could get to that kind of money pretty easilly without looking too suspiscious (assuming you look rich)

Re:$7142.85

Fanboi alert!

Man - way to jump to defend Apple from a claim that wasn't made.

Re:$7142.85

[Zero__Kelvin]

Spoken like a person who never owned a Macbook. I am a Linux guy, and I am by no stretch of the imagination an Apple fan, but misinformed hatred is just a form of ignorance.

Re:$7142.85

[bobbied]

Nobody questions their quality, just their price for performance. Apple has always sold lower performance hardware at a premium over other kinds of systems. But they have a totally different business model and they sell the Apple branded way of doing things to users who don't mind paying for it.

Re:$7142.85

[bobbied]

Surely they don't have all those in the store? Remember this guy had to walk out with hardware in hand because by COB they would figure out they'd been had, so making any special orders would be a no-go option. No, I'm sure he had to buy "in stock" stuff from the store.

Re: $7142.85

[LocalH]

> hot under the caller

> ignorant

You must be ignorant about that phrase, ironically. It's "hot under the collar", as if someone is breathing fire down one's neck.

Re:$7142.85

[bobbied]

I will point out that Apple's quality has not been as stellar of late, they ARE slipping somewhat, but they are still better than your average company. So, I suppose there are SOME folks who complain about Apple's quality so I must revise my statement.

Most knowledgeable people do not question Apple's hardware quality.

Re:$7142.85

[Immerman]

Most of the technology and electronics are pretty much the same, but the case, screen, keyboard, trackpad, speakers, etc - all the stuff that you directly interact with, tend to be much superior. Often even compared to a comparably-priced PC. Whether or not that is worth the price premium is entirely a personal question.

Re:$7142.85

[JazzHarper]

Eight-core Mac Pro with 27" Cinema Display. Extra memory and hard drives. Plus tax.

Re:$7142.85

[Zero__Kelvin]

I absolutely agree with that assessment :-)

Re:$7142.85

[Zero__Kelvin]

Yes, because one abberation equals a norm.

Re:$7142.85

[phayes]

High-end 17" MacBook Pros? Really? Haven't entered an Apple Store or browsed store.apple.com in the last 2 years have you.

Apple eliminated the 17" MBPs 2 years ago when they introduced the Retina MacBook Pro.

As for how to spend 7 grand in an Apple store, that's easy: A maxed out Mac Pro with a Promise thunderbolt array & a 32" 4k display will cost you $16,911.00...

Re:$7142.85

[jsepeta]

How do you NOT spend that much?

Re:$7142.85

[jsepeta]

I've worked with Apple gear since 1984, and have worked for 3 Apple VARs. I've only seen 3 power supplies go bad in what, 25 years? Sounds like you need to run some kind of power conditioner / UPS to prevent the strain on your power supplies.

Re:$7142.85

[jsepeta]

you can't buy custom-built machines as a walk-in customer; that's an order that's processed over the internet.

Re:$7142.85

[NoImNotNineVolt]

Say what you want about Apple, they make great hardware.

Thank you for granting me permission to speak freely.

Apple doesn't make hardware. They buy it and assemble it into consumer products. Overpriced consumer products.

Unless by "hardware" you meant shiny plastic enclosures, not integrated circuits. In which case, yes, Apple does make great hardware.

Re:$7142.85

[NoImNotNineVolt]

I've been buying computers since I was a kid saving up for a 386DX33. The most I've ever spent on a computer was maybe a quarter of that sum. This further confirms, to me, that Apple gear is immensely overpriced.

Re:$7142.85

[SydShamino]

A few laptops gets there.

The scam works better with a large purchase. Banks routinely deny transaction over some amount, forcing the retailer to call for an override code. Apparently the denial for "bad account" look identical to the one for "valid account, but that amount is high so give us a call, okay?"

If his card was denied for a $500 purchase, he'd need to convince the retailer that it was a bug in the system, not just a routine check for a large purchase.

Re:$7142.85

[metrix007]

The only ignorant people here are those trying to insist there opinion, having been through Apple's RDF, is somehow objectively correct.

Re:$7142.85

[Thruen]

Hasn't this idea been debunked many times? Oh yeah, it has, at this point it's only fools and trolls who say it. If you can't imagine spending that much on one computer, even a Windows PC with power beyond anything you'll ever actually need, I suspect you must have stopped buying computers shortly after that first one. I've worked for businesses that don't mind dropping $10,000 on a single system, and that's not even the upper limit. That doesn't mean everyone's going to go out and spend that much or would even notice any benefit from doing so, but if you know you're a criminal stealing it anyway, you may as well go all out.

Re:$7142.85

[geekoid]

Couple of these plus tax:
http://store.apple.com/us_smb_...

Re:$7142.85

[geekoid]

No, it isn't.
I actual priced this out. Lock at the new 6 core maC. 4 grand for 6 cores and 16GB of Ram? crazy. If I bump up the specs to be a useful animation/artist box it was over 12,000 dollars. Obscene. Maybe with the IBM partnering they will get real servers at a reasonable price running OSX

Re:$7142.85

[geekoid]

Apples server hardware is horrible. This isn't a secret. They've never been able to do it well, it has never been their primary focus. i.e. core compeanct.

They have finally come to grips with that and partnered with IBM.

Re:$7142.85

[NoImNotNineVolt]

Perhaps you pasted the wrong URL? From your own link:

In terms of hardware, there’s nothing really special about a Mac aside from elegant designs, be it a Mac Pro or MacBook Pro, that makes it incredibly more worthwhile than the PC equivalent. And there’s no doubt that you can get an equally equipped PC, or build one yourself, for less money.

Emphasis mine.

I don't doubt that your past employers were willing to buy a *gasp* $10k system. I work in the defense industry, so we throw away that much on test hardware that never even ends up getting plugged in. However, we're talking about consumer hardware. $10k, or $7.142k, is a truly absurd amount for an ordinary individual (or even an exceedingly nerdy individual) to spend on a computer.

Re:$7142.85

[Pope]

Spoken like a person who never owned a Macbook. I am a Linux guy, and I am by no stretch of the imagination an Apple fan, but misinformed hatred is just a form of ignorance.

Welcome to Slashdot!

Re:$7142.85

[Thruen]

Nice job picking out the only quote in the entire thing that suggests Macs are more expensive. You can buy a PC for less than Dell or anyone else charges too if you buy the components yourself. If you actually read the article (instead of deliberately taking out one quote that runs counter to the rest of it) you'll see that between the comparisons they did, the Mac is equal to one system and $200 less than the other. When the components were priced out separately to build a Mac Pro clone, you could save a whopping $5.67. So while they say there's little doubt you could get one for less, they don't actually manage to, and the quote you chose runs counter to the entire rest of the article. But then, that's why you chose the quote, since there's no actual evidence anywhere of Macs being overpriced besides statements from PC fanboys. They don't offer any real budget models or anything, but that's far from the same issue. Personally, I see the value in Macs, it takes a lot less effort to keep it running well for a very long time, and the fact that most people hear that and say you've set your computer up wrong only proves that point. I have two at home that we use regularly, and they're great. But, I also keep a custom PC running Windows 7 for gaming, because it is definitely easier to upgrade than even the Mac Pro and I don't have to wait for ports. There are definitely many pros and cons to each side, but the price isn't really an issue for Apple unless you're only trying to buy a budget system. It's really only fanboys who still say it, and the fact that you deliberately took that one quote out of context knowing what the rest of the article contains suggests that's all you are, continuing on even when you know you're wrong.

As for $7-10k being an absurd amount for an individual to spend on one computer, I'm aware, you'll see I already pointed out most people wouldn't notice any benefit from doing so. However, like I said before, if you're a criminal and you know you're not going to pay for it, why not go all out?

Re:$7142.85

[DocSavage64109]

The Mac systems that are in that cost bracket are for graphic design professionals, not your standard consumer.

Re:$7142.85

[NoImNotNineVolt]

Hi. You're mistaking me for someone who cares enough about Macs to read an entire article only to cherry pick quotes that support my position. To be honest, I glanced at the first paragraph or two, only to find a quote that unequivocally supports my position. Forgive me for citing it as such, and return to your Mac-loving ways.

Re:$7142.85

[NoImNotNineVolt]

Holy fuck I wish I could un-post this comment. I didn't realize it would attract such attention from fans of Apple Computer.

While not an Apple customer myself, I didn't intend this as some sort of Apple-bashing thread. I was merely pointing out that to me, coming from an x86 background, that seems like an astonishingly high sum to spend on any computer at a computer store. Being generally ignorant of Apple products, I didn't mean to imply that this is the cost of a typical Apple product. If you're still feeling butthurt, please s/Apple store/CompUSA/ or s/Apple store/Microcenter/.

