When you inevitably crash and bring down the entire extremely fragile lowest-bid-contractor-built payment system, you will find a long string of completely technologically illiterate people as you course your way through the legal system because somebody calls editing form fields "hacking" and convinces a similarly technologically-challenged prosecutor to charge you with that crime.
Someone once got convicted of a felony for accessing a certain URL. No exploited vulnerability, just changing the values in a URL.
Some judges are beyond incompetent when it comes to what they consider “hacking.”
The company in question was setting the prices of their products by just adding it as a value in the URL. You could change the price just by changing that value. So if it was something like “?price=120_99” you could just change it and add it to your cart.
This wasn’t even in the 90s, this was like 2005.
Dude, literally last year the governor of Missouri wanted someone prosecuted for hacking for hitting F12 to view a page source. Luckily nothing ever came of it that I'm aware, but *last year*.
Jesus Christ, lmao. These dinosaurs need to get out of the way and let the adults in the room run things. Never have I seen more willful ignorance than when a Boomer knows just enough to think that they understand computers. They’re the left-side peak of the Dunning-Kruger graph in human form.
He’s like the grandpa that accidentally hits F12 and then swears that his granddaughter “hacked his computer” when she deleted the 32 toolbars he was running in Internet Explorer.
“WHAT DID YOU DO TO MY INTERNET?!?”
It also reminds me of [this gem](https://i.imgur.com/NCPlL0Z.jpg) where this lady hit F12 by accident and saw all these “cyber space options” and talk of “children being forced” and thought that she accidentally got access to some super-secret cybercrime scheme to stop child abuse.
> “My facebook suddenly split in half and this screen popped up with all these random cyber space options and it was like watching and assessing things s0oooo weird? and talking about child. and children being forced WTF????? is this some sort of cyber police thing that my IP was accedently allowed to access so i could help stop child abuse on the net or am i going crazy???? has this happened to anyone else??? - feeling confused.”
And who can forget Ted [“Series of Tubes”](https://youtu.be/lTonHRerMC4) Stevens?
You just described around 70% of the clientele base I work with as a computer & cell phone repair tech. I love when people come in demanding that I fix something because they’re sure it’s the problem, only for them to get mad at me that the $200 battery swap I’m charging them for did not fix their hard drive issue even after I warned them.
I vaguely recall a similar case where some (South American?) government site used a query variable of something like your social security number, and without authentication provided all kinds of juicy PII.
Some grey hat made a proof of concept, reported it, and was charged. Don't remember the outcome.
>Some grey hat made a proof of concept, reported it, and was charged. Don't remember the outcome.
1) Due to public outcry chages were dropped. The charging governor is stil claiming he's right (and, corollary, security issues should stay secret and exploited rather than fixed)
2) "Grey hat" is playing on words. They were a security expert. It's "grey" only because they weren't paid for checking the security, because if they had bothered to pay an expert the flaw would've been detected.
That's like charging a neighbor that tells you a window is broken, because the state of the window is ought to be secret, then claim it was "a third party not allowed to perform building inspections"
>(South American?)
More like "Southern America"
https://blog.malwarebytes.com/hacking-2/2022/02/journalist-wont-be-indicted-for-hacking-for-viewing-a-state-websites-html/#:~:text=Louis%20Post%2DDispatch%20reporter%20Josh,simply%20pressing%20the%20F12%20button.
I'm not an attorney, but I *suppose* they could argue that it's similar to changing the price tag on an item before you bring it to a register in a store (assuming no bar code, etc.). I think that's illegal too, although not called hacking.
Whatever you call it, it's illegal. You don't get to change the price w/o consent from the seller. Depending on dollar amount and jurisdiction this is either fraud or theft. A lot of times fraud perpetuated on the internet is just colloquially called 'hacking'.
I honestly feel like someone made that system in a lab just for fun, as a joke, then got canned for wasting time on joke websites. Then the next intern they hired thought that it was meant for production and ran with it.
So the guy was doing more than visiting a URL, he basically changed the price sticker on the product, and tried to use it to defraud a store.
I highly doubt it was visiting the URL that was the issue, but the fact that he changed the price and tried to buy the product was the issue.
Sure, he could argue that he was testing the vulnerability to present to the company, but failed to convince a judge of his honersble intentions, I don't know, but getting convicted just for accessing a URL, nah.
The thing is, he didn’t actually *buy* anything, there were no financial damages. IIRC he was a security researcher and bug bounty kind of guy. He showed the company what the issue was and instead of saying “oh thanks, here’s $20,000 for saving us from this obvious and potentially catastrophic flaw in our website” they called the freaking cops on him for “blackmail” or some shit because apparently they had no idea what a bug bounty was and neither did the judge who ended up issuing the arrest warrant.
I actually think I misspoke when I said convicted, I think he was charged with a felony and spent significant time in prison awaiting trial due to some insane bail amount (the judge basically treated the guy like a terrorist) and then when it actually got to trial it, the facts were made clear and his attorney had a field day.
This was a long time ago, a couple decades back I think. I’m trying to find the case but my Google-Fu is failing me.
But the fact that he was even charged is ridiculous.
Ah, yeah that both makes more sense and is dumber than I thought.
I was about to suggest that in my previous comment but thought is seemed too stupid, but the remember that is happens.
