The digital nomad life comes with a lot of perks. No one complains about working from a seaside condo while downing a beer on a budget that costs a fraction of most American lifestyles. But there is one hidden dark side to the Southeast Asian lifestyle that occasionally rears its ugly head and sends you spinning: Doing business with companies that are extremely sensitive to fraud.
The story started in the usual way: I woke and stumbled over to hit the button on my coffee pot to get that transition from sleepy to focused underway. While I waited for the reassuring steamy sounds from the machine, I casually opened my Cash App app (?!) to see if that refund from Aliexpress had made it back to my account.
I was greeted with an excruciating sight that got my blood pumping faster than the coffee brewing in front of me ever could:
I can’t think of any shady P2P transactions that I may have been involved in, or any deposits or payments I’ve made that might warrant such a brash accusation. For the most part, Cash App is a nice way to keep some online purchases separated from my credit card and toy around with a few stocks.
“We found activity on your account that goes against our Terms of Service.”
Underneath the generic tone, it’s so harsh, yet so un-informative. This sounds serious, and yet there is no apparent way to appeal, or contact customer service and plead my case. Did I really inadvertently break the rules? Or did some overexcited bot misfire it’s whistle, trip the alarms, and nuke my account.
After a few minutes of frantic poking around, coffee mug finally filled to the brim, I was able to Google the “Terms of Service” that were now somehow (and surprisingly) unavailable from inside the application. As I scanned it looking for some clues as to how I could have earned the ban-hammer, I came across this foreboding little tidbit from the Cash App Terms of Service:
Now I had already verified my identity: that happened 2 years ago when I linked my bank account, ordered a Cash card, scanned my driver’s license, and started to use the app.
What caught my eye is “U.S. Resident”. What does that mean, exactly? I own a house in the US. I pay a power and water bill in the US. I get my mail in the US. I vote in every major election in the US. And I regularly travel to and inside the US since I am an American and it is my country. But… I’m not always inside the US.
Toto, we’re not in Kansas anymore…
For nearly a year and a half now, as we’ve all suffered through this global pandemic, I’ve been hunkered down here in a developing Southeast Asian country, happily working from my balcony overlooking the sea. My mind in both eastern and western hemispheres, my banking scattered around the world, and likely, an IP address that is telegraphing a little secret detail:
“February 15, 2021 – Access from SE Asia”…
“March 22, 2021 – Access from SE Asia”…
…
“August 2, 2021 – Access from SE Asia”…
Each and every time I open Cash App, it gave away a little clue.
I’m going to take a wild swing and guess the Cash App’s security bot had enough of this and decided the account might not actually be in use by a US Resident.
I have a memory of the olden days when a concerned bank might give you a call and ask for clarifying information, such as “this check seems unusually large, do you want to authorize it?”
Or a business partner might call you to say “we noticed your volume is changing, is everything ok?”
Heck, even our friends sometimes call to say “I’ve not heard from you in too long, how are you doing buddy, is everything ok?”
Not any more. This is 2021 and our lives are now monitored by bots. Cold, calculating, strictly-rule-based, only partially informed bots that have been instructed to look for unusual activity. Then flag it. Then kill it.
They don’t ask how or why that information seems unusual, but it strays from the mean. They aren’t smart enough to suspect there’s a good reason it’s unusual. They don’t alert internal teams who then go and investigate – in fact human interaction is no longer necessary. Those reality checks and verification steps were apparently just getting in the way of progress. So the final result:
Banned from Cash App.
Frustratingly, this is not my only sorry tale of losing access to banking, stock and crypto exchanges, selling marketplaces (looking at YOU eBay) or other online platforms because of my geographic location at the time of access. Spotify, Pandora, Amazon Prime Video, and Netflix have all caused problems. The online bill pay system for one of my credit card accounts cannot be accessed unless I connect through a VPN. Let me say that another way – I cannot pay my credit card bill online unless I fake my IP address. All of these companies have limited or even blocked me entirely after deciding my IP address comes from somewhere they don’t like.
It doesn’t always happen on the first access, but eventually, after more and more use, my accounts become marked and the ban is then only a matter of time.
Are VPNs the solution?
In many cases, I’ve been able to resolve “permanent bans” at other businesses with a phone call or an online chat, followed up with a scanned drivers license or utility bill to prove my case. At other times I’ve contemplated using a VPN connection to hide my true location, but I’m afraid this cat-and-mouse game will eventually break some other Terms of Service provision and land me a truly irrecoverable ban.
But why has it come to this? Is it not reasonable to develop a security system that asks questions first, and shoots later? Maybe the idea is that asking questions only leads to more fraudulent answers, but is giving a presumed bad actor insight into your security processes so bad? If it is, maybe the process is faulty to begin with. Maybe they are so inundated with fraud that they can ban away and assume fraudsters won’t even try to recover their accounts, leaving just those legitimate customers to try and repair.