Unless of course Apple sells servers at Apple stores. But then again, I didn't even know Apple made servers until some of these responses started rolling in.

Re: $7142.85

[geekoid]

"since it is the primary cause of RSI. "
False.

Re:$7142.85

[geekoid]

Much of the hardware design is done by apple. Don't confuse using off the shelf components with using off the shelf design.

Re:$7142.85

[NoImNotNineVolt]

Are we talking "design" as in which logic gates go in which circuit, or are we talking "design" as in rounded corners? Because I thought Apple doesn't do IC design.

Re:$7142.85

[nabsltd]

I was merely pointing out that to me, coming from an x86 background, that seems like an astonishingly high sum to spend on any computer at a computer store.

And, you are correct...it's a lot of money, and likely would have been several items because really expensive builds are "special order", which couldn't be done with this scam.

A really good 30" monitor could set you back nearly $2,000 at any computer store. An external drive array with 4 disks might be about the same price. Start with a laptop, add a few other accessories and you end up looking like you are buying a complete system (which wouldn't be as suspicious as buying 4 laptops) and are around $6-7K.

Re:$7142.85

[BronsCon]

17"...

They sell 17" MBPs?

Please, please tell me they started selling them again!

The late 2011 model I'm typing this on, the last 17" model they produced, really could use a refresh.

Re:$7142.85

[BronsCon]

MY experience with their PSUs is the exact opposite. My wife caught the cable of her MBP's PSU in the mechanism of our recliner and shorted it out no less than 3 times. I am now using that MBP and I use that very same PSU (having repaired the cable each time) 9 hours a day, 5 days a week, at my desk at work. This is a late 2011 MBP and the factory original PSU I'm talking about.

Regarding the PMU issues, she encountered such issues with this machine shortly after each incident with the recliner. I've encountered exactly zero in the past 2 years in which I've been using the machine; but, then, I haven't shorted it out, either.

Re:$7142.85

[BronsCon]

Precisely. Spoken just like I used to say it before I inherited the one I'm typing on now.

Same CPUs? Yes. Same RAM? Yes. Same chipsets? Mostly. Same build quality? No. While I have seen Apple put out some real garbage, it's rare; in general, their build quality is on par with, or better than, most manufacturers' high-end, similarly-priced systems.

I say that as I'm glancing over at my VAIO Z-Series, which has similar specs to my MBP from around the same time, and cost a couple hundred less. A fair trade for being twice as thick, twice as heavy, and made of plastic; it maybe should have weighed in at a few hundred $$ less for that.

Re:$7142.85

[BronsCon]

Don't even get me started on Apple's phone offerings... complete and utter garbage IMO. The iPad, on the other hand, sees much more use than the Android device I finally realized I wasn't actually using and gave to my wife the other day. That and my MBP, I absolutely love; I just wish they still made 17" MBPs, as this one's getting a little long in the tooth, though it still suits my needs just fine, for now.

Re:$7142.85

[BronsCon]

Or, maybe, "design" as in how the PCBs are laid out and the various component are interconnected. Yes, this matters, and yes, Apple does this.

Re:$7142.85

[RyuuzakiTetsuya]

Probably never.

Half the problem is that they're focusing entirely on "Retina" for their high end, which is basically just a doubling of the screen res. 3840x2160 panels are NOT cheap, they suck a lot of power, and/or they have crappy ancillary specs. Slow response times, crappy contrast ratios and awful refresh rates. You can do MUCH better on all those notes if you were willing to shell out a lot more money, but...

The other half is that they didn't sell very well. Everyone I know who's worked Apple retail has basically said they've never even *seen* a 17" sold.

As a fellow 17"-er myself, I share the pain. :(

Re:$7142.85

[BronsCon]

A 17" retina... driven properly (the crap performance is the result of driving them at voltages that are below-spec or near the low end of the spec for a given panel)... and, being 17", plenty of room for the battery to support it all... maybe a 2nd hard drive bay (I ripped out my DVD drive and stuck the original HDD in a caddy that fills that space, and installed an SSD... I'd love to have a similar setup next time around, as well)... otherwise similar specs to the high-end 15" rMBP model... that would be my ideal laptop right now.

Re:$7142.85

[NoImNotNineVolt]

I have a degree in Electrical and Computer Engineering.

If you think trace layouts matter in the same sense that ICs matter, I don't know what to say. I've never seen a PCB and been like "Whoa, that's some groundbreaking work there! This changes everything!"

Re:$7142.85

[BronsCon]

Mismatch traces carrying parallel signals in a system with tight timing tolerances and get back to me. I never said what you're claiming, but congrats on the degree.

Re:$7142.85

[RyuuzakiTetsuya]

A nice 17" panel draws something like 120W of power at maximum, ~95W for a crappier panel.

The problem isn't just the battery, but also the power brick needed to refill that battery too.

But man alive what I wouldn't do for a 17" rMBP. :(

Re:$7142.85

[deroby]

But.. but...but didn't mac's come with some magic magnetic connectors to safeguard them against cable strain ??

Proof: http://youtu.be/qfv6Ah_MVJU?t=...

Re:$7142.85

[BronsCon]

I don't know about that... My nice 47" TV draws 210W at maximum, powering a 47" 120hz panel, a CPU (smart TV), TV tuner, image processor and stream decoder, and 2 channels of 20 watt nominal (10watt RMS) audio. The only part of that I can account for in numbers is the audio amplifier, which is probably something around 80% (being generous) efficiency... 20W x 2 channels / .8 = 50 watts, leaving 160 for everything else. In use and streaming a video, the unit (according to my Kill-A-Watt) actually draws 172W, which means all components except the audio amp (which we determined to be a 50W load) are sharing the remaining 122W.

Additionally, I have a less-nice 36" TV that draws 64W in total (5W for audio), and the following 3 higher-end monitors: a 25" that draws 31W (6W for audio), a 23" that draws 35W (no audio), and a 22" that draws 36W (no audio).

Add to that, my current 17" MBP has a very nice (if perhaps a bit too blue before calibration) panel that sucks down only a handful of watts (the entire system can run with all cores pegged and pushing the GPU to its limits, on 85W and still charge the battery).

How do you figure a 17" panel is going to draw more current than a 47"? Am I missing something?

Re:$7142.85

[Zero__Kelvin]

"I have a degree in Electrical and Computer Engineering."

You should demand a refund.

Re:$7142.85

[Zero__Kelvin]

It's called Boot Camp. In other words, no, I'm not making the claim and never did. Also, nobody in their right mind would ever do it unless they had a corporate imposed need.

Re:$7142.85

[King_TJ]

You'd be surprised what Apple stores have in stock.

We use their products where I work and I occasionally have to run in to the local store to do a "grab and go" purchase on the corporate credit card when a new person is hired and needs to be issued a machine. I needed the highest spec custom configuration of their retina 15" Pro for a new graphics designer/video editor guy they hired, and it turned out the local store kept that config. in stock -- despite it not being shown anyplace on the shelves as an option.

In general, they apparently stock the "fully maxxed out" configuration of all of their machines in their high volume stores, but don't really advertise it. It's just there for the cases where people come in and request it, which seems to happen just often enough to justify stocking 1 or 2, vs. making people do a special order and wait an extra 1-2 days to receive it.

Re:$7142.85

[bobbied]

I haven't a clue what Apple actually stocks in the store, but I'll bet they keep the maxed out version of just about everything for the rare "I don't care what it costs the company is paying for it and we need it NOW!" crowd. A company the size of Apple can afford the inventory, especially given that their "top of the line" system doesn't change on a regular basis, and there are not that many versions of anything out there to sell. Apart from the consumer devices which they sell like hot cakes (iPod, iPhone, iPad etc) they have what, Two other product lines, a laptop and a desktop? That's two big boxes, maybe three with a monitor, so they got space.

Personally, I'd be surprised if they hadn't carried what you where looking for in stock. I'd be willing to bet that if you walked in asking for less than the top of the line configuration, you'd be sent to the website to order it. But when you have to have it *now* you can bet they are going to take advantage of that and be ready to sell you the highest priced system they can, which means the store only carries the top end configurations for buyers like you, plus a pile of consumer products to service the iPod/iPad crowd.

Re:$7142.85

[Immerman]

Possibly not today - I'll admit I haven't been paying much attention. But once upon a time Macs tended to have higher resolution and a much superior anti-glare coating than anything else on the market.

