Heh. 20 years ago when I was buying my house, I was arranging the mortgage through HSBC bank. One day I got a random call, started by asking me to confirm my name and date of birth. I asked them who they were, and they refused to say anything before going through security. I told them I wasn't giving them any personal details without knowing who they were, and they hung up.
A week later, I phoned up the bank asking why everything was progressing so slowly and they said I'd failed the security check, so the process had been paused. I explained what had happened, and how it was ridiculous that they expected personal details without even saying they were from the bank, which they seemed to agree with, but said that was their procedure so it was my fault for not complying.
> that was their procedure so it was my fault for not complying
This is the most fascinating (infascinating? like, infamous/famous distinction? whatever) things about bureaucracies, to me: they sincerely expect everyone to follow their internal rules and procedures, even the people who are completely outside their jurisdiction by any stretch of imagination.
Like, "we require the application of your personal seal to the papers" — "Personal seal?.. we use signatures in this part of the world, you know" — "No, we don't accept signatures, it has to be a seal imprint" so then you just stamp some absolutely random rubber stamp and they accept it because even if they can't actually read Cyrillic, it's a stamp and that's all that matters.
I taught at a German university for a few years. And they way grades were handled was, you had to print a standardized piece of paper for every student with their name, date of examination, and grade, and drop them off at the secretary's office.
The secretary would stamp every such Schein with a rubber stamp. Then the students would pick up their Scheine at the secretary's office and bring it to the examination department themselves (!) to get the grade registered. Only at the very of my time there, they changed the system and I could hand in the grades directly to the examination department.
At any rate, the system was so stupid. It was trivial for students to print a new Schein with a better grade and register that (there must have been a lot of fraud). But the counter argument was 'no, it's very safe because the students do not have a rubber stamp'. Of course, the rubber stamp was just the university logo with something like the faculty name next to it. Trivial to copy (or make a rubber stamp for more enterprising students).
Probably the procedure had been followed since 1573, well before home printers, scanners, phone cameras, or get-your-own-rubber-stamp-for-a-few-bucks internet shops.
> Probably the procedure had been followed since 1573, well before home printers, scanners, phone cameras, or get-your-own-rubber-stamp-for-a-few-bucks internet shops.
This is almost always how these seemingly silly bureaucracy hoops become established. They were created in a prior time where a third party obtaining "magic item Y" with which to authenticate was significantly difficult to near impossible. Then, over time, the world, and technology improve, to the point where anyone, willing to spend $9.99, can have an exact duplicate of "magic authentication item Y" manufactured via any one of 78 different makers. But the bureaucracy continues using the now outdated process because "this is the way it has always been done".
ARM had a huge headache when the CEO of their Chinese subsidiary stole the company seal and refused to give it back. That meant they effectively couldn't do business at all.
I recently joined a very old company, with many lifers, I continuously run into this mentality. “I can’t explain it now, but I’m sure there was a good reason for it, so we’re gonna continue doing it this way”
The real issue is that most business just don't document anything to do with their processes. Chance are that there are a hand full of things that there are a good reason for doing and they do need to be done that way. Except the people that identified that original problem and came up with original solution have all left the company so now there is nobody around that has put in the effort (or been given the time to investigate) to figure out why things are done the way they are, and the last time one of the things that had been done forever was suddenly stopped it caused untold amount of chaos so now the directive is to just keep doing everything we've always done.
I like that fence, but I consider the best course of action to be going and finding out why the thing is done the eay it is, even if it necessitates careful investigation.
I always understood chestertons to be that you should leave the fence there while you are investigating why its there and whether its still needed. Not blind "dont do anything"
I'd wholeheartedly agree with your assessment of the best course of action. To the points raised in the conversation above: there is definitely too little understanding of the pattern and too much blind adherence to the pattern as a widespread institutional practice across many institutions.
Ah, offloading the physical movement of papers between the offices onto the general populace... why don't they just mail each other directly, isn't the part of their job is to communicate with other offices? Lolnope.
Sometimes it becomes truly ridiculous: I once had to apply for some thing, and was told I need to grab and provide them some certificate from a different government service to prove that I'm actually eligible. Okay, I do that, and then they spend two weeks verifying the certificate by physically mailing and inquiring info about me from that other service and waiting for them to respond (also by physical mail).
Of course, the rubber stamp was just the university logo with something like the faculty name next to it. Trivial to copy (or make a rubber stamp for more enterprising students).
My entire career is predicted on the things I did with a stack of university letterhead 40 years ago.
Had something like this years ago when we were trying to get an EV code signing certificate from GoDaddy (for our Windows application).
They wanted a government issued identification document with both photograph of the individual as well as their physical address on it.
No such document exists for South Africans, I offered to get attestations from lawyers, police, but nothing was good enough.
Then I had to threaten charging back the credit card to get a refund (as opposed to credit) on the not-insubstantial fee for a service that their verification policies made impossible to be fulfilled by South African entities.