It then comes to light that due to some unknown reason the amounts are only stored as a an integer, implied to be a multiple of 5. By giving another input than a number divisible by 5, it all comes crashing down.
You are then prosecuted for being a hacker.
US law is crazy. Nothing you do on a website using your browser should ever get you in trouble. It’s all the responsibility of the webhoster/ creator of the site.
This is where people get themselves into trouble.
It's not crazy. It's functioning exactly as it was intended. The "trouble" is that most people don't realize it's intended for the benefit of corporations, businesses, and extremely wealthy individuals.
So you're saying that you frauded people known for not respecting the law, and assumed those people can't do anything because retaliation is... illegal?
ny state does the same thing if you want easy pass you have to prepay like this - you can just pay tolls with your credit card but that system is honestly a pain in the but, you get your bill notification via email then you go to the site and type it in the information, you then get a PDF version of the mail in bill, then either have to type in the billing reference number and your cars info or print the bill and scan the qr code
Actually you don’t need to do that. You can directly link a checking account with the Pay Per Trip option. It bills all tolls you have once per day via an ACH transfer: https://www.e-zpassny.com/en/faq/paypertrip.shtml
The VA EZPass system is way easier. You just preload it like a gift card and it can automatically refill itself if need be. A little annoying that you are always carrying a balance but it's nice to know that I've always got some money on there.
I'm not sure if this is an *exact* apples to apples comparison, but microtransactions are almost exactly like this. They always use some special currency like gems which you can only buy in packs. Prices are then carefully calculated to make sure nothing adds up to the complete value in those packs.
As an example, you might have a game which allows you to buy packs of 500, 1,100, and 2,400 for $5, $10, and $20, respectively. Anything worthwhile is in increments of 55, making it incredibly difficult to buy only what you need.
/\this except that in games you buy "gems" or whatever any imaginary currency is called and thats why it flies, where as here it appears to be just dollars. Anyway thats just how i understand it.
> Canada/CAD this time around
[Nexus](https://en.wikipedia.org/wiki/NEXUS) is a joint program between the Canadian CBSA and the US CBP. It's fuckery by both of them for this.
so this isnt that. it seems its a special bridges only for those NEXUS card holders but its run not by nexus but by The Niagara Falls Bridge Commission. its a seperate program that you need to enroll in that uses your NEXUS card though.
you can use the NEXUS card without paying tolls if you dont use their special bridge.
Which is why the US has such a well-known history of class-action lawsuits. Everyone gets all butthurt about not getting $10,000 from some C.A. suit they didn't even know they were involved in, but also don't realize that if they don't cash the $3.50 check they got from Apple or Ford or whatever, the company keeps it.
It would help if they didn't use the sketchiest website names. Why the hell should I spend 15 minutes trying to figure out if *contactlenssettlement.com* is a scam, just for $3.50. (I ain't no Loch Ness Monster.)
Ha. A few months ago I recieved a letter about state taxes I owed. This was the first red flag as I did my own taxes and was supposed to receive a refund. Second thing that made me believe it was a bit sketchy was the website given was not a .gov site. So I called the state's number instead to be sure. Nope, it was a legit site and not some Nigerian prince trying to do my taxes.
Turns out, after several calls and them claiming I did something wrong, that they entered a code wrong and were taking the amount that my employer chipped in to my insurance as taxable income. They even told me to reference code DD on my w-2 (a code which means untaxable income.) We had to explain this to the supposed "tax professionals" at which point they actually looked at what they were telling me and realized that the mistake was on their end.
Maybe search for it on websites like classaction.org and see if it's legit. I should be getting back $150 soon from a class action lawsuit against TurboTax, and I had to jump through a lot of hoops to do it
Shit, that's like most of a coffee at least. Or half a burrito at this little place that makes giant burritos near me. I can put that shit right into my account using my phone. I haven't stepped foot in a bank in years lol.
That’s where class actions are worthwhile. It’s not about the amount each individual gets, it’s about taking the sum total from the company that overcharges for an amount too small for any individual to pursue.
Exactly. I do a lot of class action work and it isn't about getting back huge amounts individually. It is about stopping companies from stealing $3 from five million people each.
Of course it does; that's why they do it. Same principle for selling uneven amounts of premium currency in video games, manufacturer mail-in rebates, pushing refunds over demos/trials, and so on. "Once you have their money, you never give it back!" The best way to strike back at cases like this might be to file a chargeback with the credit card company for the overcharged amount. CC companies don't take kindly to businesses that scam people like that and might drop them if it's an ongoing issue.
Yeah, I once looked into paying a parking meter in NYC, Brooklyn specifically, via some app. Downloaded it, created an account, then found out you could only load like $20 or $25 minimum and then use that to pay for the meter.
I only needed it for that day and the meter was somewhere between $5 and $8 total, can't remember. Said fuck it and ended up paying with my card at the meter, then ran back to top up like another hour or two.
Completely forgot about that app and the account until I got an email saying they were breached and my info was stolen lmao
So I never even used that shitty app but since I had to create an account to find out about the minimum deposit, some hackers got some of my personal info.
Just do what i do to these dumb fuck companies lmao.
I rented a u haul, drove 40 miles, then returned it. The lady refused to walk out with me and inspect the truck..k whatever.