There's also the fact that not all screens from the same manufacturer are equivalent - for example Samsung probably provides the screens for a goodly portion of the TVs out there, and yet when examined side-by-side the screens in a Samsung-brand TV tend to be superior to the off-brands with a Samsung-manufactured screen, in both reliability and image quality. Alternate production lines? Stratified quality control so that they keep the best for their own TVs while selling off lower grades to alternate brands? A secret sauce only applied to the panels kept in house? I couldn't tell you, but the results speak for themselves.

Re:$7142.85

[linuxrocks123]

I had a power supply on my Lenovo go bad by the tip of it PHYSICALLY BECOMING DISCONNECTED FROM THE WIRE. Messed up my laptop so it randomly turns off now. I needed to replace the computer. Mad as hell.

Re:$7142.85

[linuxrocks123]

If you try to make your own Subway sandwich, you'll end up spending more than $5. Comparing whether you can build EXACTLY the same thing is a fool's game. The correct comparison is building something of roughly equivalent power.

Re:$7142.85

[MachineShedFred]

Or, pricing the same system from Lenovo (or as close as you can get - they use Nvidia Quadro rather than AMD FirePro, and you have to go with a SATA SSD rather than PCI-E that performs >30% better) is $4200, in a much bigger and louder package.

I can't speak to your "bumped up specs to be a useful animation/artist box", but it seems that every single one that Apple has made since December has been happily sold to professionals that care only about getting their work done as quickly and accurately as possible, so Apple must be doing something right.

Re:$7142.85

[Plumpaquatsch]

Surely they don't have all those in the store?

Why wouldn't they? Unless they already sold all of them of course.

Re:$7142.85

[Plumpaquatsch]

The same way you spend over $1500 at Victoria’s Secret, Wet Seal, Banana Republic, and BCBG - you buy slightly more than one item.

http://www.justice.gov/usao/nj/Press/files/McDonald,%20Temeshia%20Sentencing%20PR.html

Re:$7142.85

[NoImNotNineVolt]

I lolled.

Re:$7142.85

[phayes]

Nope, still gone. I wanted to buy a 17" as my first mac after my Macintosh II that lasted over a decade. Apple cut the 17", added retina 15" with only flash hard drive to it's lineup.

I bought the 15" rMBP & a pair of glasses to go along with it & do not regret not having a 17" anymore. The speed of the flash drive & lighter weight more than make up for the lost two inches.

Apple doesn't make many products for the fringes. Axing the 17" in favor of the rMBP was the right choice for the vast majority as the poor sales of the 17" and great sales of the rMBP have shown.

Re:$7142.85

[phayes]

Emphasis added to point out how stupid that statement really is.

No, the important part that needs to be emphasised is that it came from an Anonymous Coward. Idiot statements from an AC, how novel, NOT!

Re:$7142.85

[Plumpaquatsch]

Are we talking "design" as in which logic gates go in which circuit, or are we talking "design" as in rounded corners? Because I thought Apple doesn't do IC design.

So in other words: Apple, unlike almost all other "hardware makers" does make its own hardware. Because they sure as hell do their own IC design.

Re:$7142.85

[BronsCon]

Considering that I make full use of the 1920x1200 resolution of my 17" MBP (and often have 2 external displays connected, on top of that) and already wear glasses, any retina display I use will likely be run at a hiDPI resolution, bringing that 15" display down to an effective 1440x900 (just with smoother text), a loss I'm not willing to accept. The aftermarket SSD I installed blows away the SSDs currently used in the rMBP line, so I'd be taking a step down, there, as well. As for weight; I don't carry my 17" long distances; from my couch to my desk in my home office is something like 30 feet, maybe 120 feet to my car (and it's in a backpack for that trip) and another 120 feet (still in the backpack) to my desk at work.

Anywhere else I need a computer, I bring my 15" (which has the same effective resolution as a 15" retina model in hiDPI, by the way) and the extra 1.1lb it has on the retina model doesn't bother me; I don't work out, but I also prefer not to let my muscles atrophy. Due to its lower resolution, that machine sees much lighter and more occasional use, so I just couldn't bring myself to spend the extra for the retina model, and I don't regret not doing it.

Eventually, someone will release a 3840x2160 or 3840x2800 17" laptop with decent specs and a decent case, keyboard, and trackpad and, unless that someone is Apple, that will likely be among the last days I use an Apple machine.

Re:$7142.85

[NoImNotNineVolt]

Really? I'll be the first to admit ignorance here. I don't know much about Apple and I won't pretend otherwise. I was under the impression that Apple bought components from Samsung, TMSC, etc. Out of genuine curiosity, can you point me to an IC that Apple recently designed?

Re:$7142.85

[RyuuzakiTetsuya]

I'm just spitballing from the power usage specs when looking at monitors. I might be entirely wrong about the precise amount of wattage.

How it could draw more current than a 47" is easy, it's pushing four times as many pixels.

Still, a 3840x2160 display is going to use more power than a 1920x1080 screen, any which way you slice it.

Add to the fact they also haven't been selling well, and the price would be well over 3 or 4 grand...

Apple likes healthy profit margins but a 3 grand notebook on their product line isn't going to move. I'm shocked they sell 15" rMBPs.

Re:$7142.85

[Yaztromo]

But.. but...but didn't mac's come with some magic magnetic connectors to safeguard them against cable strain ??

No. The MagSafe connector was never designed to eliminate cable strain. It was designed to break away from the laptop should you trip over the cable, preventing the laptop from being damaged.

Cable strain can come from many sources. The cable can simply be bent in a funny angle repeatedly over a long period of time. A MagSafe style connector isn't going to protect against that. Yanking out the cable by gripping the cable and pulling (as opposed to holding the connector directly) also causes cable strain, and again -- MagSafe won't help you here (other than by ensuring you can't also accidentally yank the laptop with the cable).

Even the very ad you linked emphasizes this -- the whole point is that the "PC" is damaged -- not the PC's power cord. Apple has never claimed you can't damage the cable by straining it inappropriately, and MagSafe was never designed nor marketed to prevent such damage.

Yaz

Re:$7142.85

[ogdenk]

I'm shocked they sell 15" rMBPs.

And most people they sell them to use them to run Office and hop on Facebook and bought it because of looks and to feel "elite" compared to others in their organization. Apple is great at convincing people they need an i7 and a hi-rez display for basic computing tasks.

The people that can actually make use of them generally can't get them. I had to kick and scream to get my 2011 iMac and 2012 MacBook Air..... in 2013. And I'm the IT Director. I just wanted a UNIX box with native well-known productivity apps and a copy of VMWare Fusion for staging VM's for ESXi servers.

Apple is pretty much the only game in town for UNIX boxes with widespread commercial software vendor support for desktop apps. Linux can be workable if you don't mind jumping through hoops all the time as well as running commercial desktop apps in a VM. WINE is still a joke in most cases and unless ALL your Windows apps run in WINE you might as well use VirtualBox.

There are REALLY GOOD reasons for buying a Mac. Unfortunately none of them apply to the vast majority of Mac users and they are just underutilized, shiny status symbols.

Re:$7142.85

[ogdenk]

Nope, still gone. I wanted to buy a 17" as my first mac after my Macintosh II that lasted over a decade.

Ummm..... the Mac II was released in '87 and discontinued in 1990. Chances are it's closer to 3 decades old. And I haven't seen a 68k MacOS browser that can render modern pages in an acceptable fashion. As cool as I think the 68020 is, trying to use a 16Mhz Mac II as a primary machine in the 21st century is a little weird. A/UX or NetBSD/mac68k would be fun on a tricked out Mac II as a toy though.

Hell, 10 years ago you could have bought a Blue&White G3 or early-model G4 for $50 and still had software compatiblity with the 68k.

Re:$7142.85

[BronsCon]

Since light emanating from one point loses brightness exponentially as it spreads to cover an area, the backlight of a larger screen will draw exponentially more power than the backlight of a smaller screen, for the same given brightness. The bigger your screen gets, the more the ration of backlight power to panel power skews toward the backlight, so you can't really say a 3820x2160 display will always draw more power than a 1920x1080 display; it may be true at the panel level, but what use is the panel without the backlight? And no panel is drawing 120W by itself, period.

While a panel with 4x as many pixels can be expected to draw roughly *up to* 4x as much current, the switching voltage of each individual pixel drops as the pixels become smaller, so the wattage of the panel does not scale linearly with resolution, but it does scale with size. Since the brightness requirements of the backlight scale exponentially with size, a larger screen quickly begins to draw more power than a smaller screen, even if the smaller screen packs more pixels.

