TRWTF is Charles Schwab: IP addresses used to verify physical address.



  • About a year ago I oppened up an IRA at charles schwab, my long time broker. I did it from my work, which uses a VPN. This is because the company stores a lot of classified data under a mountain some where in the middle of no where; their main servers are also under this mountain. Please keep in mind, this mountain where we all VPN into is a few states over from my office and my residence.

    Any way fast forward a YEAR to last week and get a bunch of letters telling my that my online payments; car loan, credit card, ect, failed to go through because my account was closed! No one bothered email me or call me when my account was locked! Adding to the WTF, the day before I recieved the letter a pay check failed to get into my bank account; calling about it, they said the account numbers were prbly off; no one mentioned my account being locked!

    Any way, when I called in today they said that they had to lock my account because when I opened my IRA a year ago, the IP address did not match my listed address. I had to anwser a bunch of geography questions to get them to unlock it. I tried to explain to them all the reasons tracing ip addresses cannot prevent fraud, but of course it was useless, they were just phone jockies.

     But the Patriot Act requires us to verify addresses! Not with IP addresses retards! That's not verifcation!

    After my meeting today I am going to close my account, their trades are expensive as shit anyway.



  • @this_code_sucks said:

    About a year ago I oppened up an IRA at charles schwab, my long time broker. [...] fast forward a YEAR to last week and get a bunch of letters telling my that my online payments; car loan, credit card, ect, failed to go through because my account was closed!

    So you pay your credit card with your retirement money? You should call that woman from "Til Debt do us part", I think you need to use her jars system for a while.



  • @this_code_sucks said:

    of course it was useless, they were just phone jockies.
     

    That's easy to explain.  Schwab makes a point of noting in their employment postings that they won't even consider hiring anyone who's been out of college for more than eighteen months, which to me is saying "nobody here has any experience".



  • I do agree that this is a WTF, but I also think it's a pretty good idea to lock out access for non-US IPs (or at least Chinese and Russian IPs..) It could be a default that you could have lifted if you are a business traveler who, for some reason, does not have access to a VPN.



  • @Speakerphone Dude said:

    So you pay your credit card with your retirement money? You should call that woman from "Til Debt do us part", I think you need to use her jars system for a while.


    I have three accounts with them, checking, normal trading, IRA.

    Trust me, I don't need debt help.


    @morbiuswilters said:
    I do agree that this is a WTF, but I also think it's a pretty good idea to lock out access for non-US IPs (or at least Chinese and Russian IPs..) It could be a default that you could have lifted if you are a business traveler who, for some reason, does not have access to a VPN.


    Just different state, not a different country; BUT they did not even block the transaction!!!!!! It went through fine. But then they blocked my checking account; A YEAR LATTER!



  • @this_code_sucks said:

    @morbiuswilters said:
    I do agree that this is a WTF, but I also think it's a pretty good idea to lock out access for non-US IPs (or at least Chinese and Russian IPs..) It could be a default that you could have lifted if you are a business traveler who, for some reason, does not have access to a VPN.


    Just different state, not a different country; BUT they did not even block the transaction!!!!!! It went through fine. But then they blocked my checking account; A YEAR LATTER!

    Oh no, I know. And trying to verify an address via IP is stupid. But preventing fur'ners from logging into our accounts is still a good idea.



  • @da Doctah said:

    @this_code_sucks said:

    of course it was useless, they were just phone jockies.
     

    That's easy to explain.  Schwab makes a point of noting in their employment postings that they won't even consider hiring anyone who's been out of college for more than eighteen months, which to me is saying "nobody here has any experience".

    Last year I worked for a company that likes to employ graduates, yet somehow myself and two other experienced workers managed to slip past that restriction. During the company annual meeting we were sitting there listening to the president give his little talk and all of our jaws dropped when he came out with statements about how experienced people were a liability as we were too set in our ways to learn how things should be done in that company. Yet us oldsters could all see how badly the youngsters were stumbling around and just failing at producing anything resembling quality work, and how management was setting itself up to fail.

    A couple of weeks ago I saw a quote (can't remember where) that did seem to explain things:

    Q. Why is employing a graduate like having sex with a virgin?
    A. Because neither one knows how badly you are screwing them



  • @OzPeter said:

    @da Doctah said:

    @this_code_sucks said:

    of course it was useless, they were just phone jockies.
     

    That's easy to explain.  Schwab makes a point of noting in their employment postings that they won't even consider hiring anyone who's been out of college for more than eighteen months, which to me is saying "nobody here has any experience".

    Last year I worked for a company that likes to employ graduates, yet somehow myself and two other experienced workers managed to slip past that restriction. During the company annual meeting we were sitting there listening to the president give his little talk and all of our jaws dropped when he came out with statements about how experienced people were a liability as we were too set in our ways to learn how things should be done in that company. Yet us oldsters could all see how badly the youngsters were stumbling around and just failing at producing anything resembling quality work, and how management was setting itself up to fail.

    A couple of weeks ago I saw a quote (can't remember where) that did seem to explain things:

    Q. Why is employing a graduate like having sex with a virgin?
    A. Because neither one knows how badly you are screwing them

     

    I think hiring someone based soley on experience, or lack of; are both huge wtfs. Hiring should be based on skill first; the end result should be a good mix of experience levels.



  • @morbiuswilters said:

    But preventing fur'ners from logging into our accounts is still a good idea.
     