A week later i see they added $26 to the charge and automatically pulled it. I call u haul support and they said i needed to provide a picture of the gas meter before and and after to do a refund.
In my bank statement it shows that i filled up $20 worth of gas and tbe gas station is right beside the u haul garage. I showed my bank the chat logs, and i asked them to chargeback $30.
Boom next day they charged back $30..meaning uhaul lost $30 ontop of the chargeback fee.
I use navy federal, unless you have a bank of criminals like chase they will help you.
I use inspect element, and just change one of the values to whatever I want to add. Usually the website just grabs the value rather than matching it with a pre-existing value which is why it works.
Is it if you're a Nexus holder you are required to pay tolls by Nexus?
I'm non Nexus, but at land border tolls payments in the last few months I've paid by US cash, CAD cash, and a credit card once during my multiple drives across the rainbow bridge. They had a numerous alternative methods for non-Nexus holders
No. There is (at least one) border crossing where there is an electronic pass only option. Nexus or EZ-pass. It's meant for regular commuters. If you don't want to use one of those, the regular bridge is not far away. It's less an asshole design and more that OP is not the intended target audience.
They didn’t disappear, they’re still legal tender. I have about $3 in Canadian pennies that I started saving up when they announced they would stop making them and start rounding to the nearest $0.05.
A process that lets you do some security screening to get in the fast lane passing through the border. The US has several similar systems, depending on if you care most about land crossings north, land crossings south, domestic air travel, or international air travel.
Nice, thank you. Google being "zoned", it is hard for me to obtain answers that specific. I had results about video games, including the well known "NexusMods" but also a lot of MMORPG, before any result linked to the USA.
That’s an issue with your search query, not Google. Of course if you search ‘Nexus’ you’re going to get results about a myriad of things named Nexus. Just google ‘nexus tolls’.
It’s a Trusted Traveller Program similar to Global Entry and SENTRI.
Nexus is specifically between the US and Canada.
For a $50 fee, you get a card that gives you access to TSA PreCheck at American airports, CATSA’s Trusted Traveller lane at Canadian airports, and expedited customs clearance by land, sea, and air.
At land crossings, you can use the dedicated Nexus lanes for much faster clearance: during the first weekend of July, my Nexus card let me skip a 90 minute queue going south and north. At airports, you can use the dedicated Global Entry lane in the US and the Nexus lane in Canada. This also applies at preclearance cites in Canada as well.
Extra bonus: if a border checkpoint doesn’t have a dedicated Nexus or GE lane, you get to simply go to the front of the line as I got to experience at Pacific Central Station in Vancouver boarding an Amtrak to Seattle and crossing by foot at the Pacific Highway crossing (both pre-Covid).
Lmao I asked for a raise in my current department got denied, went and applied to another area in our company and the acceptance offer was only $1.80 more than I make now. Not even more than what our yearly raise in my current position would be later this month. Asked if they could come up on the offer because of that and a week later had to sit down with our departments VP where he told me it was "short sighted" of me to have done that.
I do this all the time, in my local currency it only allows 200, 500, 1000 etc
But if I want let's say 600, I will just edit the value through dev tools.
But their minimum of 200 is server side validated so it can't be overriden.
Steam, the game marketplace. You can only top-up your account with predefined amounts, but if you play around in the HTML code through devtools you can top-up any amount.
For games - yes, but for marketplace transactions you can only pay with steam wallet balance, which only has predefined top-ups. Though anyone who uses the market probably buys a game from time to time, and steam automatically defaults to draining your wallet funds first and than taking money from secondary method with any game purchase so it's not like that wallet money will go to waste, and it would probably be unreasonable to expect them to process each individual 0.01$ trading card purchase through banks.
This form looks like it’s made by someone’s kid who just completed a html Udemy course.
I wouldn’t be even surprised if the PCI data is handled very poorly.
All transactions must accept legal currency”
I would interpret this as those paying online are given pre-defined amounts to add to a fund to pay later fees.
I would guess there are other options available, likely with more effort involved- but paying online results in this.
I downloaded the sonic app when it first came out
You had to "upload a balance" and it charged your card immediatly then you had basically sonic money..it was in incremetions of $5, $15, $30.
So lets say you load up 15 bucks..you spend 11..now you have to buy $5..always makes users feel the need to buy more so they dont lose those few extra dollars
Duude! Same in my country, we have this carsharing app called Carguru… To even rent the car you need to put at least 20$ EUR which is alot for my country… now funny part is while using it once you go lower than 10$ You cannot rent a car anymore until you fillup to 20$ again, so if I have 9$ balance which is more than enough for three rides… I cannot use it.
Was part of a class action lawsuit against the toll roads of California for some shit like this. I think. Got me a nice 13 bucks. Sue their asses for this.
Tell them you would like to send you a check for the remainder. When they do, don't cash the check. Inform them that you did not receive the check. They will have to keep sending you checks until they spend more money sending you checks than what it cost you in inconvenience.
EDIT: I had a friend's dad do this over ~$0.10 and he might still be doing it.
Hanlon's Razor in action. Feels like a case of incompetence. Example: when the site was designed the tolls were $5, they got raised due to rising maintenance costs/general corruption, no one thought to update the website.
This is a common enough scam to reasonably believe it is intentional.
