chrisw wrote: ↑Sun Feb 23, 2020 9:52 pm
hgm wrote: ↑Sun Feb 23, 2020 11:08 am
You seem to miss the point. Resistance to fraud should be one of the key specifications of any system for dealing with money. It is a well-known fact that criminals do exist, no matter how much we might dislike that. Failing to care about fraud resistance is neglicence.
There are societies in which actions that encourage crime are a punishable offense themselves. I think one can be fined here for leaving one's car unlocked, because that encourages theft. (I am not sure if that still applies; I never had a car.) That doesn't make ransacking unlocked cars legal here.
And yeah, criminals can be clever. So we'd better make sure we are clever in protecting ourselves from them. Making it easy for them, just because they are not supposed to do what they do would be really stupid. So yes, the book publisher is at fault. You could argue that it is his own money he is putting up for grabs (like you would be putting your own unlocked car on offer...), so that it is OK for him to do this. But of course the money lost this way doesn't really come out of the pocket of the person that designed this system. It is the one that set this up that is guilty of criminal neglicience w.r.t. the publisher (be it his client or employer).
Well, you’re about as knowledgeable about economics and business as Bob. Namely a couple of laymen,
The punch card as he described it was an invoice/receipt, sent with the book by the book company. Invoices have positive numbers on them. Their opposite is an invoice with a negative number, otherwise known as a credit note.
Bob’s friend, who he described as a clever programmer, and performing something funny and boasting about it, forged a credit note by changing the sign. Is no different to reprinting an invoice with negative numbers and then presenting it for credit payment. Or forging a bank note, or a US treasury bill, all these things are legal Fiscal instruments, convertible to cash. Credit notes happen all the time and are not unreasonably assumed good, just as US treasuries are legal currency and assumed good at the point of presentation anywhere in the world. It isn’t the task of software or bought ledger clerks to reject invoices/credit notes, nor US dollars nor US treasuries. Fraud/forgeries, unless glaringly obvious, get discovered later when the double entry ledgers don’t match up at the end of the accounting period. Then a forensic search would reveal the fraud.
Bob describing the fraud as clever, and accusing the company of bugged software is just dumb. All it reveals, apart from the ethical fail, is Bob’s lack of knowledge of accounts. Which in turn suggests his story of writing bank software, all of it, can be brought into question. We’ll let you off, since you didn’t claim to write bank software.
Your argument about criminal negligence is framed by dislike of banks presumably? A parallel case would be of an old lady who left her purse on show, gets robbed by a criminal, who then spends her money and blames her for being stupid. Or criminally negligent as you would call it.
Funny how your argumentation positions are taken for entirely social reasons, when your claim is to just use straight logic. I don’t think so.
This is all bullshit. NOBODY will take an invoice and give you a refund WITHOUT verifying that the data is accurate in their database. This should have been caught on several levels. For example, how do you get a credit for something that was sent to you (and they know you received it because the card was in the package)? How do you allow a punched card to say someone owes/paid you a negative amount so that you have to refund it? Who in their right mind would design software so that you send THE billing document to and end user, and then obliviously use it when it comes back without any sort of validation? This was definitely a bug. Several bugs in fact. This was not a treasury bill. This was not a stock certificate. Wonder what would happen if you wrote a check for -200.00 and took it to a store and tried to use it to pay for groceries? Would the store accept it? Would the bank honor it? Nope, they at least do basic input validation today.
ALL of what you think you know about accounting is wrong. Sounds like a 1950's paper system. Not something computerized. I certainly would not accept input that could be bogus, then issue refunds based on that, and then catch it later in an electronic audit. THAT is yet another example of crappy/buggy code. Yet you say you don't write any. Above you gave a perfect description of a buggy system. again. You would actually write and deliver a piece of software that lets users write their own credit note, take money from you, then disappear? That would be a truly marvelous piece of computer programming. One that would make a freshman computer science major hang his head in shame and switch his major to basket weaving. You don't send someone an invoice, let them bring it back to you and pay them. An invoice is an invoice. Since YOU keep making up your own definitions, here is the widely accepted definition: "a list of goods sent or services provided, with a statement of the sum due for these; a bill." Anyone that lets the user convert that to anything else, or allows them to change any aspect of the invoice is a complete idiot that won't last long financially.
Your example about a little old lady's purse is nonsense. There is no input to verify. No output to verify. Can you come up with a less stupid example, as you look pretty sad with that one.
BTW MANY frauds are clever. And illegal. But STILL clever. The two words CAN apply to the same action. The guys that electronically clock a roulette wheel and win a lot of money doing so are clever. Tough to build a clocking device that goes undetected. It is also illegal in most US casinos (if not all, but I have not visited all so I don't know.) The cleverness of an idea has zero to do with its legality, and vice-versa.