Welcome to Cash in the Cyber Sheets. I'm your host, James Bowers, and together we'll work with business leaders and industry experts to dive into the misunderstood business of cybersecurity and compliance to learn how to start making money from being secure and compliant. Welcome to Cash in the Cyber Sheets.
Hey everyone, welcome back to Cash in the Cyber Sheets. I'm your host, James Bowers, Chief Security and Compliance Architect here at Input Output. As always, I'm very excited to have you back here with us. So, you may have noticed that a few systems, a few computers here and there had a little bit of an issue last Friday, yeah, the 19th.
A few computers had a little bit of a problem. I think at one point someone said it was up to a billion systems affected over the world. Talking about the Microsoft CrowdStrike issue, a little bit of an issue with Microsoft Azure, but I think the brunt of it is really on CrowdStrike and it comes down to a really bad update that was pushed out.
But it, man, it took things sideways. Airports were offline, 911 locations, a lot of municipalities were offline, not to mention businesses everywhere. All kinds of devices, just absolute mayhem.
And it's incredible, it's just, it's incredible how it happened. But I really, I wanted to devote an entire show, we've got actually Brian coming up again, I think this week, to actually talk just about this. But with that said, the past week has been absolutely bonkers, taking care of clients, helping to get things sorted, but just wow, what an incredible mess with CrowdStrike right on the heels of all the other data breaches and everything else going on, just absolutely incredible.
I cannot imagine the amount of Tums and Pepto Bismol that their IT department software development QA is having over at CrowdStrike. Just what a horrendous phone call to get. I shudder.
This is why I'm more on the planning side now, because I don't want those calls. But we help with incident response and such, so we get those calls. But man, what an absolute, what an absolute mess.
This week, I do have a few things to talk about. I didn't get to put a whole show together, like I said, because of the CrowdStrike thing going on, but I did get together with Brian. Like always, we got right into the conversation as soon as we connected.
Didn't even have time to do an introduction, so it's a little bit of a trip over. And we're going to come right into him talking about nano ledgers, encryption keys, kind of single points of failure. And then a little bit about the credit system, how that's set up.
And then finally some good things about DoorDash. So a little bit all over the place with the talk with Brian, but it actually all kind of fits together. So I'm going to get into that in just a second.
I've always got to remind you, I've always got to ask. Don't forget to jump over to Apple Podcasts, Spotify, wherever you're listening to us at. YouTube, click that subscribe button, send us some comments, let me know what you want to hear about.
Happy to put together shows specifically for you, and we'll even give you a shout out. So I'm going to go ahead and jump into it. We're coming actually right, like I said, right in the middle of the conversation with Brian.
But I was going to edit it all out, but it's actually not so bad. It really fits with some of the stuff we've talked about with the nano keys. So no more ado, getting right into it, caching the cyber sheets here with Brian.
Here we go. Short version is the issue that I had had with the nano ledger is I purchased some Bitcoin. I wanted to be able to store it in the most secure way, which at the time seemed to be a cold storage wallet, which is essentially a USB that it goes on.
So I bought the nano ledger, I got it all configured, got my, I guess technically the Bitcoin isn't on it, but the key to access it is on it. And then I put it, I want to say in a safe. By safe, I mean to put it in like the desk drawer.
Years later, literally a few years later, I was like, oh, Bitcoin skyrocketed. Let me see what I have. I don't remember what I bought.
Let me take a look at it. Only to discover that multiple updates had gone out for the nano ledger firmware updates. Apparently there was a pivotal update where if you hadn't updated by this time, you are no longer able to update your nano ledger.
Sounds like a catastrophic fail. Ultimately, it wasn't. They were pretty good about it.
I got to give the company credit when I reached out to them. As you can imagine, I was pretty fuming that I no longer had access to my Bitcoin. They sent me out two brand new nano ledgers for free with the updated firmware, obviously, and then with instructions on how to basically back up.
As long as you have the mnemonic, I don't know how you pronounce it, but as long as you have that, you essentially still have access to the Bitcoin key. So I was able to get access to the Bitcoin. But it got me thinking, kind of like with the YubiKey, what a huge potential fail.