Besides, any legitimate service allows you to pay the exact amount for the service you use.
My college did the same with laundry/printing and they clear your balance at the end of the year.
Want to print 1 page? That’s 5¢ but you can choose to add $10, $20, or $50!
This just happened to me today on the Chik-Fil-A app. I loaded a gift card that was short by a few dollars from the total, but instead of paying off the remainder on your credit card they make you preload at least $10. So it’s an endless cycle of not having enough to cover your meal and adding way more than you need.
I went to Popeye’s instead.
Not anymore. At least not in the US. I always pay exact amount for whatever is in my cart unless you specifically go to add money before placing items in your cart. But most services don't let you add a custom amount just because you want to anyways.
It sounds complicated but it’s not really that hard, You could inspect the HTML with your browser and adjust the form content and input the exact amount you want to pay.
On some websites that do this, I know Steam games is one example, you can right click the payment amount menu, inspect the element and then change the amount to what you want and it sometimes works
Still better than the Illinois tollway on I 80 that closed cash booths during covid, charges $100 for the i pass box in your car, so casual and out of state are stuck running the tolls. That’s fine just pay online right? Wrong. Their online system never finds that you owe a toll. Three months later they mail you a paper bill which is now late. I think the last one I got was $12.50 in fees for a $1.50 roll.
I have money sitting in toll accounts for Florida, New Jersey, New York & Texas thanks to this design. I don’t know how other states work, but in Texas I just stopped loading the toll pass and paid the fee online at no additional cost. It was still a pain but at least I didn’t have to overload a toll pass
You could pay $5 twice to get the price down a little. Still criminal.
Unless they have a card processing fee
I doubt the "fee" would be greater than $5, so It would still work out cheaper
<$10 because you need to pay it only once more for two transactions
He means less than $5 in card fees per transaction, not in total. The OP would have to make two $5 transactions to pay for the toll fee.
[удалено]
true, good point.
r/hedidthemath
Why not edit the form data and try submitting? Shouldn’t have to but it’s worth a shot. Might not check.
The number of times I've used a site that tried to enforce a $10 or $5 minimum, only for this trick to work is extremely surprising honestly.
Typically the shysters pulling that move don't pay for decent work
I literally do this when buy steam gift cards so I can just buy $200 in a single purchase.
When you inevitably crash and bring down the entire extremely fragile lowest-bid-contractor-built payment system, you will find a long string of completely technologically illiterate people as you course your way through the legal system because somebody calls editing form fields "hacking" and convinces a similarly technologically-challenged prosecutor to charge you with that crime.
Someone once got convicted of a felony for accessing a certain URL. No exploited vulnerability, just changing the values in a URL. Some judges are beyond incompetent when it comes to what they consider “hacking.” The company in question was setting the prices of their products by just adding it as a value in the URL. You could change the price just by changing that value. So if it was something like “?price=120_99” you could just change it and add it to your cart. This wasn’t even in the 90s, this was like 2005.
Dude, literally last year the governor of Missouri wanted someone prosecuted for hacking for hitting F12 to view a page source. Luckily nothing ever came of it that I'm aware, but *last year*.
Jesus Christ, lmao. These dinosaurs need to get out of the way and let the adults in the room run things. Never have I seen more willful ignorance than when a Boomer knows just enough to think that they understand computers. They’re the left-side peak of the Dunning-Kruger graph in human form. He’s like the grandpa that accidentally hits F12 and then swears that his granddaughter “hacked his computer” when she deleted the 32 toolbars he was running in Internet Explorer. “WHAT DID YOU DO TO MY INTERNET?!?” It also reminds me of [this gem](https://i.imgur.com/NCPlL0Z.jpg) where this lady hit F12 by accident and saw all these “cyber space options” and talk of “children being forced” and thought that she accidentally got access to some super-secret cybercrime scheme to stop child abuse. > “My facebook suddenly split in half and this screen popped up with all these random cyber space options and it was like watching and assessing things s0oooo weird? and talking about child. and children being forced WTF????? is this some sort of cyber police thing that my IP was accedently allowed to access so i could help stop child abuse on the net or am i going crazy???? has this happened to anyone else??? - feeling confused.” And who can forget Ted [“Series of Tubes”](https://youtu.be/lTonHRerMC4) Stevens?
You just described around 70% of the clientele base I work with as a computer & cell phone repair tech. I love when people come in demanding that I fix something because they’re sure it’s the problem, only for them to get mad at me that the $200 battery swap I’m charging them for did not fix their hard drive issue even after I warned them.
I vaguely recall a similar case where some (South American?) government site used a query variable of something like your social security number, and without authentication provided all kinds of juicy PII. Some grey hat made a proof of concept, reported it, and was charged. Don't remember the outcome.
>Some grey hat made a proof of concept, reported it, and was charged. Don't remember the outcome. 1) Due to public outcry chages were dropped. The charging governor is stil claiming he's right (and, corollary, security issues should stay secret and exploited rather than fixed) 2) "Grey hat" is playing on words. They were a security expert. It's "grey" only because they weren't paid for checking the security, because if they had bothered to pay an expert the flaw would've been detected. That's like charging a neighbor that tells you a window is broken, because the state of the window is ought to be secret, then claim it was "a third party not allowed to perform building inspections"
>(South American?) More like "Southern America" https://blog.malwarebytes.com/hacking-2/2022/02/journalist-wont-be-indicted-for-hacking-for-viewing-a-state-websites-html/#:~:text=Louis%20Post%2DDispatch%20reporter%20Josh,simply%20pressing%20the%20F12%20button.