We succeeded with DigiCert, was a bit involved including getting sign off by a certified security consultant that we had appropriate procedures in place to protect the private key, but eventually got through the process.
I have had nothing but trouble with GoDaddy and their ridiculous identification routines. We've spent hours with (allegedly) real humans who will tell us "ok I've released the domain for transfer. It will be clear in about 30 minutes" (or whatever it is at the time) and it never is, and then we have to start the entire process over with a new rep. There are other reasons to hate them too, but I won't go on a rant :-D
My initial philosophy with GoDaddy was "as long as it works, it's good enough".
But generally happy to not be using them these days. I do our domain registrations through Namecheap and can't say I've ever had an issue with them, also had to interact with support on occasion and also no negative experiences there.
If something goes wrong and you followed the procedure, the chances you're getting fired are very low. If something goes wrong and it is discovered you didn't follow the procedure, the chances of you being assigned the blame and fired are very high. It doesn't matter how stupid the procedure is or what's at stake - 99.999% of people you'd be dealing with do not care if the bank as a whole loses business or money, but care very much whether or not they are getting in trouble. Following the procedure is the easiest way of CYA.
Had the same thing happen with a debt collector. They would identify themselves, but seeing as their name was meaningless to me as we had no prior relationship, and even if I knew what they were calling about I had no debt I was aware of...
They were a _little_ more cooperative about it though.
"Hi this is <Person> from <ABC Inc.>. Can I start by confirming your name and date of birth?"
"Who is this?"
"<Person> from <ABC Inc.>. Can I start by confirming your name and date of birth?"
"No, you may not. What's this regarding?"
"I can't discuss that with you until you verify your identity."
"Okay, well I have no idea who you are so I'm not about to do that."
"Well, I can't tell you anything else until you confirm your identity for me."
"Okay."
"So can I get your name and date of birth please?"
"No."
"..."
"..."
"..."
"..."
"Can you tell me what _day_ in January of 1970 were you born?"
I'm sure it broke some rule somewhere, but at least giving me some verification that they already had some of the information they were asking for I was willing to play along.
(Turns out the ISP did their usual ISP thing and failed to mark that I'd returned my modem when cancelling service a few months prior then told no one and sent it to collections. The debt collector was very adamant that I needed to set up a payment because this wasn't going away. I walked into one of the ISP's retail outlets, told them what happened, they sighed heavily because this comes up _constantly_ and called in to have it marked returned and I never heard from anyone ever again. The end.)
> Turns out the ISP did their usual ISP thing and failed to mark that I'd returned my modem when cancelling service a few months prior then told no one and sent it to collections.
Spectrum did this to me. They sent a single "hey, you owe us for this thing" email before sending it to collections.
I assume collections pays (pennies on the dollar, but still >0) for each case, so being more thorough in verification of this literally costs them (the ISP) money. And, also, people who are being pissed off aren't clients anymore anyway. So of course they'd not do it.
HSBC had famously terrible systems when I dealt with them for a mortgage years ago - they were so bad that the staff I spoke with pre-briefed me on the range of issues their website could suffer from.
The best was that certain sections were circular, so it would start to ask the same questions again but displaying answers prefilled in - yet it would arbitrarily forget particular (different) details on each loop, defaulting to values other than what you'd entered before, so there were only certain points you should exit the loop at, to be sure it would submit the right information!
On the plus side, despite their system woes, they had very competitive rates, so it was definitely financially worth spending another 20 minutes and accepting their idiocy!
This wasn't so much a competitive rate, but I literally couldn't have afforded to buy this house if they didn't offer a 105% mortgage - so no deposit and some extra money so I could buy some furniture. To be fair, I had some deposit so didn't really need all the extra 5%, but I wasn't anywhere close to the 10% deposit that was standard at the time.
Also, now I remember that I also had to jump through some deceptive hoops. The deal was technically only available on the graduate account, which my account had stopped being earlier in the year because it changed to a regular account after 10 years from opening. The bank manager said she'd bend the rules and let me have the deal as an exception, but then presented me with a load of life insurance policies to sign (which of course I didn't want or need) and it was strongly intimated that if I didn't sign them, she'd no longer bother bending the rules to get me the mortgage deal. So, I signed them, and as soon as I had the mortgage confirmation letter through the post I phoned up to cancel before the end of the 14 day cooling off period. I dread to think how much commission she'd have made from me if I didn't cancel.
I had something similar happen to me except it was for health insurance authorization, for a regular treatment. So, every two weeks they would call me and ask me for personal info, and refuse to explain who they were or why they called until I gave it to them. Every two weeks I would try to explain how dumb that was. No direct call back number, of course.
A week later, I phoned up the bank asking why everything was progressing so slowly and they said I'd failed the security check, so the process had been paused. I explained what had happened, and how it was ridiculous that they expected personal details without even saying they were from the bank, which they seemed to agree with, but said that was their procedure so it was my fault for not complying.