If it's something that you don't... So like with the Bitcoin, with the nano ledger, you shouldn't have... I get it, right? Well, you should be staying up to speed with updates. Not everybody's in the tech world. Not everybody wants to constantly be plugging this in and updating.
So introducing Brian Barnhart from Infiltration Labs. We've had you before. We started recording kind of in the middle of our conversation about the YubiKeys and the authenticators and the problems.
And I agree 100% with you on there that it creates like this almost shadow single point of failure that a lot of people don't consider. And I don't think it's appropriate that with some of these solutions, you have to keep updating it. Yeah.
Because every time I do an update, I'm also rolling the dice, even if it's a very small chance that it's going to break it or that something's going to hiccup or that it does something to mess with the certificate or the key and now it doesn't work at all. And we've talked about it before. I think you're trying to get away from having to monitor so many different things and create checklists.
Okay, did I update my ledger? Did I update this? Did I swap this out? I mean, I'm in the compliance space, but... Yeah. But you want to be able to have a break glass kind of thing, right? With the ledger and with the YubiKey, I imagine in the same fashion, I'd like to know that I could have a break glass account with a YubiKey and have that sitting in a safe somewhere that if the wheels come off the wagon, I can access it and then get into that account, right? Kind of like with the ledger. I don't want to have to constantly be keeping up to speed with it.
I'd like to put it in a safe deposit box or in a safe and then when the Bitcoin hits a million dollars a coin, be able to go pull that out, log in, and voila. But to have to constantly be concerned with, shoot, is it no good? Is it bricked? Because I didn't update it, you know, every three months that they put an update out? Interesting you say that, because that's what's turned me into a little bit of a fanboy with the YubiKey. The ability to actually create a break glass and also, I say technically duplicated.
Or actually, maybe it would be logically duplicated because you can't really duplicate a YubiKey, but you can duplicate the functionality. So essentially, you could have 50 of them. So if one breaks, I've got another one.
So that's definitely a cool thing. And with a lot of platforms, you can do multiple YubiKeys. But you had the problem before to where it's really cool that you can just plug the thing in and sign in to Mac, sign in to Windows when it works.
Yeah, yeah. But then you had that issue where you plugged it in and it didn't work. And, you know, what happened there? How were you able to get into the system or, you know, what exactly is the issue? So I don't, I mean, keep in mind, this is going back a bunch of years ago.
So hopefully all that's been resolved since then, but essentially it went from working to not working. If I remember correctly, when I Googled it, it was, and I'm just ad-libbing here, I think this is what it was, is once upon a time, you could plug in the USB and it would pass along the information. And then I think whatever the update was, it no longer would allow the YubiKey to pass along, which doesn't make sense to me, right? Because technically you could plug in an external keyboard and type.
So I honestly don't remember what the issue was. I just know that it didn't work. My saving grace was that it was simply a static password, right, static text in slot one.
So I was able to just, you know, put it into another computer essentially, text, and then just painstakingly type that long string of characters with the addition of the password part that I, because that's what I was doing, right? Because I had, you know, my eight character password, we'll call it, and then the YubiKey. That would basically- Basically a two keys. You turn your key on that side, I turn this key on this side, and it creates the whole password and gets you in there.
Exactly, exactly. Well, so that was the fix, is I just had to like manually type it in and then change the password. And when I had Googled it, it was, yeah, this is a new issue.
So I just scrapped it altogether. So I'm definitely not one for having like the single point of failure, because yeah, even the YubiKeys, any device out there, it can fail. And now I think you can actually, I think before, like you were using it, you could just use it for the password and it would kick it out when you tapped it.
Now I think it can actually, I believe it throws a passkey on the device or some other way is looking for the actual key itself to log you in. So you pop that in and it's basically, oh, okay, you have the key, you can get in. And I think you can even on Windows set it up with a pin as well.
So that way somebody can just walk in. Not just with YubiKey, but I've had issues where signing in with my primary Microsoft 365 account even hiccupped and then I couldn't get into my device. So I think always having that kind of break glass local administrator account is always a good thing.
So if one of the authenticators goes sideways, all right, I can still get in, I can fix it. But I think even now with it, and this is a discussion on end user devices, it's not that, I don't think it's that big of a deal if you're using Google Suite, Microsoft 365, because your computer is basically a glorified browser and application processor. It's not, everything's not stored on there.