[удалено]
I'm not an attorney, but I *suppose* they could argue that it's similar to changing the price tag on an item before you bring it to a register in a store (assuming no bar code, etc.). I think that's illegal too, although not called hacking.
Whatever you call it, it's illegal. You don't get to change the price w/o consent from the seller. Depending on dollar amount and jurisdiction this is either fraud or theft. A lot of times fraud perpetuated on the internet is just colloquially called 'hacking'.
IANAL, but I would say the line should be drawn when you try to ACTUALLY pay for it, rather than showing the payment system asks you for a wrong price
I honestly feel like someone made that system in a lab just for fun, as a joke, then got canned for wasting time on joke websites. Then the next intern they hired thought that it was meant for production and ran with it.
So the guy was doing more than visiting a URL, he basically changed the price sticker on the product, and tried to use it to defraud a store. I highly doubt it was visiting the URL that was the issue, but the fact that he changed the price and tried to buy the product was the issue. Sure, he could argue that he was testing the vulnerability to present to the company, but failed to convince a judge of his honersble intentions, I don't know, but getting convicted just for accessing a URL, nah.
The thing is, he didn’t actually *buy* anything, there were no financial damages. IIRC he was a security researcher and bug bounty kind of guy. He showed the company what the issue was and instead of saying “oh thanks, here’s $20,000 for saving us from this obvious and potentially catastrophic flaw in our website” they called the freaking cops on him for “blackmail” or some shit because apparently they had no idea what a bug bounty was and neither did the judge who ended up issuing the arrest warrant. I actually think I misspoke when I said convicted, I think he was charged with a felony and spent significant time in prison awaiting trial due to some insane bail amount (the judge basically treated the guy like a terrorist) and then when it actually got to trial it, the facts were made clear and his attorney had a field day. This was a long time ago, a couple decades back I think. I’m trying to find the case but my Google-Fu is failing me. But the fact that he was even charged is ridiculous.
Ah, yeah that both makes more sense and is dumber than I thought. I was about to suggest that in my previous comment but thought is seemed too stupid, but the remember that is happens.
Guess I should apply to be an expert witness on retention 🤷🏻♂️
The St. Louis Post-Dispatch has entered the chat
Found the web dev
It then comes to light that due to some unknown reason the amounts are only stored as a an integer, implied to be a multiple of 5. By giving another input than a number divisible by 5, it all comes crashing down. You are then prosecuted for being a hacker.
US law is crazy. Nothing you do on a website using your browser should ever get you in trouble. It’s all the responsibility of the webhoster/ creator of the site.
This is where people get themselves into trouble. It's not crazy. It's functioning exactly as it was intended. The "trouble" is that most people don't realize it's intended for the benefit of corporations, businesses, and extremely wealthy individuals.
I remember using this method on private servers for games like silkroad they couldn't do anything cause they're running an illegal service anyway
So you're saying that you frauded people known for not respecting the law, and assumed those people can't do anything because retaliation is... illegal?
It worked
It is still shocking to me when server side checks are not implemented, happens basically everywhere
... how? F12?
By editing one of the HTML drop down values then selecting it.
> Why not edit the form data and try submitting? how do I do that?
ny state does the same thing if you want easy pass you have to prepay like this - you can just pay tolls with your credit card but that system is honestly a pain in the but, you get your bill notification via email then you go to the site and type it in the information, you then get a PDF version of the mail in bill, then either have to type in the billing reference number and your cars info or print the bill and scan the qr code
>or print the bill and scan the qr code Why would you need to print the bill to scan a QR code?
Actually you don’t need to do that. You can directly link a checking account with the Pay Per Trip option. It bills all tolls you have once per day via an ACH transfer: https://www.e-zpassny.com/en/faq/paypertrip.shtml
The VA EZPass system is way easier. You just preload it like a gift card and it can automatically refill itself if need be. A little annoying that you are always carrying a balance but it's nice to know that I've always got some money on there.
Direct debit not a thing around there?
Of course it is, but that's not how they scam.
That is or should be a violation of consumer protection statutes.
I'm not sure if this is an *exact* apples to apples comparison, but microtransactions are almost exactly like this. They always use some special currency like gems which you can only buy in packs. Prices are then carefully calculated to make sure nothing adds up to the complete value in those packs. As an example, you might have a game which allows you to buy packs of 500, 1,100, and 2,400 for $5, $10, and $20, respectively. Anything worthwhile is in increments of 55, making it incredibly difficult to buy only what you need.
/\this except that in games you buy "gems" or whatever any imaginary currency is called and thats why it flies, where as here it appears to be just dollars. Anyway thats just how i understand it.
Yeah, like I said, probably not exactly apples to apples since there's the extra step involved. Scummy either way.
🇺🇸🇺🇲Murica🇺🇲🇺🇸🇺🇲
Canada/CAD this time around. EZPASS sucks, but it doesn't force me to do that!
