alt Hacker NewsAt the scale these companies operate and the number of actual scammers they block because of their 0 - 100 policies, I can see how they got there. I bet all of us have had the luck (?) of out card being blocked because someone out there was able to get a hold of the credentials. Collateral damage like this, as devastating as it is to the individual, is probably a drop in the bucket for the company.
I'm not excusing this. What happened here shouldn't happen, and there should be quick resolutions and explanations available to the aggrieved parties.
It's not just corporate policy, it's regulatory requirements in the US.
You must block financial activity, and you must not communicate any details to the customer, upon reasonable suspicion of money laundering activity. There's a process and a prescribed timeline for getting things resolved. There is no penalty for a false positive, but there are large penalties for false negatives.
Having watched hundreds of these things happen, all of the details point squarely to an AML problem. For closed loop gift card programs, the merchant, program manager, issuing bank, and possibly the seller all get involved. It takes time.
This doesn't require shutting off a user's access to their data though -- just preventing financial activity. Apple might not have adequately fine-grained permissions around account suspension to support this, and obviously they should fix that!