So if I have to wipe it, I can just connect. I can connect another way or just re-flash the computer. It would definitely suck if I do it for my server or for Azure AD to get in there.
I think I should ring a bell there. That was the end of that thought. But definitely a cool thing to where, I think it's neat to where you can use the key for people to just plug in.
They don't want to do all their passwords. They don't want to do all kinds of stuff. Great, just plug this in, keep it on your actual key chain.
That way when you walk away, device locks. You can't get into it until you're sitting back at it. So that's a seesaw.
There's definitely ways around it. How serious is it to get around those? I think there's steps you can take, but it is pretty cool being able to use that, and there's even other solutions out there. I don't think it was, I think it was one of our IT partners showing me, but it essentially used an NFC that managed all the user accounts.
So I could tie multiple NFC tokens to the same computer. So like at a doctor's office, multiple people could just click right into it and they don't have to have all the different accounts, which most doctor's offices don't do, and most of them just leave the computer open always. So cool things with the keys, but definitely there's the bad side of it.
You don't want to set it up to where it's the only way in because they can break too. But like in our primary accounts, our big ones, when you set one up, you just set another up. So if one of them breaks, you've got to back up.
That leads me to, I started dinking around with Yubico Authenticator, and I guess to preface it, the biggest problem I've had that I hadn't been able to find a solution for before without doing just like a break glass account that was open is all of the authenticators on my phone, that's really the only place that they're at. And you can export those to another device. In theory.
In theory. 50% of the time it works for 50% of the ones that you're trying to export. And it's not that the other 50% of the time they all work, it's the other 50% of the time none of them work.
Yeah. So if I lose my phone, if there's not a backup admin or somebody that can get me in there right then and there, I'm SOL. Yeah.
I've lost everything, and that's a serious single point of failure. The Yubico Authenticator lets me create those OTPs, but I can clone it to multiple devices. So I'm actually going to share it with you here because this might get you back into using the Yubico.
Okay. There we go. We've had this discussion before, right? Remember about technology is awesome, and it's super convenient when it works, but when it doesn't, it tends to be catastrophic.
I don't know. How catastrophic is it sometimes, or are we just relying on it, and it seems catastrophic? I don't know. That's a philosophical thing.
So here's the Yubico Authenticator. Nothing here. There's not a key present.
I haven't plugged anything in. I can install this. Obviously, it's on my system here, but I could install this on your computer.
I can install this on my Mac, my Windows, my mobile devices. I could install this on 1,000 different systems, and there's no access until I put in the key. So let me get the key put in here.
Can I do it without looking? There we go. Bam. So now it sees my key, and I can do all kinds of things in here, but with the accounts, now if I open this up, I've got those protected with a password, which isn't the default, but now with the password, I've got all of my OTP codes right in here, and what's cool is I can't duplicate the YubiKey.
I'm just going to get these. Let me just stop sharing. There we go.
Why would you want to do that? I'll start actually throwing all the codes up. You know what? Notepad's good for that. Yeah.
But I've got all the OTPs on here. I can even code it to where when I go to say, okay, give me my code for Microsoft. I actually have to touch the device again, so it does the presence challenge, and then it gives me the six-digit code.
I can't duplicate the key, but if when I'm setting it up, I do another one, or if I save the QR code, the secret key for the authenticator, I can clone that to thousands of keys, so I've got a complete backup of all of these OTP codes. I lose one of the keys, doesn't matter. I've got another one.
Both of those break out, something in the safe, just in case. That's kind of the break glass. What's also really cool with it is if I'm, say, an IT company, an MSP, and some of the accounts, we've only got one account for this customer.
It's got an OTP on there. We're going to provide it to one of the people, and we just have to reach out to them to get in. This way, I could give everybody a YubiKey, and they could each have the same authenticator.
I could give that to as many people that would need access to it, and yeah, you can put some of that stuff in like Bitdefender, Bitwarden, or Keeper Security, or some of the other password managers, but I just don't like doing that because we've helped companies that had their password manager compromised. If you have all of your OTP codes in there, that kind of defeats the purpose. It's both the keys in the same spot, so this is a really cool way.