I'm sure I've made some factual error, here, and welcome someone who actually has an EE degree to step in and correct me; however, I'm certain I've gotten the basics correct.

Re:$7142.85

[BronsCon]

I'm with you as one who actually uses a mac as intended. Pretty much any time I'm in front of it, at least 12GB of the 16GB of RAM in the machine is in use, and at least 2 of the 8 logical CPU cores are pegged, if not more; on not-rare occasions, I see 8 pegged cores and a ton of swapping as 16GB isn't really enough (though it's the max for this machine) for some of what I'm doing, which, of course, leads to a very non-responsive system. Budget woes and the unavailability if better-spec'd portables dictate that I have to make do, however. I could get a new rMBP with a marginally faster CPU and marginally slower SSD, which would actually make the situation worse as I can't get one with more than 16GB of RAM and, thus, would still swap... to a slower disk. Oh, and I don't have $3200 to drop on, essentially, a downgrade; and yes, to maintain the same amount of storage as my current MBP, I would have to upgrade the SSD size (the upside being that *all* of that 1TB would be SSD, but I really wouldn't see any benefit from moving bulk media storage off of a spinning disk).

Sadly, my current MBP is the last portable Apple made that I find interesting. If I could get an rMBP with 32 or 64GB of RAM, that might change. A Mac Pro would be nice, but falls outside of my budget and would be much less useful when traveling, as my internet connection (and, indeed, the best I can get where I live) doesn't have decent enough upstream to allow me to interact effectively with the applications I would use it for, when remote.

The 17" models were a niche when Apple stopped selling them, yes; however, so was every other model they sold at the time. Now that Apple has clout with an demographic that's a bit more savvy than broke college kids who want to look cool, they could sell a 17" model to a much wider audience. Part of the allure to the larger models is the ability to cool a faster CPU more effectively and allow for more hardware configuration options; it's not all about screen size. There is a reason the 13" model comes standard with half as much RAM and you can't order it with the same speed CPU you can put in a 15"; and a 17" would allow for a yet faster CPU, possibly a second drive bay (alternately filling that area with more battery), and maybe a couple RAM slots to augment the on-board 16GB.

As someone who uses their machine to its potential, I'm certain you understand this, so this post is more directed at others who may read it than it is at you.

Re:$7142.85

[david_thornley]

The correct comparison is building something roughly equivalent in the areas you're interested in. You may well be primarily interested in computing power, in which case you probably don't want to buy a Mac. Other people may be interested in other things.

Re:$7142.85

[david_thornley]

You don't have to look rich; that stuff really isn't all that big a business expense, and I suspect most Mac Pros are used for commercial graphics.

Re:$7142.85

[Plumpaquatsch]

Really? I'll be the first to admit ignorance here. I don't know much about Apple and I won't pretend otherwise. I was under the impression that Apple bought components from Samsung, TMSC, etc. Out of genuine curiosity, can you point me to an IC that Apple recently designed?

The A7.

Re:$7142.85

[RyuuzakiTetsuya]

Everyone I know who has worked at an apple retail store who has sold a computer to someone who was looking for a machine with just that use case in mind has either directed them to a MacBook Air or an iPad. You're talking about people with more money than sense.

Though you're wrong about high res screens. The screen in the retina pros generally are taken advantage of by anyone who has eyes. The resolution is doubled but the OS interprets it as one point made up of a block of 4 pixels. So doing things like sub pixel manipulation makes everything look crisp and beautiful. I can't wait until this kind of thing is main stream. Going to even higher DPIs still has gains for the same reason, iirc. You can't see the pixel lines anymore, but that doesn't mean fonts get sharper or images look nicer. There's a point of diminishing returns, definitely, but I don't know if we are there yet.

Re:$7142.85

[phayes]

Reread what I said. I didn't say that I used the Mac II 10 years ago but that I was buying my first Mac since my Mac II (which, having been upgraded with an overclocked 68030 CPU daughter board had a very long useful lifetime).

Re:$7142.85

[phayes]

I use my rMBP every day at 1920x1200. The fact that it isn't at the "normal" 1440x900 upscaled resolution makes absolutely no difference as Apple's upscale then downscale to the retina resolutions is much clearer than the 1920x1200 15" screens I used up till the rMBP.

Your aftermarket SSD may blow away the SATA SSDs but certainly not the PCI SSD in the latest rMBP, right?

I'm a consultant & move around on a motorcycle between lanes of traffic (you can do that here which generally cuts over an hour off my transit time every day) which means that I carry the rMBP in my backpack every day. The rMBP's light weight is really appreciated. The one major failing I see in the rMBP is that there isn't a Kensington lock slot so that I could leave it cabled up in a non-secure location.

Apple won't go back into a niche market (retina 17"), & if you take a look at the retina class screen PCs, they've all got really glaring faults, starting with Microsoft's OS's poorly adapted to hi DPI & high battery use, really poor trackpads & inferior construction & materials.

The 17" was always a low volume beast, barely luggable as you yourself said. If you'd allow yourself to admit that your preconceptions might not be as correct as you think they are (I had the same ones), I'm willing to bet that you'd change your opinion (like I did).

Re:$7142.85

[phayes]

The Macbook's advantages go beyond powerful well integrated Unix.

I use my rMBP for the same reasons you do.
My mother is happier with her 15" MBP because she no longer has to bring it to me to clean out virrii etc every 2 months to restore normal function.
My daughter carries her 11 air around everywhere (notes in class, streaming at home, etc).

Methinks the parable of the elephant & the blind men applies to your reasoning of why people buy Macs & you don't see as many reasons people buy macs as I do.

Re:$7142.85

[NoImNotNineVolt]

Isn't that an ARM chip?

Re:$7142.85

[Plumpaquatsch]

Isn't that an ARM chip?

So? Are you claiming they didn't develop the chip because they made it compatible to an existing API?

Re:$7142.85

[NoImNotNineVolt]

I was under the impression that ARM Holdings designs chips. They don't even make them, they just design them and license the designs to their customers. If the A7 is an ARM chip but designed by Apple, what makes it an ARM chip? What did ARM do, if not the design?

If Apple just strapped memory, radios, etc., to an ARM-designed chip to make their A7 SoC, I'd argue that an overwhelming majority of the design was still done by the folks at ARM, as turning a CPU into a SoC isn't nearly as hard as making the CPU to begin with.

Although I grant that I could be wrong. Perhaps ARM just licensed the instruction set to Apple, and then Apple went and implemented the whole thing from the ground up. Is that what happened?

Re:$7142.85

[BronsCon]

Yes, you can *use* the display at that resolution; however, yes, it does certainly make a difference. Perhaps not for text, or vectors drawn by retina-aware applications, because the hiDPI subsystem will still render those at the native resolution, simply adjusting their sizes to scale; but for raster graphics, it most certainly does matter. With a raster, you either scale up by a multiple of the original or you lose sharpness. Why? Because when you scale up by a multiple (say 2:1, which is how hiDPI native scales), 1 pixel simply becomes 4, 2 in each direction; effectively, your pixels become bigger, but they don't change color or placement at all. The moment you start interpolating and antialiasing your output, you no longer have a display fit for graphics work.

If that's what you're using it for, then your resolution choices on a 2880x1800 display are, as I stated, 2880x1800 or 1440x1900. For everyday use, yea, fine, fuck it, run it at any damn resolution you want. If all you care about is the text on the screen, it'll still render at the native 2880x1800, size adjusted to match the hiDPI resolution of your choice.

And I never said the 17" was barely luggable, I simply said I have a smaller machine for travel. Before I had that and, in fact, before I had this 17" MBP, I used (and still have) a slightly larger, twice as heavy 17" PC as my primary machine. I lugged that fucker around with me *everywhere* I needed a computer without complaint. The 17" MBP is *light years* more luggable than that; I just see no need to take the machine that holds a decent amount of my personal data out in public, to potentially unsecure or unsafe locations where it may be stolen, so I take the smaller, cheaper, slightly less capable, but also devoid of personal data, machine with me instead. In a sense, though, I guess you're right; the weight of the potential data goldmine someone would find in this 17" MBP does weigh heavily enough so as to make it unluggable.

TL;DR: Don't infer people's reasons for things; you'll almost always be wrong.

Re:$7142.85

[phayes]

The difference between using the retina display at it's native 2880x1800 or pushing it to an interpolated 1920x1200 is invisible without a magnifying glass so your main objection is not justified. It is more fatiguing working on my 24" 1980x1200 screens where pixels are visible than on the the 15".

