Quote:
Originally Posted by pramodkumar The email ID was created in 2005, I had an invite back then I ruined pramodkumar@gmail by forgetting the password so had to add a number |
Quote:
Originally Posted by SilentEngine Assume your Flipkart account was created using your gmail ID with the number, not the original gmail ID from 2005. Is that right?
Is Flipkart saying that your Flipkart account is also linked to the other gmail ID? Wonder how that's possible. |
Quote:
Originally Posted by digitalnirvana There is certainly something wrong with their algorithms. I had 23k worth of fraud transactions done on flipkart about two months ago. I immediately called the bank and canceled the card and then called flipkart who then said that my account was linked to 14 individuals. It made no sense at all, because I was and still am a genuine user with no duplicate accounts. They even gave names of the other users so the customer care person was not lying, he really thought that my account had 14 other linked users. I could not make him understand, and even his team lead parroted the same explanation. |
I have a strong suspicion that they have a problem with their fraud detection algorithm.
Right... like you needed me to point that out
Hear me out - fraud detection for online systems like this where there is
no joining fee (i.e. no entry barrier for a new customer) requires them to look for fraud not just in a single user account, but across user accounts.
So, one aspect of their algorithm might be analyzing email IDs to try and correlate multiple IDs to the same "entity" using fuzzy pattern matching.
If I were a fraudster, I might use
arunphilip1@example.com as the address to initiate certain frauds (e.g. return a brick instead of a Lenovo cell phone). Now, knowing that account is going to be blacklisted, my next attempt at fraud with a Xolo phone will use a new ID
arunphilip22@example.com. Assume the same pattern occurs for a total of 13 IDs.
Now, my explanation definitely makes sense for
digitalnirvana's experience. There were IDs similar to his used for fraud, and if a
genuine ID like
arunphilip81@example.com was also swept up by the fraud algorithm, it could result in his account being flagged for fraud against 14 accounts. This is more likely if (but not limited to when) the number of orders against the genuine account is small.
So that's how Flipkart sees fraud spread across 14 accounts. A technically unsavvy customer service exec will be presented on their internal systems a warning "Fraud against 14 accounts" which he/she would have misspoken in an ambiguous way.
However, it does not explain why
pramodkumar sees other orders from 2005. Let me still make a vague attempt.
I suspect that his statement "I ruined pramodkumar@gmail by forgetting the password" is not the case, but more likely that his first email account was hijacked via the reset password option, which is sadly a bit too easy when not protected by two-factor authentication. My suspicion is strengthened by the fact that an email ID with just a first name and last name is something that will be sought after.
Now, it is somewhat possible that at Flipkart they physically merged the Flipkart accounts created with both pramodkumar@gmail and Pramod's current email ID. However, I cannot see any rational reason for them doing this on their own, and if true is indicative of shoddy account management! Flipkart should have a distinct fraud "virtual profile" that encompasses multiple email IDs, multiple similar addresses (e.g. "5th Main Road" and "5th Mn. Rd."), but there is no need to alter the actual user accounts!
The other slim possibility is that Pramod registered using pramodkumar@gmail at Flipkart, and subsequently updated his email ID to the current one. Due to some error, Flipkart kept track of orders against both email IDs against Pramod's account - the one that Pramod genuinely used, and the older one that was likely used by a fraudster.
Anyway, these are my two cents on these specific observations. If there's a shred of truth to what I've mentioned above, Flipkart need to further fine tune their algorithms. Like the justice system, it is better to let 10 fraudsters get away than annoy 1 genuine customer.
PS: The example.com domain is reserved for examples, so there is no risk of spam if bots attempt to send emails to any address at that domain. So don't worry about some poor Arun being spammed with the sample email ID's I've used above.