There’s a man in the booth next to me, jabbering into his phone. Apart from sounding terribly loud, he also seems agitated. He keeps saying, “Plastic Benz” so often that, at first, I think he’s announcing a revolutionary new car model, one that’s going to rival the new driverless cars that are being talked about as the next best thing on wheels. But no, what he’s really saying is “plastic bends”!
Of course, everybody knows that, in the same way we know that “paper folds”. Turns out, however, he is not distraught because plastic bends, but because someone has also shown him that plastic isn’t the only commodity that can be bent. Rules can be bent, too. Anyhow, to cut the guy some slack, I learn that he’s actually in conversation with a bank manager and it has to do with his credit card.
The penny drops: Credit card/plastic! So, what’s happened to his credit card? From what I overhear — without even trying to eavesdrop — his card got hacked. A series of small withdrawals started showing up for the exact same amount, and the bank, immediately suspicious, followed the usual procedure by asking him if it was indeed he that was withdrawing said small amount and upon hearing that it wasn’t him, immediately blocked the card.
‘Right’, one might say. Well done. ‘The system is working’.
But no, it isn’t. Not quite properly. The man apparently has been informed that a new credit card is being issued. It will have a new number etc etc. “Now my problems will begin,” laments the man. “I will have to start informing all the people who I have automatic debit transactions with, to change my billing details. Do you know how long it can take to get through to companies and their billing departments?”
Which brings me to my point: Shouldn’t such information be shared with a person who’s been hacked? Otherwise, what’s to stop him from committing the same error again?
Sitting in the adjoining booth, I think I can sympathise with that. I have been kept waiting on corporate lines so long, listening to piped music, that I’ve actually forgotten what I wanted to contact them about in the first instance. I’ve usually blamed this on the entrancing effect of the music, not my failing memory! Anyhow, the man in question is annoyed.
Which is putting it mildly, for his voice is registering distinct signs of agitation. He wants to know when the roughly Australian $1,500 (Dh3,990) will be returned to his account.
I’m not sure he’s happy with the answer because he asks how long this investigation is going to take. He also tells the bank person he thinks he knows roughly where the hacking may have occurred. He says he’d bought some petrol recently and, when using his card to tap against the machine, was told by the attendant that the transaction hadn’t gone through.
“Could you hold the card against the machine a little longer once more?” asked the petrol store cashier. “I’ve never been asked to do that before. My card has always worked fine,” the man now tells the banker. Apparently, the banking people already have this information. “Can you tell me if my suspicions are right and, if not, then exactly where this hacking might have happened?” he asks. I think the bank person on the other end says no they can’t. It is all part of the investigation and possibly he’d never know.
Which brings me to my point: Shouldn’t such information be shared with a person who’s been hacked? Otherwise, what’s to stop him from committing the same error again? But no, as the bank says, it’s all a part of a policy of confidentiality! What about obligation to a customer who’s placed his finance in your trust? But I don’t know. At the end of the day, I’ve just got hold of one side of the conversation. And a coin, as we know, has two sides.
Kevin Martin is a journalist based in Sydney, Australia.