Compared to the rMBP, the 17" MBP is a luggable or you'd be using it instead of your 15" which is close to a pound heavier than the rMBP. You don't want to believe that that makes a difference, but then again, by your own admission you don't carry your 17" around much. Now you can move the goalposts of why you leave the 17" at home, but your original statement was

Anywhere else I need a computer, I bring my 15"

.

I note that you're not trying to defend your SATA SSD versus the PCI flash on the rMBP. Is it safe to assume that you now agree that the rMBP's solution is clearly faster?

Drawing conclusions from statements is actually fairly reliable, but not from people who change their position. I won't make the mistake of trying to infer anything from you in the future.

I'll continue to use my rMBP which I've discovered doesn't have the defects you think it does & when I eventually decide to upgrade, I'll have just the machine available: a newer rMBP with TboltV2, faster flash storage, next years Intel processors, Yosemite which is yet another step on the path of being optimized for retina displays + other goodies. You keep on using two separate Macs & bemoaning the fact that your tiny market segment is no longer served by Apple, or for that matter anyone else.

Re:$7142.85

[ogdenk]

Though you're wrong about high res screens. The screen in the retina pros generally are taken advantage of by anyone who has eyes. The resolution is doubled but the OS interprets it as one point made up of a block of 4 pixels. So doing things like sub pixel manipulation makes everything look crisp and beautiful.

While very cool, and I want one..... I can't justify buying the rMBP's... A cheap dual-core atom Thinkpad Tablet 2 running Win8 and a docking station meet most business desktop/mobile needs dirt cheap. While *I* would notice and make use of it, I can't justify it for my users.

I can't wait until this kind of thing is main stream. Going to even higher DPIs still has gains for the same reason, iirc. You can't see the pixel lines anymore, but that doesn't mean fonts get sharper or images look nicer. There's a point of diminishing returns, definitely, but I don't know if we are there yet.

As integrated video chipsets get faster and the displays get cheaper, it'll be mainstream. Like I said, I love the displays personally but I can't justify the additional cost. If the screen can do at least 720p then it's good enough in most use cases.

Re:$7142.85

[BronsCon]

The difference between using the retina display at it's native 2880x1800 or pushing it to an interpolated 1920x1200 is invisible without a magnifying glass so your main objection is not justified.

When you're doing graphics work, you often find yourself looking *that* closely at your display. Clearly, you've never done any real graphics-intensive work, or you'd fully understand where I'm coming from. Enjoy your crisp text, that's what the hiDPI resolutions on the retina displays are meant to provide; it's not my fault you don't understand the implementation of the technology you are using, what it does, and what its limitations are and how those limitations affect certain use-cases where precision is paramount. You can't see the difference because the difference doesn't matter to you; I'm not faulting you for that, but I'm also not going to argue that the difference *does* matter to people it matters to.

It is more fatiguing working on my 24" 1980x1200 screens where pixels are visible than on the the 15".

If the pixels on your display are visible, you're sitting too close to it. Personally, I wear glasses when staring at a monitor, so I can probably bring mine a little closer than you can before I have that problem. My eyes are odd, one focuses +0.25 diopters and the other focuses -0.25 diopters, both eventually correcting themselves over time, so if I'm working on multiple displays (typically 3) at very slightly differing distances, I have to wear what most people would consider "dizzy" glasses or suffer a massive migraine within an hour or so.

Drawing conclusions from statements is actually fairly reliable, but not from people who change their position. I won't make the mistake of trying to infer anything from you in the future.

When did I change my position? I did not. I did, however, clarify that position. You can insist, all you want, that I don't carry my 17" everywhere due to its size and weight, but insistence doesn't make you correct. I've given you the reasons for that, and it has nothing to do with weight.

It's dangerous to infer the motives of others who you do not know personally, because any such inferences will be based on your own preferences and experiences, which necessarily do differ from theirs; since you don't know them personally, you don't even have the slightest basis by which to compensate for this. Of course, we all do it, so I'm not judging you for that; however, when someone clarifies their reasoning, there is never a situation in which you are right to argue that; you are not them, you are not in their head, and you clearly don't know that person well enough to understand their reasoning, or you wouldn't have incorrectly inferred it in the first place.

Re:$7142.85

[BronsCon]

I should have put this in the same post, but it was getting long...

I'll continue to use my rMBP which I've discovered doesn't have the defects you think it does

That's fine. The machine works for you. However, the best Apple can do right now is a 15" machine with a *marginally* faster CPU, the same amount of RAM (yes, despite Apple's documentation, late 2011 MBPs can handle 16GB of RAM), and (thank you for prompting me to look at the disk performance of the current models, my previous benchmark was from 2012) a disk that's about 80% faster, but much smaller (unless I opt for the $500 upgrade). For a full list of my complaints on that front, see here and realize that the defects I see in Apple's current offering are more numerous than you seem to think. And no, your opinion isn't going to fix them, but 32GB of RAM and a physically larger display might.

Re:$7142.85

[RyuuzakiTetsuya]

While very cool, and I want one..... I can't justify buying the rMBP's... A cheap dual-core atom Thinkpad Tablet 2 running Win8 and a docking station meet most business desktop/mobile needs dirt cheap. While *I* would notice and make use of it, I can't justify it for my users.

I'd hate to be one of your users. The advantages of faster CPUs or fancy SSDs isn't in maximizing performance all the time, but rather day to day life with the machine gets nicer overall. A dual core Atom would be an awful day to day experience. Things will run, but not very well. Besides, how cheap is your company if you can't afford nice things for them? I'd hate to see what your bathrooms look like.

"Sure, a toilet would be nice, but a hole in the ground works just as well!"

As integrated video chipsets get faster and the displays get cheaper, it'll be mainstream. Like I said, I love the displays personally but I can't justify the additional cost. If the screen can do at least 720p then it's good enough in most use cases.

As of Ivy Bridge, integrated video is already good enough. OEMs are trapped on two sides. First, margins are slim enough already, trying to add decent components is a hit they can't afford to take. Second, does Windows 7 or 8 even support actual high DPI screens? Or is it stuck in 72 DPI hell?

Re:$7142.85

[phayes]

When you're doing graphics work, you often find yourself looking *that* closely at your display.

Really? Your eyesight is good enough to detect pixels clearly enough to make a difference in an image that has been rasterized at 3840x2400 & then interpolated down & displayed on a 15" 2880x1800 retina screen? Sure you can...

If the pixels on your display are visible, you're sitting too close to it.

Ah, so my being able to see the pixels of a 24" 1920x1200 screen is "sitting too close" but you can see interpolated pixels in a retina display.

Personally, I wear glasses when staring at a monitor

So do I now that age has hardened my lenses, but mine don't give me super telescopic vision the way you claim to have with yours.

you don't understand the implementation of the technology you are using

Snort, sure sport.

Clearly, you've never done any real graphics-intensive work

Ah, who's this attempting to draw conclusions and failing?

When did I change my position? I did not. I did, however, clarify that position

Righto, you just led with the equivalent of "I don't hit women" leaving out "but I do make sure my wife stays in line". The "clarification" doesn't change the position fundamentally, no, no, not at all...

In parting, because we're clearly done here, your incoherency & refusal to admit that your any part of position is wrong (ex: your aftermarket SATA drive is clearly slower than the recent rMBP's PCI flash) proves to me that my judgement of your character was well founded.

You believe that you're always right, any who disagree with you must be wrong so instances where you've been proven wrong fall into your blind spot so they can be safely ignored. Go back to using Windows, you're a bad fit with the Mac crowd.

Re:$7142.85

[BronsCon]

an image that has been rasterized at 3840x2400 & then interpolated down & displayed on a 15" 2880x1800 retina screen

When you're doing graphics work (note that I didn't say photo editing), your graphics are being rasterized at your *display* resolution. If that's not the native resolution of the panel, or some resolution that divides cleanly into that resolution, then yes, there is interpolation, and if your work requires pixel-perfect accuracy (a lot of clients want that and will zoom in and attack your work with a ruler to make sure they're getting it -- on the upside, you can charge for it), that display has become useless. And even if we do limit it to photo editing as your description implies, you still have no clue what's actually happening. Am I cramming the whole image onto the screen (as you implied) or am I zooming to 1:1 to fit as many *actual* pixels of the image onto the screen as possible? In the first case, you're right, it doesn't matter; in the second, well, ... I've already explained, in this paragraph, why the display is useless except at two specific resolutions.

but mine don't give me super telescopic vision the way you claim to have with yours.