I've been using this and getting a lot of accounts transferred over to it to, like I said, actually create a backup of the OTPs, of those authenticator codes, and also be able to share that, if you want to, with however many other people you want to. You can also do the pass keys and other stuff on there, but yeah, the authenticator is very cool, so if I'm at my computer, I can use it. If I'm on my phone, I can do the NFC.
I can still use it. Very, very cool. The only, it's not a, I don't think it's a gotcha, the drawback is I can do 32 OTP accounts per YubiKey device.
It won't support any others. I imagine that's just a memory allocation issue. You know, how many secret codes they can store, how much they set aside for that, but very, very, very cool, and we use, I use the FIPS version for the extra security.
Honestly, the non-FIPS is, one, it's cheaper, but two, it also comes out with a lot of the new updates and new capabilities far before the FIPS ever does, does it? I gotta look into it. Like I said, I've got, it was in the late teens when I bought my first YubiKey, I'm pretty sure, so it's been some time since I've played with it. Yeah, we've had them for a while, and like I said, I used it for some of our more critical accounts as the actual second form two-factor, but now with the Authenticator, I don't have to worry about losing the phone and having a backup.
So just really, really cool. I've been playing with that and showing a lot of our IT partners, they've been adopting it. Oh, so I just looked it up, sorry.
I just looked it up. I actually didn't realize it was this long ago. My first YubiKey, first YubiKey purchase was in 2012.
That was... It really shows your age when 13 years go by. You're like, I don't know how long that was. Yeah, it was a couple of years ago.
Yeah, a couple of years, a few months, I don't know, maybe it was last week. What you should do is get pictures from those times and put pictures with all those different things so when you go back and you look it up, you can see what you look like and just really kind of jab that knife in the side. Yeah, see how technology has aged me, yes.
Yeah, it's technology and the dryer is against me. Yeah, look at this young guy, he didn't play on computers. Here he is a year after working on computers.
20 years old. Of actually being in IT. Well, I think that actually, I think, goes into the last topic.
So we were talking before, talked in some of the previous podcast about the CDK breach, which affected around 50% of the dealerships in the US. So major, major issue. Some of them completely shut down because they didn't have good continuity plans and which is really why you should reach out to somebody like Brian.
But it impacted a lot of people and now there's the AT&T breach. It's not a new breach. It's been going on since 2022.
They discovered it in April. They let us know now. And there's also a lot of people haven't heard of Evolve Financial.
And Evolve is actually the backbone to a lot of other financial institutions. So they manage, well, they manage a lot of the transactions for the financial institutions. So millions upon millions of records for the past few months are out there again.
And it got me thinking with, so CDK, not CDK, some of the other ones they're putting out there, okay, we're gonna get you credit monitoring. But have we gotten to a point to where, I don't wanna say the credit agencies and maybe that they knowingly did this, I'm not trying to libel anybody, but are we now at a situation to where the quote unquote problem, all of our data getting out there, all of the identity theft is because of the system that we set up and the same system that's set up that way that's profiting off of it also happens to sell the solution to it in the credit monitoring. And the big businesses, the financial institutions, all of those companies are profiting and using all of that marketing data.
Basically, they wanna have all that data to be able to market, to know who to sell what to, where the people that wanna buy their stuff is at and I'm not against that. If there's stuff I wanna buy, I want the people selling it to be able to find me so I can buy it. But all of these problems are now coming down on the smaller businesses and then all the way to the consumer that we're having to pay the price for it.
So we're shelling out all this money, small businesses are shelling out all this money and having to do all these compliance jumps just to support the ability for these major companies to be able to market. I've got so many comments, I don't even know where to start. I figured it would like.
I get really passionate with this. So I'm gonna try to monitor. I'm gonna throw this in too.
I just wanna throw this in too. I don't wanna interrupt you, but looking at an FTC do not call complaint issue with a client and really, really digging into it, it actually does give a private right of action. Somebody calls me in violation of do not call, I put my number on there, they violated the rules, I can sue them for $500.
I can go to an attorney that deals with this stuff specifically. We should talk offline about that. Yeah, but the FTC can impose roughly $51,500 fine for every single call.
So are the regulations really supporting and protecting the people that they're saying that they're doing or is it just creating more and more financial revenue streams for regulators and the credit agencies and all of the others that develop a system that created the problem? Okay. Yeah, the short answer is yes. To answer your question, my opinion is yes.