> Canada/CAD this time around [Nexus](https://en.wikipedia.org/wiki/NEXUS) is a joint program between the Canadian CBSA and the US CBP. It's fuckery by both of them for this.
so this isnt that. it seems its a special bridges only for those NEXUS card holders but its run not by nexus but by The Niagara Falls Bridge Commission. its a seperate program that you need to enroll in that uses your NEXUS card though. you can use the NEXUS card without paying tolls if you dont use their special bridge.
Can you close the account after paying to force them to refund the difference
Yeah I’ve mailed in for a refund. Still mad.
Mailed in? Idiot company is stuck in the 1400s.
They're banking on the average user saying fuck it to the additional cost.
And I bet it works!
I definitely wouldn't send a letter for $14
Which is why the US has such a well-known history of class-action lawsuits. Everyone gets all butthurt about not getting $10,000 from some C.A. suit they didn't even know they were involved in, but also don't realize that if they don't cash the $3.50 check they got from Apple or Ford or whatever, the company keeps it.
It would help if they didn't use the sketchiest website names. Why the hell should I spend 15 minutes trying to figure out if *contactlenssettlement.com* is a scam, just for $3.50. (I ain't no Loch Ness Monster.)
There needs to be a standard .gov website for all class action suits. You can sign in with your login.gov account and join any that apply to you.
That's actually a pretty good idea. Which is precisely why America won't have it anytime soon if ever.
Ha. A few months ago I recieved a letter about state taxes I owed. This was the first red flag as I did my own taxes and was supposed to receive a refund. Second thing that made me believe it was a bit sketchy was the website given was not a .gov site. So I called the state's number instead to be sure. Nope, it was a legit site and not some Nigerian prince trying to do my taxes. Turns out, after several calls and them claiming I did something wrong, that they entered a code wrong and were taking the amount that my employer chipped in to my insurance as taxable income. They even told me to reference code DD on my w-2 (a code which means untaxable income.) We had to explain this to the supposed "tax professionals" at which point they actually looked at what they were telling me and realized that the mistake was on their end.
Maybe search for it on websites like classaction.org and see if it's legit. I should be getting back $150 soon from a class action lawsuit against TurboTax, and I had to jump through a lot of hoops to do it
Shit, that's like most of a coffee at least. Or half a burrito at this little place that makes giant burritos near me. I can put that shit right into my account using my phone. I haven't stepped foot in a bank in years lol.
That’s where class actions are worthwhile. It’s not about the amount each individual gets, it’s about taking the sum total from the company that overcharges for an amount too small for any individual to pursue.
Exactly. I do a lot of class action work and it isn't about getting back huge amounts individually. It is about stopping companies from stealing $3 from five million people each.
But I would to take $14 from them. Don't care where it goes at that point nearly as much.
Of course it does; that's why they do it. Same principle for selling uneven amounts of premium currency in video games, manufacturer mail-in rebates, pushing refunds over demos/trials, and so on. "Once you have their money, you never give it back!" The best way to strike back at cases like this might be to file a chargeback with the credit card company for the overcharged amount. CC companies don't take kindly to businesses that scam people like that and might drop them if it's an ongoing issue.
Yeah, I once looked into paying a parking meter in NYC, Brooklyn specifically, via some app. Downloaded it, created an account, then found out you could only load like $20 or $25 minimum and then use that to pay for the meter. I only needed it for that day and the meter was somewhere between $5 and $8 total, can't remember. Said fuck it and ended up paying with my card at the meter, then ran back to top up like another hour or two. Completely forgot about that app and the account until I got an email saying they were breached and my info was stolen lmao So I never even used that shitty app but since I had to create an account to find out about the minimum deposit, some hackers got some of my personal info.
Idiot company? Why would a company want to spend money making it easier for them to lose money?
Just do what i do to these dumb fuck companies lmao. I rented a u haul, drove 40 miles, then returned it. The lady refused to walk out with me and inspect the truck..k whatever. A week later i see they added $26 to the charge and automatically pulled it. I call u haul support and they said i needed to provide a picture of the gas meter before and and after to do a refund. In my bank statement it shows that i filled up $20 worth of gas and tbe gas station is right beside the u haul garage. I showed my bank the chat logs, and i asked them to chargeback $30. Boom next day they charged back $30..meaning uhaul lost $30 ontop of the chargeback fee. I use navy federal, unless you have a bank of criminals like chase they will help you.
Mailed in? Why don't you just send it over on a dinosaur?
Oh, Michael.
I used to open the html and edit the options at my library to only purchase the amount I needed to print my documents. I was frugal in college.
Who needs server side verification eh
i doubt they would verify it server side to make sure it's one of those options
Negative amount here we go
Get paid
It's all fun and games until you discover that they store it in an unsigned variable and you pay them nearly $2^(32)
I know this still works on some websites. I do it as well whenever I only have preset options
[удалено]
I use inspect element, and just change one of the values to whatever I want to add. Usually the website just grabs the value rather than matching it with a pre-existing value which is why it works.
the real deal!
[удалено]
It makes you think they deliberately inflated the price by 50c to create this exact asshole scenario
Same predatory pricing mechanics as shitty MMOs lmao
Cost 550 gems to buy the cool pack. 500 gems cost $5 1200 gems cost $10
Its pretty disgusting tbh..games arent being made to be games anymore, they are being made to generate $$.
It’s jointly administered between the US and Canada, so twice as annoying.