And now you're just being an ass, that much is clear. Good day, sir.

Righto, you just led with the equivalent of "I don't hit women" leaving out "but I do make sure my wife stays in line".

Actually... I can't pass this one up... it's actually more akin to leading with "I beat my wife" and leaving out "but only when she threatens me with a loaded gun pointed at my head". To be clear, *my position* is that I don't carry my 17" places I don't need to carry it, and you've just admitted that this position hasn't changed; you inferred, incorrectly, that this had *anything* to do with weight, when the reality is that it has to do with limiting my exposure to potential data theft by preferring to carry a machine that doesn't contain all of my financials and personal info when I don't need to. You can keep insisting that this is not a valid reason to leave the machine at home or tethered to my desk at work and, instead, carry another machine (that the machine is physically smaller is a factor of cost, not weight) that doesn't contain that data, but insistence does not make you right.

your incoherency & refusal to admit that your any part of position is wrong (ex: your aftermarket SATA drive is clearly slower than the recent rMBP's PCI flash)

Oh? It's not my fault you didn't catch up on the entire thread before posting.

You believe that you're always right, any who disagree with you must be wrong so instances where you've been proven wrong fall into your blind spot so they can be safely ignored.

See above. This does, however, seem to quantify you fairly well, piping up about what someone who does graphics work needs in a display (which is *very* different from what your average user, gamer, or even someone doing video work, needs) when you clearly have no clue, then refusing to listen to sound explanations of why this is the case. Perhaps you'd find my posts more coherent if you actually read them with an open mind, rather than a staunch belief that what works for you must work for everyone else.

Go back to using Windows, you're a bad fit with the Mac crowd

I married a Mac fanatic, I work for a Mac-centric company, and my two best friends are Mac nuts; and all of that is going quite well. I'd say I'm a damn good fit for that crowd. I'm not a part of it, though; I want a UNIX system with a well-supported UI; that's the crowd I'm in, and I'm loving it, thank you. I also never left Windows; I use it *a lot* for testing. Oh, I also use Linux, when it's the right tool for the job. I don't evangelize any platform, which is what you're doing here.

Peace be with you, friend.

shift of blame.

[Antony+T+Curtis]

Once upon a time, the retailer would have to take the blame for this because it is the retailer who is supposed to make the call to the financial institution on the retailer's own phone line, not using the cardholder's phone or trusting the cardholder's ability to dial the number.

Unfortunately, the retailers are successfully using the police to cover for the incompetence of their staff.

Re:shift of blame.

[Sockatume]

Well, it takes two to tango: the Apple Store to somehow fail to train their employees in the most basic principles of performing a card transaction, and this guy to exploit the error.

Re:shift of blame.

[gstoddart]

No matter how stupid Apple was to fall for this, and how much they disregarded good practice, this is still definitely fraud.

Why wouldn't they call the police?

Re:shift of blame.

[NewWorldDan]

Fraud is fraud. They aren't going after the banks, just arresting the actual criminal.

This scam is nothing new. I fell for it once 20 years ago when I was 18. The customer told me I needed to use the number printed on the card to get an authorization code. Being 18 and not knowing any better, that's what I did. Everything seemed legit during the phone call, I punched it in to the card system, and the scammer walked away with a very nice laptop.

Now that I know how the scam works, I could easily spot it and have the guy arrested. Asking the typical register jockey to do so? Not likely. I'm actually a little surprised that override codes are still a thing. The last time I worked a register (about 13 years ago), a declined card was a declined card, no exceptions.

Re:shift of blame.

[rahvin112]

Given that the claim is they defrauded Apple my guess is the bank told Apple they were going to eat the charge for not following procedures. Apple called the police because they've been defrauded.

Because Genius here used his own name in the transaction it becomes rather trivial for the police to put the guy in prison. Here's a secret, the easiest way to get the police involved in some crime is to make it incredibly easy for them to investigate and get a conviction, particularly with some victim that will draw big press. This case was handed to them on a silver platter (I'm sure Apple handed them enough to get a conviction) by a company that is sure to get lots of press attention, the chances that this guy wouldn't be prosecuted for fraud is non-existent.

Re:shift of blame.

[hawk]

Ehh, I think that's on Sprint, not Apple . . .

Not that I'm annoyed that I can't get a Sprint signal at my regular courthouse, and end up roaming on Verizon . . .

hawk

Re:shift of blame.

[Antony+T+Curtis]

It has been around 20 years since I was in a shop environment but I remember that we were explicitly told by the shop's bank that the only valid and acceptable source for authorisation codes was the shop's bank itself and any other number will be invalid because the POS will accept any random number. The phone number to call is the same number as the phone number to call for authorisation when using the old-fashioned card impress when the POS machine was not working.

Cult of Personality

[FutureRobertOverlord]

Have you never been to an Apple store? They charge $20 for a freaking USB to iPod cable. Think different (like everyone else).

This is an Apple/retailer fail

[xxxJonBoyxxx]

From TFA:
>> merchants can be liable for charges if they override a credit or debit card denial in this fashion

>> In (another) case...after defrauding Victoria’s Secret, Banana Republic, and several other retailers out of $557,690 in the same manner, which is known as a “forced sale” or “forced code.”

I think the operational problem here is that store managers have the authority to override denials to boost their own sales numbers...while the risk for bad credit decisions may fall on the owners.

Re:This is an Apple/retailer fail

[jythie]

In the past at least the credit card processing networks could be kinda glitchy, and stores needed a way to manually work around that. With my old bank half the time my card would come back declined depending on which upstream provider any individual stores was using. Most of the time they would just fall back on those old carbon paper slidy things.

Re:This is an Apple/retailer fail

[luciano.moretti]

The Cafeteria at my old work processed all credit transactions at the end of the day in a batch. We had to cancel our credit cards and I accidentally ran the old card through at the cafe. It worked fine, but I got an email the next day asking for me to come down to settle it because the card had been declined.

They weren't processing hundred dollar transactions though, and the risk was low as almost everyone was an employee of the company.

42

So the ultimate question to life and everything is: "How many times was Apple ripped off by an single individual?"

What a strange title.

[Atzanteol]

Does the fact that the guy was 24 have any bearing on the story what-so-ever? Why not say "scam artist" or something more generic?

Re:What a strange title.

[kwoff]

Maybe it is a steganography key, color #244216

Re:What a strange title.

[ehynes]

they left out the fact that Sharron was a guy.

Did you miss the word "his" in the first sentence?

Re:Stealing

[rogoshen1]

lowlife as he may be, running this still took some moxy and guile. he could easily fit in with a sales team somewhere (pharma perhaps?). he might need to lower his ethical standards a bit, but that's something they teach on the job methinks.

Exploited procedural loophole

[John3]

Based on TFA this scam has been done before to other retailers. When a merchant receives a "decline" they can optionally call the bankcard processor to obtain a verbal authorization code. The merchant can then "force" the sale to go through using the authorization code they received over the phone. The two huge procedural holes that Apple (and the other retailers) left open are:

1: The clerk is the one that should be calling for an approval code, and the call is made not to the cardholder's bank but rather to the bank that processes the cards for the retail store. It doesn't matter what the customer's bank says (or in this case the fake bank) since the approval/authorization code must come from the retailer's bankcard processor.

2: At my store a manager override is required to "force" a bankcard approval. So even if the clerk makes the call and gets a voice approval code a manager/owner must also provide a password to allow the approval to go through. Apparently Apple has no such security check in place and clerks tan type a manual code into the POS system to force the sale to go through.

Amazingly simple scam, but also amazingly simple to prevent if the stores involved had even rudimentary procedures in place.

Re:Exploited procedural loophole

Wish I had mod points. The stores were the dumb asses to allow their cashiers to just punch in any code the customer told them.

Re:Exploited procedural loophole

[captain_nifty]

A simple work around is to alter the phone number on the card to a number you control.

Then the retailer could call the number receive the code from your accomplice and provide a valid false code.

Re:Exploited procedural loophole

[tomlouie]

> 1: The clerk is the one that should be calling for an approval code, and the call is made not to the cardholder's bank but rather to the bank that processes the cards for the retail store. It doesn't matter what the customer's bank says (or in this case the fake bank) since the approval/authorization code must come from the retailer's bankcard processor.

Read again, the clerk should be calling the store's bank, not the customer's bank.

Re:Exploited procedural loophole

[John3]

A simple work around is to alter the phone number on the card to a number you control.

Then the retailer could call the number receive the code from your accomplice and provide a valid false code.

