AT LARGE: Lax security

AT LARGE: Lax security

I'd like to share a little story with you. I was sent this in my e-mail and thought it might be relevant.

A fellow in Arlington, Washington, USA, went into his local drugstore (pharmacist to you and me) and bought himself a packet of Ex-Lax, a popular medication for, well, I think you can guess from the name. I think they euphemistically call it "irregularity" in the ads.

Anyway, the product did not function as desired, which gave this poor man the, err, well, actually, it didn't, which was the problem, if you get my meaning. So he went back to the apothecary (presumably in some discomfort) and requested a refund.

This is where the story starts to get a little dodgy. The shopkeeper told him he couldn't offer a refund, that in fact he would have to approach the manufacturer (Novartis Consumer Health) directly. This strikes me as odd, but it's an American story so some latitude must be allowed. The shop happened to have a supply of forms on hand for requesting a refund from Novartis (naturally), and offered one to the less-than-gruntled customer.

The form was a machine-readable card - you know it's got to be funny as soon as the term "machine-readable" enters into it - with various fields for the customer name, the product name, date and place of purchase, reason for wanting a refund, etc. The customer duly filled in all the fields and sent the card off to Novartis.

Some short while later, his refund cheque arrived. However, the computer had somehow misread the card (of course!), substituting his Zip code (98325) for the purchase price of the product ($US3.98). The customer, finding himself now rather more gruntled than before, merrily banked his cheque for $US98,325. He has not been heard from since, despite Novartis's genuine eagerness to get in touch.

There are a couple of issues with this story. First, I'm envious at only having a four-digit postcode. Should I run the same scam, I'd get away with only a couple of grand - not nearly enough to disappear. Second, if the computer substituted his Zip code for the purchase price of the product, what did it put on the mailing label where the Zip code ought to be? Anyone who's tried to post anything to the US with no Zip code, or the incorrect Zip code, knows it's a fast track to nowhere.

Let's not even get into the fact that some human would have had to sign the cheque, or the absurd notion that a shopkeeper would rather maintain a supply of specialised refund request forms for every manufacturer with which he does business than hand over a few measly bucks to keep a customer happy. The story is obviously a ridiculous falsehood. (This much of the story is true, because I checked: the Zip code for Arlington, WA is 98325).

But someone sent it to someone, who sent it to someone, who sent it to someone, who sent it to me. It's probably all over the world by now. I suppose I'm playing my own part in the chain by repeating it here, but I'm at least adding a few caveats. The point is that, until I got it, the story had not been questioned anywhere along the line. People simply read it, thought "Oh cool, another story about how stupid computers are", and sent it on. There are a million such stories out there already so what's one more?

It's a strange paradox to me that people are so ready to assume gross incompetence on the part of computers and their programmers, and yet so ready to rely on them. The same person who sent the story to me is a regular customer at Amazon and merrily sends her credit card number over the wires with alarming frequency. Yet she presumably is prepared to believe that if you ask a computer for $3.98, it will just as likely spit out nearly a hundred Gs.

Let's just say for a moment that this same friend were to purchase a book from Amazon for, say, $45 including shipping. And let's say that Amazon's computers told her credit card company's computers that they would like $45 please. And, because it relies on stupid old computers, the credit card company issued Amazon with $45,000, which it expected my friend to pay back. Would she blithely accept this as one of the cute little quirks of dealing with computers? Not likely.

But isn't it strange that it seems so reasonable, so possible, when it happens to some anonymous guy from Arlington, WA?

Matthew JC. Powell refuses to believe that Microsoft will pay him $5000 if a million people read this. Moneys to the contrary can be sent to

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


Show Comments