I feel like the large corporate, and I'm not anti-capitalism, so don't misinterpret this, but it's all the large corporations. They're the house, right? They're like the casino, right? They're the house. They always wait, right? The financial institutions, the banks, right? The big credit card companies, they never take the loss, right? They make up the rules.
They divvy out the fines. It either rolls down to the merchants or it rolls down to the consumer, right? But ultimately, they don't lose. And to piggyback off of what you said previously, and they are in the best position that, I mean, let's be honest, with the major credit card companies, they also offer credit monitoring.
So there is, again, this is just my personal opinion, it seems like there is zero incentive for them to thwart fraud, right? Because they're still getting their dime, right? They're still getting their piece from transactions, plus they get to penalize the merchant if there's a breach, right? So I mean, ultimately, and again, this is just my personal opinion, it seems like there is no incentive for them to stop fraud, which is why we're not gonna see an end. I mean, so let's jump back to what year was it? Was it 20, what year was EMV supposed to be implemented? The chip and pin. So now we got all of these cards, and I'm sure we see it in our percentage, right? I'm sure that the credit card companies didn't implement these new physical cards at a cost to themselves, but it was all for naught, right? The chip and pin, when have you ever typed in a pin to authenticate your card? You don't, right? You just insert your credit card and it's done, right? And the humorous thing is, if you buy a chip reader, it contains more data points than the magnetic stripe did.
So we just widened, I'm sure some credit card person will come on and argue this out with me, but ultimately it changed nothing. It changed absolutely nothing, right? Going from the mag swipe to the chip did nothing. You still don't have to verify in any way.
You just slide the card in and you're done. And even if it does, because there's definitely, I think that you can see data as far as if it's a swipe, if it's a type in, if it's a chip, how much of those are fraud or chargebacks and a smaller percentage on the chips. Not enough for them to avoid making the money on everything else, because like you said, they just charge it back to the business in most cases.
So they're still getting their revenue stream. They charge it back to the business or me as a consumer. Now I need to try to, or I need to go through the hassle of getting that fixed.
And okay, so you created this credit system so that you can sell to me and you can basically put me into debt to make a lot of money off the debt. Okay, fair enough. I get my house, that's a good agreement.
But now if I don't want to get screwed over for the system that's supporting your financial interest, I need to pay a monthly subscription fee just to be able to monitor everything because a lot of credit card companies now offer the, hey, here's your credit report, here's some changes, but it's not the whole thing. If you want the full credit report, well, it's only this much money a month, from 14.95 all the way up to 50. And is it Experian or Equifax? TransUnion, and I think it's TransUnion and Equifax allow you to lock your credit.
No cost, you can lock the credit. Experian, I believe, charges you for that. So hey, if you don't want to keep it open, you got to pay us a monthly fee.
Or you can write in and have it fully locked down. But then it's this complete arduous process to unlock it. I don't know, I wanted to bring that up and get your thoughts on there.
But it's just with more and more of the regulations, I don't know, it's not helping because with the, I don't know if it, we talked about it, but the FinCEN, Beneficial Ownership Information. Well, all right, now I've got to give all of my information to that registry, driver's license, everything, which because of Know Your Customer laws, Evolve had all of that, and now that's everywhere. Yeah, I'm waiting the last minute to submit that.
I just got my notice last month. I'm in the same boat. So now I'm going to put it all in this other database that is most definitely, absolutely 100% going to be secure.
Yeah. Okay. And it's supposed to stop the financial crimes, but it doesn't even apply to businesses over $5 million a year in gross revenue.
It doesn't apply to nonprofits. It doesn't apply to companies directly supporting the nonprofits, which either way are some of the biggest money laundering type of structures that there are out there. It's security theater.
It's security theater. It's all smoke and mirrors. It's security theater.
It looks good. It sounds good, but everybody knows that it's not really doing anything. Here's how we can charge you all this extra money.
Yeah. We've just created all these new revenue streams and fines, and we're going to keep you protected. No, you're not.
Just like with the FTC Do Not Call and with the campaign registry. Well, this is going to help reduce texting and unwanted calls. The hell it is.
I'm getting about like 50 texts a day from all types of political campaigns, which, hey, those are exempt. It doesn't stop any of those. It doesn't stop if I'm trying to scam somebody, any of those.