The retailer doesn't call the number on the card, the retailer call's the merchant service center. For example, customer has a Chase Mastercard and when Apple tries to post a transaction the card receives a decline. Apple would never call Chase, but instead calls their provider (which at my store is First Data Merchant Services). Apple's provider in turn electronically contacts Chase and then provides an approval code back to the clerk. The customer (or scammer) never has an opportunity to change the phone number unless they physically get behind the checkout counter and overwrite the numbers that are posted for the retail clerks to use. So it doesn't matter what phone number is on the card, that number is for the customer's use and not for the merchant's use.

Re:Exploited procedural loophole

[Sockatume]

Every time I've done it, it has been the customer's bank on the other end of the line.

Re:Exploited procedural loophole

[__aaeihw9960]

Both times I've done it, though, I used my phone to look up the generic number for the credit card company. Don't blindly trust anyone* and use their number on their card. God only knows where that's actually going.

* Except Google, apparently. . . . Yikes.

Re:Exploited procedural loophole

[Cyberdyne]

The two times I've had in-store card referrals (high value transactions: the first time was buying a P3 laptop, which was quite high end in those days; the second was furnishing a new apartment after moving to Houston), I'm pretty sure it was the issuing bank ultimately handling the call - I can't imagine the bank would have transferred the personal information they were asking for as a security check to the merchant services provider: past unlisted contact details, previous transactions etc. I suspect the call may have been transferred to them, though, rather than called directly.

I had a similar issue this year with British Telecom working on a broadband fault. The service manager wanted to speak directly to the field engineer working on the fault (different divisions: the engineer's BT Openreach, the manager was BT Wholesale) - but the Openreach guy said he couldn't call the Wholesale one directly. So, the Wholesale one called my number and asked to speak to him ...

Re:Exploited procedural loophole

[John3]

Occasionally the merchant services provider will ask to speak with the customer, and they also will contact the issuing bank. However, the entire call is handled over the initial call that was made to the merchant services provider. Once the merchant services provider speaks with the customer the retail clerk gets the phone back and it is at that point that the merchant services provider gives the clerk an approval code to use.

Note that for American Express and Discover the retail store calls their processing center directly. That's because they handle their approval system and they will frequently speak with the customer to verify security details. But the Amex number for merchants is an entirely different number than the one on the cards themselves, and the retail clerk initiates the call and speaks with the representative.

Re:Exploited procedural loophole

[Plumpaquatsch]

Amazingly simple scam, but also amazingly simple to prevent if the stores involved had even rudimentary procedures in place.

Well, too bad the article only mentions how many times the trick worked, not how many times it failed.

Re:Exploited procedural loophole

[Sockatume]

In my case my terminal always told me what number to call.

What does his age have to do with it?

[hubie]

I can see putting it in the summary, but what relevance is his age to put it in the headline? If not 24, what age am I supposed to expect for someone who would pull off this kind of scam?

Re:What does his age have to do with it?

[Stan92057]

details people like details. not something you have to like but people love the details. If it wasn't mentions people who say who was it why didn't they......

Re:What does his age have to do with it?

[hubie]

I agree with you, and I've got no problem mentioning his age in the article, but to mention it in the article headline suggests there is some relevance of his age to the story.

I worked in retail a long time

[singularity]

I worked retail for a long time, including an Apple Store. I cannot remember the policies at Apple when I was working there, but most places will not take a verbal approval code.

If the person on the other end of the phone (generally you get to them by calling the 800 number on the back of the card) has the ability to run the transaction, they have the ability to clear whatever prevented the card from going through the first time. They would have to - they have to clear the hurdle before they can run the transaction themselves.

So policy at most places is that the telephone operator clears the issue (usually it is a daily spending limit that card issuers never mention) and then the store runs the card again. There was no procedure for manually entering a verbal approval code.

My memory of Apple Retail (this was '04-'06), however, is that they had almost every contingency covered. The POS machines all had USB modems attached so that in case the Internet went down at the store, credit cards could still be processed. We even had the old CH-CHUNK imprint devices when everything went pear-shaped. I do seem to remember having the ability to enter a manual authorization code for a credit card transaction. It is Apple Retail - there are supposed to be no hurdles keeping a Specialist from keeping a customer happy.

Re:Arrest the Credit Card Issuers?

[gstoddart]

No kidding, any system which comes down to "I have a number, trust me" is pretty flawed.

Obviously, Apple was doing something wrong since they're on the hook for it, but you'd really think there would have to be some validation inherent to this.

This sounds like it boiled down to "declined, declined, declined, OK, go ahead". That's crazy.

Re:Arrest the Credit Card Issuers?

[Sockatume]

It's more like "well, I don't have any money, but I swear that my bank just sent a cheque to your bank covering the transaction, here's the reference number".

Re:What a dipshit.

[EmagGeek]

The bigger dipshits are the cashiers who were stupid enough to fall for it.

Who were they calling?

[crow]

So they weren't calling the bank, but obviously they were calling someone. Did the store employee actually speak with someone, or did he manage to fake the call entirely? Presumably he had an accomplice who was pretending to be the bank. Did they track down and arrest that person? I didn't see it in the article.

Re:Who were they calling?

[damn_registrars]

So they weren't calling the bank, but obviously they were calling someone. Did the store employee actually speak with someone, or did he manage to fake the call entirely? Presumably he had an accomplice who was pretending to be the bank. Did they track down and arrest that person? I didn't see it in the article.

I believe it said that the culprit was making the call himself (likely from his own cell phone) and then giving the "code" to the cashier. Whether or not he was talking to anyone at all is not clear, he might have been calling some unanswered number and just talking into air to make the con look legit.

Palindrome

[Tablizer]

At 42 he'll only do it 24 times. Slowin' down.

Re:Arrest the Credit Card Issuers?

[hawkinspeter]

The credit card issuers do have some security in place - they confirm the identity of the card-holder with various questions. However, in this case, the credit card company weren't contacted and were obviously unable to confirm or deny the card-holder's identity.

Re:Arrest the Credit Card Issuers?

[VGPowerlord]

It sounds like the real scammers are the credit card issues that have a system in place to override that has ZERO security in place.

The security is supposed to be that the retailer is supposed to call the bank themselves to verify it. Which they didn't do.

At the risk of asking the obvious

[NEDHead]

How many digits is that code...?

Re:Arrest the Credit Card Issuers?

[naughtynaughty]

Yep, Apple was doing something wrong, they got social engineered into not making the call to the bank themselves. The validation is calling the bank yourself and not letting some scam artist pretend to call the bank and then hand you the phone or read off an alleged authorization code.

Re:Lack of security with Credit/Debit

[naughtynaughty]

Why would you take the gas station to small claims court for accepting a stolen credit card that was yours? You dispute the charges with your bank and get the money back. It is never the merchant that overrides your overdraft protection and allows the transaction, it is your bank.

Re:Stealing

The worst people I have ever met were all employed and contributing members of society. Drawing a line between the poor and decency is horribly bigoted and you should be ashamed of your ignorance. Good day sir.

Any idea how they caught the guy?

[91degrees]

Was he using cards with his own name, or should he simply have called it quits the 41st time?

Re:apple store

[bobbied]

I walked in once ... and couldn't figure out how to buy something so I left !

Seriously? So I'm to assume you didn't speak English because every time I've been in an Apple store I've been approached multiple times with "How can I help you?" questions from the staff. I'm sure if I said "I'd like to buy an iPad" they'd know what to do with my credit card..

Beyond stupid

[superdave80]

That Apple even accepts this is ludicrous. Just tell the guy, "Look, we have a whole store full of this shit. It will be here tomorrow. Or the next day. Or the day after that. Come back when you clear your crap up with your bank, and THEN pay for it."

Re:Beyond stupid

[EvilJoker]

Apple stores routinely set off fraud prevention, because thieves like to target Apple. Apple gear is easy to fence.

There are a number ways to handle this properly, but they clearly didn't follow any of them.

Sharron Laverne?

[fuzznutz]

Should I assume his parents REALLY wanted a girl?

With a name like Sharron Laverne

[sproketboy]

He should just call himself "Sue" and be done with it.

Re:A 24 year old BLACK...

[jsepeta]

pretty terrible comment there. but if he was African american, then that explains his name. there's a whole chapter on that in Freakonomics.

numbers, what are they for?

[polandr]

I had an issue with my Mortgage company, they increased my escrow and didn't inform me until I shorted them on the monthly payment.

I attempted to make an additional payment online, but their online processing page was broken, so I had to fall back to using a telephone. (egregious, I know!)