Some corporate digital security teams look at the IP connections coming from Southeast Asia, and other developing countries, and assume that nothing good could possibly be coming from them save the periodic tourist remote connection. With this information, they train their bots to treat every connection from these regions as suspicious, and negatively flag every connection coming from the area.
Over time, they build a profile of your account (and you), ranking your account as “good”, “suspicious”, or “bad”. Of course, using IP-region blocking security is easily bypassed with VPNs, so it’s really more of a “keep the honest ones out” approach.
Some online hacker forums even discuss how they can totally evade these rankings and which tools to use avert them, so to an extent, the strategy is obsolete from a security perspective. The bank, or other online business employing IP-region blocking gains nothing meaningful except frustrated users.
Unfortunately, us digital nomads, expats, and long-term working-from-a-foreign-country-while-on-vacationers get lumped in with a group that we are not really a part of, leading to occasional, sometimes even frequent, classification as a high risk customer. Someone to be feared, rather than trusted. Someone to be suspicious of.
Is there a way out of using automated bans?
Some businesses have developed appeals processes and customer service teams that can step in to mend damage left in the wake of security bots gone awry. But many businesses offer no grace – no pathway back – relying on the likelihood that a very small loss of good customers is a low price to pay to get a cheap and wholesale block from regions of fraudsters.
But is this approach really an effective way to get away from the bad actors? I’d argue they don’t work, as fraudsters will continue to use VPNs or even connect directly from inside the country they wish to attack. Most companies cannot churn their customer base with negative experiences before it eventually catches up to them. And does our world need to be so cold, so uninviting, and so defensive?
I personally don’t want to be in a relationship with any business that accuses me first and then re-opens the door after I submit my life story to their whims. But when it’s your bank, your eBay or Etsy account, your credit card company, what else can you do except reluctantly accept this approach?
The future includes a lot of remote workers
A high percentage of people are never going to work in an office again after the disastrous pandemic of 2020 and 2021. The tools for working remotely are great now, so why not live wherever you want and work over the internet? This will result in a lot of people living in one region while maintaining business, banking, and other types of relationships in another region. Clearly this alone should not flag accounts as suspicious.
I’m hopeful there can be a future where we can trust first (and then verify) rather than assume bad actors are pounding on the door at all times. I’m hopeful that businesses take a stance that accepting 10 bad customers is worth keeping 1 good customer.
And I’m hopeful today that I might get my Cash App account back sometime, because I really did think this fintech startup has something useful to offer during my travels.
Stay tuned for next piece covering my saga trying to run an eBay business from abroad.
2021-08-13: As of the writing of this piece, my Cash App account remains banned. I’ve reached out to Cash App several times by email and have not received any response whatsoever. I will update if the situation changes.
2021-08-27: And….. it’s back! How did I get my Cash App account unbanned? I’m not exactly sure. After writing this article, many people commented to me that I had clearly broken the terms of service and should be banned. To my dismay I found hundreds, maybe thousands of online reports about people losing Cash App accounts for unclear reasons and never getting a clear response from customer service.
Cash App support confirms: A violation of the terms of service has closed the account.
But this seemed all to random and automated. I’ve been using this account in the same way for years. I know without a doubt that all my personal information is in order and I’ve not transacted with anyone that I think is shady. So, as they say, never give up!
If a customer support team at a bank, or bank-like business is still talking to you, the security team probably hasn’t interjected on your account and you’re more likely in a gray zone. That leaves an opportunity to plead your case (as politely and professionally as you can) and see if you can recruit their help.
Support never replied to explain the ban or even to say that they’d un-banned my account. But something seemed a little different when I opened Cash App this morning. I didn’t see the usual warning! So I gave something a try, and SUCCESS:
In some shock, I added some more cash, and it worked! Then I bought $1 worth of bitcoin, and then $1 worth of Tesla. All successful.
So the truth is, I don’t know why they un-banned the account or even if they intended to, since there was never any formal response. However, it pays to ask customer service to take a closer look, even if the first interactions seem unlikely to produce a result. Be kind, don’t accuse or insult, and your chances are good that Cash App will check again to see if your account can be opened again.
Read ToS
Only allowed to use CashApp in your home country
That’s not what the ToS says though. It says you must be a “Resident” – which means: “a person who lives somewhere permanently or on a long-term basis”. Under your idea, if you went on vacation to Mexico and opened CashApp, you should be banned.
Not should, but yes likely would.
Soon as the CA AI figures out you are overseas.
Not deterministically certain, but probabilistically, pretty quickly.
There aren’t really that many firm rules with CashApp account closures, the AI is constantly evolving.
Visit the Reddit sub r/CashApp and just read the threads there for hundreds of examples.
https://www.reddit.com/r/CashApp
Pretty silly to rely on it for anything serious.
This thread: https://www.reddit.com/r/CashApp/comments/p43eap/account_suddenly_closed_right_after_a_299_refund
I got banned too, the same way. Can you tell me how to open my account again?