All it does is create more steps that a business has to go through, and if they misstep, they're going to get nailed in multiple fines. $51,000 per phone call, and the consumer gets $500. And is that protecting? In no way does that make any sense whatsoever.
And if I'm a business that wants to make calls to all 50 states, I believe it costs like $22,000 a year to be able to get the Do Not Call list for all the states, for everywhere. So it's turning into a thing to where this margin needs to be so massive to be able to support all of these, all of the risks, the missteps that are absolutely eventually going to happen, to be able to support that, that only large companies can. And it's just creating this environment that small companies can't even manage or compete in.
And as a consumer, just like we've talked about with the tech, I think we're going the other way, that now it's just more of a headache. So now every week I've got to check my credit. Now I need to also monitor my title on my house.
And I need to pay all these extra subscription fees. Just, you know what? I don't want any credit. I don't want to do anything.
I'll just do all cash. Well, now you can't do that. And if you put in too much into the bank, you're suspicious.
It's amazing. There's a lot of places that just won't even take cash, which blows my mind, right? I mean, I don't know. I should probably know this, but I thought you had to accept whatever the national currency was, right? Whatever the, what's that word I'm looking for? There's a word there.
That's funny that you bring that up. I was just trying to find definitive documentation that can I say, no, I don't want to accept cash. Because even right on it, it says this is- Legal Tinder.
All Legal Tinder for all debts. Let me find a legal bill that shows up on camera so I look like our company's actually doing well. Yeah, look at that.
Wow, look at that. Yeah. Holy moly.
This is what we made this month. I'm very proud of it. I think I'm going to put it in a frame.
This note is Legal Tinder for all debts, public and private. So, I mean, I shouldn't be able to use that anywhere. But like you said, a lot of places don't take it.
And if a business takes a lot of cash and they go to deposit it, they have to pay money on the amount of cash that they're depositing. Because the financial institution says that, well, you know, we've got to process it. We've got to count it.
We've got to secure it. We've got to store it. I mean, that's, I thought that was the agreement that like we'll do loans and we'll go into debt with you and you'll hold our money to use for mortgages and everything else.
And you seem to be like double, triple and quadruple dipping. I seem to remember years ago where it was, who was it? I don't know if it was the bank. But basically they wanted you to opt into paperless billing because it was more efficient and cheaper, right? You'd get like a discount, right? Because now it's paperless.
We don't have to mail it out. However, now it looks like we get convenience fees on all of these things, right? Now there's the $1, $2, whatever it is for a convenience fee. Oh, yeah, for the processing.
It's like, it's like the ticket master. I thought this was to make life easier. Yeah, like you just eliminated jobs and we're still paying for it.
Hey, I want to buy this ticket online. Okay, well, here's the convenience fee for that. You know what? F that.
I'll just go ahead and pay and pick it up at the booth. Oh, okay. Well, here's the onsite processing fee.
Yeah. Why don't you just put it in your price? Stop being like hotels that say like, it's only like $50 per night. And then by the end of it, it's like $360, $500 because of resort fees and service fees.
So I don't, you just said resort fees. I don't know if this is a new thing, but this is semi new here is I'm in plantation. And we noticed that there's a couple of restaurants that now have a, an entertain, I think it's called an entertainment fee.
It's something along those lines. It's small, but it's like, what? What? Explain this to me. What is this? There was an explanation.
I just don't remember what it is off the, but when you said that, it made me think of it. Then I'm like, oh my God. So now we're paying acts.
I don't know. In some places they automatically add the gratuity, which is a whole nother thing, right? Like I like to over tip, but it pains me that when you go to get takeout, that sometimes like, right, you've got the electronic board, right? And your options are, and this is where I was going with this is when I was a kid, I think the standard was 10%. And if you had really good service, it was 15%.
And over the years there's been scope creep on that, right? So where did we go? We were at a hotel recently and the starting percentage was 22%. And then it worked its way up to 30. I'm like, this is, this is insane.
Like, I just don't like, like I said, my wife and I, we'd love to over tip. I think it just made, right? Maybe that's our virtue signaling. It makes us feel good.
But I don't wanna be forced into it. I don't wanna be, we just, we just jumped from breaches to tip percentages. This is amazing.