After giving payment information over the phone, the customer care representative asked me if I would like the confirmation code. Normally I don't take note of such things, but I thought, "mortgage important, numbers important" and noted it in my notebook I carry.

A few days later I start getting phone calls and emails and letters, "you are late on your mortgage, pay now or die!"

I call and say, "WTF? I payed!"

They say, "STFU, you didn't!"

I say, "I have confirmation code, muthaeffas!"

They take the code, and tell me, "sorry, this code doesn't exist in our system". (I even gave them the name of the customer service rep that gave me the code! In addition, in their manual call log they show that a confirmation code was given to me...)

It's shocking that we go through all the motions while failing at understanding the purpose of the activity...

Re:numbers, what are they for?

[Stan92057]

Man you NEVER pay mortgages with anything other then a check or a money order ever. use of anything else means you are not protected you can always show a check that passed and Money orders as good as it gets unless you used counterfeit money. Code lol that's only good for claims with no money involved like sending back a broken product.

Re:numbers, what are they for?

[naughtynaughty]

Money orders? Really? How does that easily prove you paid someone? You have a stub, you don't have a copy, you don't have proof it cleared, you have pretty much nothing. A credit card is actually a pretty good way to pay, if you can find a mortgage lender that will take a credit card and not charge a surcharge please let me know ASAP. With a credit card you get a statement that shows $x was paid to the Bank of ABC on a particular date. That's as good as a canceled check or a direct debit from your checking account. A direct debit from your checking account is also as good as a check and a better way of paying if you want to avoid late fees. With a check you are at the risk of the USPS and a late fee from your mortgage servicer and a ding on your credit report if the USPS doesn't come through or your mortgage servicer loses your check. Paying with a check via the mail is better than paying with a money order via the mail but not much. If you have ever tried to get your money back from a lost money order you would understand the other risks of using money orders. It is time consuming and expensive.

Re:numbers, what are they for?

[reikae]

I don't understand. I pay all my bills online with a wire transfer. If I didn't trust my bank to keep records of transactions why would I trust them with my money in the first place?

Re:numbers, what are they for?

[Stan92057]

Well as they say shit happens. I agree with you for sure, but in this day and age you cant trust anyone and that is very unfortunate.

Re:numbers, what are they for?

[Stan92057]

Sure ya have proof, Money orders a pure cash exchange no cash no and its not the only idea I said so relax. But there are NO perfect ways of doing it, not even handing cash from one hand to another without a receipt of some kind.

Who authenticates to whom?

[Chelloveck]

What kind of numbnuts trusts a phone number given to them by the person being authenticated? "Here, call my accomplice-- er, I mean account rep, and he'll verify me." Yeah, pull the other one.

Unfortunately, even my credit card issuer can't get this right. They called me about some charges. "Now sir, to verify that I'm really talking to the account holder, what is your social security number?" Um, no. YOU called ME. You can reasonably assume that the phone number you have on file for me is valid. It's up to YOU to prove to ME that you're from my credit card company. "But sir, we ask this for your own security..." Eventually I got them to give me a ticket number so I could call the number printed on my card and get back to them. Turns out it actually was my issuer calling, not a scammer. Guys, you really should know better!

Re:Who authenticates to whom?

[vux984]

. You can reasonably assume that the phone number you have on file for me is valid.

For what its worth, I would never say that is a reasonable assumption. Half the time I do anything major with the bank i have to update all sorts of outdated contact information. You can rightfully argue that I should be more on top of advising them when things change -- but the bank can't reasonably assume that I've done so.

They absolutely should verify they have reached who they intended to call.

That said, you, of course, are 100% correct in that you shouldn't ever hand over your SSN to some yarbo calling you claiming to be from your bank either. So everything about what you did was correct -- the only point I'm making is that your argument that the bank should reasonably assume they've reached the right person wasn't valid. They absolutely need to validate they are speaking to the right person too.

Re:Who authenticates to whom?

[Stan92057]

"What kind of numbnuts trusts a phone number given to them by the person being authenticated"

A Poorly trained employee or an Employees who IS the accomplice that's who.

Re:Who authenticates to whom?

[reikae]

Telling the customer to update the contact information and then calling the customer again is the only good method I can think of right now. Anything else relies on the customer giving out more or less sensitive information to the caller who may or may not be working for the bank.

Re:Who authenticates to whom?

[vux984]

The poster I was responding to got it right.

Bank calls the customer to advise them of the need to communicate, gives the customer a ticket number, and simply asks the customer them back.

The customer must call the bank back at a "trusted number" they have for the bank -- not a number the person calling them gives them, but the one on the back of the card the customer is carrying, or the one on their bank statements, etc.

Re:Stealing

[HornWumpus]

Moxy and guile? No.

It's a 20+ year old scam. He likely had a friend working for the store who clued him in on Apples cluelessness.

If he had scammed 34 individuals of this kind of sum, the cops would have taken 34 reports and done _nothing_. But the feds have buildings full of cops dedicated to protecting the banks.

shift of blame.

[Cyberdyne]

it is the retailer who is supposed to make the call to the financial institution on the retailer's own phone line

To be fair, the Apple Store staff tried phoning on their own iPhones first, but none of them could figure out how to hold it to get a signal, so they had to borrow the customer's phone instead...

Re:Arrest the Credit Card Issuers?

[bws111]

The retailer NEVER calls the customers bank. They call their OWN bank, who will contact the card issuer using already known information.

He didn't get away with anything

[Stan92057]

He didn't get away with anything he's behind bars where he belongs. Blame poor police work, Poor training by Apple for him getting away with it for so long.

Re:What a dipshit.

[damn_registrars]

The bigger dipshits are the cashiers who were stupid enough to fall for it.

Because they were doing their jobs as described? They didn't know they were entering bogus numbers. The procedure should have had the cashier - not the customer - calling the bank, but that didn't happen. It's unclear at this point why it went this way.

We're not telling you the length of the code...

[damn_registrars]

I love that the article says it won't say how long the code was. If it is still as it was back when I worked retail, then it is a 6 digit code. Whoop-de-freaking-doo. Not like people couldn't have figured that out by trial and error.

Re:A 24 year old BLACK...

[Stan92057]

is a black American.

Secret Service?

[gatfirls]

They investigate retail fraud/theft now? Don't they have better things to do? You would think once discovered it would be pretty easy for the store to identify the person and forward the information to the police.

Re:Arrest the Credit Card Issuers?

[naughtynaughty]

Yeah, it is impossible to independently find a phone number for a bank. You would need something like a national phone directory or a way to search online and those haven't been invented yet.

re: expired cards

[King_TJ]

I'm wondering though if presenting one's own expired/cancelled cards for transactions wouldn't set up some kind of data trail leading back to you, with scams like this one? We don't really know how the guy was finally caught -- but I'd have to think repeatedly presenting a known cancelled card for a transaction and causing it to be rejected would set up red flags someplace?

I thought in many cases, the merchant would just receive a "capture card" notification when this was tried?

POS software

[penguinoid]

I guess someone didn't know the difference between POS software and POS software.

It's like Office 95 CD Keys... except LESS secure!

[mdelcorso]

Remember CD keys on Office 95 that were xxxx-xxxxxxx where the validation was if the 7 digits at the end, when summed, were divisible by seven the key was good? So 1111-1111111 was a valid key?!

This is the same thing 20 years later! Nobody learns!

How many times

[LordWabbit2]

How many times did he try this and it didn't work? He just kept trying until he got one lazy/incompetent teller and bingo! Scam!

Re:Arrest the Credit Card Issuers?

[Plumpaquatsch]

a lot of times legit charges get denied due to some fraud alert when travelling or some other algorithm being tripped you need a system to override it if you call your bank and prove who you are

And that system should have no security at all, because?

Nothing to add but...

[Alioth]

I've nothing really to add, but why does the perpetrator in this case have a girl's name when it's quite clear he's a man? Is naming him Sharron a bit like the boy named Sue?

re: Apple

[King_TJ]

Well, it's not *quite* like that....

What Apple does on the computer side of things is generally stocks 2 to 3 configurations for each product in the lineup. So you can choose from a "base model" or an all around upgraded form of that, or in some cases you get a "low", "mid spec" and "high spec" config. to pick from.

All of the other combinations would be custom orders that aren't stocked.

Right now, they actually have 5 product lines: Macbook Air or Macbook Pro for laptops, the Mac Mini, the iMac and the Mac Pro workstation.

That's why I said I was a little surprised the maxxed out configuration was in the store, ready to sell. It's not something you can select on the website without manually picking the highest end pre-configured model and then manually choosing several options to upgrade various components further.....