    A few years ago we moved offices and our old ISP was not available in the new premesis so we had to change. This changed our IP address to 14.x.x.x, which was a brand-new allocation with APNIC. We couldn't access about half the Internet due to old bogan filters. Interestingly we have two VPSs with the same host (in the States) and we could access one but not the other. It's a bit of a bugger that Australia has to share class A ranges with China.

    I was at the Apple store a few weeks ago on their wifi (at least an order of magnitude faster than our office wifi) and Facebook asked me to verify stuff. I wonder if the public IP address was in a different country?



  • @Zemm said:

    It's a bit of a bugger that Australia has to share class A ranges with China.

    Nobody should be filtering based on the first octet. The actual IP should have shown as allocated to an Australian ISP.

    @Zemm said:

    I was at the Apple store a few weeks ago on their wifi (at least an order of magnitude faster than our office wifi) and Facebook asked me to verify stuff. I wonder if the public IP address was in a different country?

    Naw, Facebook is pretty paranoid nowadays, they'll challenge you even if the IP is in the same country.



  • @morbiuswilters said:

    @Zemm said:
    I was at the Apple store a few weeks ago on their wifi (at least an order of magnitude faster than our office wifi) and Facebook asked me to verify stuff. I wonder if the public IP address was in a different country?

    Naw, Facebook is pretty paranoid nowadays, they'll challenge you even if the IP is in the same country.

    They want me to verify the device even if one logs in using a different browser on the same computer.



  • @this_code_sucks said:

    I think hiring someone based soley on experience, or lack of; are both huge wtfs. Hiring should be based on skill first; the end result should be a good mix of experience levels.
    My and my colleagues hiring was based on skills .. skills that were obtained through experience in the industry. But given that this company had a 20% staff turnover last year, it was the skill soy the management team that are more in question.



  • @this_code_sucks said:

    After my meeting today I am going to close my account, their trades are expensive as shit anyway.
    Well, you know how to do that now, although it may take up to a year to process.

     



  • @morbiuswilters said:

    Nobody should be filtering based on the first octet. The actual IP should have shown as allocated to an Australian ISP

    A lot of GeoIP databases are woefully out of date. I used to work at an ISP in the UK who had a bunch of ranges (mostly /18's & /19's). One of those ranges used to belong to an Italian company, and 80% of the time would be identified as being in Italy, despite the range not being allocated to anyone in Italy for at least five years.

    14/8 has a bit of a weird history so it wouldn't surprise me if a lot of sites had no real idea where in the world an address in that range might be.



  • @OzPeter said:

    @this_code_sucks said:
    I think hiring someone based soley on experience, or lack of; are both huge wtfs. Hiring should be based on skill first; the end result should be a good mix of experience levels.
    My and my colleagues hiring was based on skills .. skills that were obtained through experience in the industry. But given that this company had a 20% staff turnover last year, it was the skill soy the management team that are more in question.

     

    Yes, but does everone with industry experience code well?

    We have all worked with someone with a decade of experience who can't manage anything more than hello world. It's not how much time you've been in the industry, it's how much you've learned while you're there.

     



  • @Vanders said:

    @morbiuswilters said:
    Nobody should be filtering based on the first octet. The actual IP should have shown as allocated to an Australian ISP

    A lot of GeoIP databases are woefully out of date. I used to work at an ISP in the UK who had a bunch of ranges (mostly /18's & /19's). One of those ranges used to belong to an Italian company, and 80% of the time would be identified as being in Italy, despite the range not being allocated to anyone in Italy for at least five years.

    14/8 has a bit of a weird history so it wouldn't surprise me if a lot of sites had no real idea where in the world an address in that range might be.

    Well, yeah, if you use an out-of-date database, you're gonna get poor results. So don't do that.



  • @morbiuswilters said:

    I do agree that this is a WTF, but I also think it's a pretty good idea to lock out access for non-US IPs (or at least Chinese and Russian IPs..) It could be a default that you could have lifted if you are a business traveler who, for some reason, does not have access to a VPN.

    Since our corporate proxy is in Japan, has always been in Japan, and is using an NTT-leased block of IPs but routinely gets identified as an India source address, even country-level geolocation is pretty unreliable.



  • @Ex-Navy Dude said:

    @morbiuswilters said:
    I do agree that this is a WTF, but I also think it's a pretty good idea to lock out access for non-US IPs (or at least Chinese and Russian IPs..) It could be a default that you could have lifted if you are a business traveler who, for some reason, does not have access to a VPN.

    Since our corporate proxy is in Japan, has always been in Japan, and is using an NTT-leased block of IPs but routinely gets identified as an India source address, even country-level geolocation is pretty unreliable.

    Eh, a lot of people do it poorly, like everything in this industry.



  • @Vanders said:

    14/8 has a bit of a weird history so it wouldn't surprise me if a lot of sites had no real idea where in the world an address in that range might be.
     

    For the mods that can see my IP address, I'm posting from it now, all the issues haven't happened in a while. I know I haven't updated one of my site's GeoIP database which doesn't know about our IP address, but all it's used for is pre-selecting a "Country" drop down, so is easy for the user to change.

    It still freaks me out a little bit when I see connections coming from 1.x.x.x, which happens a fair bit these days.



  • @Zemm said:

    It still freaks me out a little bit when I see connections coming from 1.x.x.x, which happens a fair bit these days.

    The best one is Google DNS: 8.8.8.8


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.