Yeah. Screw it all. Everything's against us.
And also the kids today, you know what? We're kind of hitting the time, but I'm there with you with the tips. It absolutely bugs me. And we tip a lot.
We over tip as well, especially if we get good service. I wanna take care of them. Yeah.
But on the other side, if I didn't get good service, I've not given tips before. Like your service was so bad that I'm not paying you for it. That's the tip.
That's what that is. It's an agreement. Hey, you write really good service.
Be nice. Be nicer. You make this an enjoyable experience.
And for that, I'll give you money for it. You make this a crappy experience. I'm not paying for that.
Along those same lines, that's why I stopped using, yeah. Along those same lines, I stopped using DoorDash entirely. They screwed me.
Talk about double dipping. Way, way too many times. Yeah.
Yes, talking about double dipping. So what would pain me is, you're paying a service. First off, they're marking up the food prices.
You're paying a service fee. There's some other bullshit fee that's on there, usually. And then I, you know.
Transportation fee. Yeah, transportation fee, is that what it is? And then I'm tipping. What would make me mad is when, so you're paying all of this prior to the delivery.
And then I get, not by fault of the restaurant, but by the driver, right? So DoorDash created, I don't know if you use DoorDash, but apparently they implemented this new thing where if you want your food to come directly to you, you can pay an additional fee. I think it's like $3 more, $5 more, whatever it is, for express delivery. Now, it's not express, other than the fact that now they're not able to stack orders.
If you don't pay this fee, at least where I'm at, normally what happens is I'll see my driver pick up my food, and then I see them go to another restaurant to pick up somebody else's delivery, and sometimes they're waiting there for their food. So this is what brought it to a head, is this exact thing happened twice. Their ice is all melted.
In less than a week's time, where I ordered food, I literally am watching the driver sit in the same spot. So I'm, right, they don't reach out to me, so I'm chatting with support, right? And anyhow, now I'm just going down the bitch. My issue is you're paying the tip.
I'm tipping them well, hoping that I'm going to get good service, and then I get 180 degrees off of good service. And I'm like, well, now I want that thing tipped back. It almost kind of feels like, are you going to give a good tip? How good of service do you want? But that's the issue.
I'm thinking that I'm stacking the cards in my favor by giving a good tip, and it's almost like, oh, well, now the tip's there. F him, right? You can't take it back, right? You can't bring it back at that point. I really like the visual that it creates of you ordering the food and watching on the app.
You're just watching where that car's at. He's at another restaurant. I mean, were you actually on your patio rocking in a chair, like just yelling at kids going by while watching this? And- I was out front kicking my trash can and neighbor's trash can, yelling, I don't know, curse words.
Pulled something in my back. What made me crazier, the first time it happened, the food, after an hour, I log in to see what's going on. It says the driver's waiting for your food.
The map shows them sitting in a residential area. And I'm like, they're home. They're at home.
Ultimately, here's what I figured out what happened. They went to get my food. The food must've been backed up.
They decided, we're just gonna go home. Screw it, we'll go home. If they can't, my guess is, if they cancel the order, they probably get digged.
If we cancel it, it's not a ding on the driver. So I'm watching. And of course, DoorDash support, they're like, oh, we can't get a hold of the driver.
I'm like, you can't get a hold of the driver because they went home and they want me to cancel the order so it doesn't penalize them. I'm like, can you see the map? They're like, no, sir. I'm like, look at the map.
I'm like, they are sitting at home. It's a residential, they're sitting at home. They're done.
Nobody's waiting to pick up my food. It's been an hour and 45 minutes. They're like, would you like us to place the order again? I'm like, no, no.
It's been an hour and 45 minutes for Chipotle. Okay, so I'm gonna go ahead and cut it there. The conversation definitely takes some different turns here going on.
And I don't know, maybe we'll create a bloopers reel one day. But that is all the time that we have for today. Thank you very much for listening to Cash in the Cyber Sheets.
Please don't forget, hit those subscribe buttons, leave some reviews, some comments, tell your friends, tell everybody about us, and come back and see us next week. If there's anything you wanna hear about, just let us know. But thank you again for listening to Cash in the Cyber Sheets.
We'll see you next Thursday at 10 a.m. Thanks for listening.