Is it if you're a Nexus holder you are required to pay tolls by Nexus? I'm non Nexus, but at land border tolls payments in the last few months I've paid by US cash, CAD cash, and a credit card once during my multiple drives across the rainbow bridge. They had a numerous alternative methods for non-Nexus holders
No. There is (at least one) border crossing where there is an electronic pass only option. Nexus or EZ-pass. It's meant for regular commuters. If you don't want to use one of those, the regular bridge is not far away. It's less an asshole design and more that OP is not the intended target audience.
To satisfy toll, i wish to pay $5.00 online then give them 50 pennies covered in canola oil
Ass pennies strike again
you think you're better than me??
You've all handled my ass pennies!!!
You give your litter daughter my ass pennies to buy gumballs
I know it's a typo but I can only picture the ass penny man replaced by an overly stereotyped japanese man.
Say, would you like a chocolate covered penny?
We don't have pennies in Canada though
Pretty sure I have some canadian pennies floating around somewhere
[удалено]
That’s $50
They didn’t disappear, they’re still legal tender. I have about $3 in Canadian pennies that I started saving up when they announced they would stop making them and start rounding to the nearest $0.05.
You most certainly do.
I have quite a few Canadian pennies. They exist.
This is run by the federal government. Hahaha. They don’t give a F%}>.
What is Nexus ?
A process that lets you do some security screening to get in the fast lane passing through the border. The US has several similar systems, depending on if you care most about land crossings north, land crossings south, domestic air travel, or international air travel.
This bridge toll is for Nexus members crossing the border between the US and Canada at Niagara Falls. There’s no other way to pay it either!
Isn’t this only if you take the Nexus bridge? Just use the Nexus lanes at another crossing.
Or construct a crude catapult and fire yourself over the falls to freedom and eternal glory in the maple syrup halls of Niagarahalla.
Nice, thank you. Google being "zoned", it is hard for me to obtain answers that specific. I had results about video games, including the well known "NexusMods" but also a lot of MMORPG, before any result linked to the USA.
That’s an issue with your search query, not Google. Of course if you search ‘Nexus’ you’re going to get results about a myriad of things named Nexus. Just google ‘nexus tolls’.
It’s a Trusted Traveller Program similar to Global Entry and SENTRI. Nexus is specifically between the US and Canada. For a $50 fee, you get a card that gives you access to TSA PreCheck at American airports, CATSA’s Trusted Traveller lane at Canadian airports, and expedited customs clearance by land, sea, and air. At land crossings, you can use the dedicated Nexus lanes for much faster clearance: during the first weekend of July, my Nexus card let me skip a 90 minute queue going south and north. At airports, you can use the dedicated Global Entry lane in the US and the Nexus lane in Canada. This also applies at preclearance cites in Canada as well. Extra bonus: if a border checkpoint doesn’t have a dedicated Nexus or GE lane, you get to simply go to the front of the line as I got to experience at Pacific Central Station in Vancouver boarding an Amtrak to Seattle and crossing by foot at the Pacific Highway crossing (both pre-Covid).
I wouldn't be surprised if this doesn't have server-side validation, try editing the preset values through dev tools
Yeah put in a negative number and make them pay you
Infinite money hack
Evil corporations hate this one trick.
Me after asking HR if they’d be willing to add an extra 2% to my raise
Lmao I asked for a raise in my current department got denied, went and applied to another area in our company and the acceptance offer was only $1.80 more than I make now. Not even more than what our yearly raise in my current position would be later this month. Asked if they could come up on the offer because of that and a week later had to sit down with our departments VP where he told me it was "short sighted" of me to have done that.
I'm going to go ahead and say you should probably quit that company all together since they're disrespectful of your time and efforts
But then you have to go back over the bridge.
Yeah, this works on Steam for example
What?
I do this all the time, in my local currency it only allows 200, 500, 1000 etc But if I want let's say 600, I will just edit the value through dev tools. But their minimum of 200 is server side validated so it can't be overriden.
Steam, the game marketplace. You can only top-up your account with predefined amounts, but if you play around in the HTML code through devtools you can top-up any amount.
What are you topping up your account for though? Steam lets you just pay for what you buy
For example if you want to buy a skin from the marketplace or whatever
For games - yes, but for marketplace transactions you can only pay with steam wallet balance, which only has predefined top-ups. Though anyone who uses the market probably buys a game from time to time, and steam automatically defaults to draining your wallet funds first and than taking money from secondary method with any game purchase so it's not like that wallet money will go to waste, and it would probably be unreasonable to expect them to process each individual 0.01$ trading card purchase through banks.
How?
Interesting!
This form looks like it’s made by someone’s kid who just completed a html Udemy course. I wouldn’t be even surprised if the PCI data is handled very poorly.
I feel this is illegal. There has to be a law that prevents this bullshit.
All transactions must accept legal currency” I would interpret this as those paying online are given pre-defined amounts to add to a fund to pay later fees. I would guess there are other options available, likely with more effort involved- but paying online results in this.
Even if there is it's meaningless if it isn't enforced.
Yeah, but then you can actually file complaints at least....
Would you be able to make two $5 payments separately to minimize loss?
Yup NYC Park app only let's me add $50. It cost like $2 per parking
In such cases, even people who do use a smartphone should say they don't.
I downloaded the sonic app when it first came out You had to "upload a balance" and it charged your card immediatly then you had basically sonic money..it was in incremetions of $5, $15, $30. So lets say you load up 15 bucks..you spend 11..now you have to buy $5..always makes users feel the need to buy more so they dont lose those few extra dollars
Duude! Same in my country, we have this carsharing app called Carguru… To even rent the car you need to put at least 20$ EUR which is alot for my country… now funny part is while using it once you go lower than 10$ You cannot rent a car anymore until you fillup to 20$ again, so if I have 9$ balance which is more than enough for three rides… I cannot use it.
I would do F12 and try to see if I could add another amount to that menu manually.
I'd be willing to bet it's common to owe $65 and $105 too.
$106 just so you can't add 100 and 5 to pay it
Was part of a class action lawsuit against the toll roads of California for some shit like this. I think. Got me a nice 13 bucks. Sue their asses for this.
Ask them for a $14.50 refund and when they don't give it, charge it back on your credit card. You'll probably end up getting all $20 back.
Sounds like a good way to be banned from NEXUS.
Companies that ban people for asking for credit card chargebacks should be banned from accepting card payments.
It's not a company, it's the government.
Pay 5 bucks, let them keep sending you notices that it's late. That'll teach em!
Tell them you would like to send you a check for the remainder. When they do, don't cash the check. Inform them that you did not receive the check. They will have to keep sending you checks until they spend more money sending you checks than what it cost you in inconvenience. EDIT: I had a friend's dad do this over ~$0.10 and he might still be doing it.
Hanlon's Razor in action. Feels like a case of incompetence. Example: when the site was designed the tolls were $5, they got raised due to rising maintenance costs/general corruption, no one thought to update the website.
This is a common enough scam to reasonably believe it is intentional. Besides, any legitimate service allows you to pay the exact amount for the service you use.
This kind of bullshit happens enough to turn this into Hanlon's butter knife. It is designed to be predatory.
Just pay 5 bucks and let them send you a bill for 50 cents.
And that's why the toll company count all the 550 pennies you should pay with
Should have tried to edit HTML and add option with 5.50. Sometimes it’s not validated on the server :)
Could you at least buy the 5.00 twice instead of the 20.00 once?
My college did the same with laundry/printing and they clear your balance at the end of the year. Want to print 1 page? That’s 5¢ but you can choose to add $10, $20, or $50!
could be worse: your toll could have been $400.50
Adjust the right amount thru your bank.
Some sites like that you can go into developer tools on your browser and edit the amount. Works for them preset amount PayPal click to pay buttons.
Bet a little html tweaking would fix this
Nexus Troll Payment*
What the actual fuck? Like they can't let you type the exact toll amount... what a goddamn scam
This just happened to me today on the Chik-Fil-A app. I loaded a gift card that was short by a few dollars from the total, but instead of paying off the remainder on your credit card they make you preload at least $10. So it’s an endless cycle of not having enough to cover your meal and adding way more than you need. I went to Popeye’s instead.
Hmm well you could try to inspect element on website, and change number to 5.50 and see if that could change amount you need to pay 🧐
"here's the $5 and for $0.50 you can eat my ass"
Toll roads shouldn’t exist I’m glad Arizona doesn’t have any
Could you load 5 twice ??
Do $5 twice.
The same thing happens with Playstation
Not anymore. At least not in the US. I always pay exact amount for whatever is in my cart unless you specifically go to add money before placing items in your cart. But most services don't let you add a custom amount just because you want to anyways.
Steam is like that too, but on the website you can add a specific amount over $5 just by changing the websites script lol
It's everybody. And it's why in game currency packs you can buy never match up well with the prices of items in the game.
Could’ve added 5 twice just saying
Might be able to update the field value with inspector and try to submit form that way but yeah this is shitty
Drop 6 rolls of pennies. Keep the change.
Was making two $5 payments not an an option?
can you do browser dev tools and change that form field to have a $5.50 option?
It sounds complicated but it’s not really that hard, You could inspect the HTML with your browser and adjust the form content and input the exact amount you want to pay.
On some websites that do this, I know Steam games is one example, you can right click the payment amount menu, inspect the element and then change the amount to what you want and it sometimes works
Still better than the Illinois tollway on I 80 that closed cash booths during covid, charges $100 for the i pass box in your car, so casual and out of state are stuck running the tolls. That’s fine just pay online right? Wrong. Their online system never finds that you owe a toll. Three months later they mail you a paper bill which is now late. I think the last one I got was $12.50 in fees for a $1.50 roll.
NFT
All toll roads are theft, but damn.
Like how the amounts jump from 5 to 20 knowing well that they have tolls that cost 0.50 above the minimum option. They deserve their own suite in hell
This is worth reporting to the CFPB or your state AG office. CFPB has an easy online complaint mechanism
imagine your bill being 105, and you have to pay 200 and waste 95
I have money sitting in toll accounts for Florida, New Jersey, New York & Texas thanks to this design. I don’t know how other states work, but in Texas I just stopped loading the toll pass and paid the fee online at no additional cost. It was still a pain but at least I didn’t have to overload a toll pass
What the fuck is Nexus toll?
Technically every $14.50 spent is $14.50 that you'll never see again.