90 incidents on record · 2026 Headlights Incident reports by Ellie Harris · Melbourne
10 new this week Library last updated 13 July 2026
← The incident library
HD-INC-084
Financial services · United States · 2021 · Unexplained algorithmic credit decisions

Apple Card reportedly offered a man twenty times his wife's credit limit, claims of gender bias went viral, and New York's regulator found no unlawful discrimination but criticised the lack of transparency

By Ellie Harris · Filed Allegations surfaced November 2019

Alleged: Goldman Sachs Bank USA (Apple Card issuer); Apple Inc. developed or deployed the AI system implicated in this incident. Details are drawn from public reports; parties are presumed innocent of any wrongdoing not established by an official finding.

Apple Card reportedly offered a man twenty times his wife's credit limit, claims of gender bias went viral, and New York's regulator found no unlawful discrimination but criticised the lack of transparency

What happened

It was reported that in November 2019 the software developer David Heinemeier Hansson wrote that Apple Card had offered him roughly twenty times the credit limit it offered his wife, even though the couple filed jointly and she had the higher credit score. The post spread quickly, and Apple’s co-founder Steve Wozniak added that he had seen a similar gap of about ten times between his own limit and his wife’s. The card was a Goldman Sachs product, underwritten by the bank, and the accounts of customers and even of Apple staff, who reportedly could not explain the individual decisions when asked, turned a pair of tweets into a public question about whether the algorithm behind the card discriminated against women.

The New York State Department of Financial Services opened an investigation into Goldman Sachs Bank USA. Its report, released on 23 March 2021, described a review of several thousand pages of records, interviews with the bank, Apple and applicants, and an analysis of underwriting data for about 400,000 New York applicants. The Department concluded that it had found no evidence of unlawful discrimination under fair lending law, and that applications from women and men with similar credit characteristics generally received similar outcomes; the disparities individual couples had seen were traceable to lawful factors such as individual rather than joint credit histories, credit scores, debt and income. But the Department did not treat the matter as harmless. It found that deficiencies in customer service and a lack of transparency had undermined trust in the fairness of the card’s decisions, and it noted the broader difficulty that when a decision cannot be explained, a consumer has no way to tell a lawful outcome from an unlawful one. Goldman and Apple went on to let denied applicants seek help improving their credit, to allow earlier appeals of credit terms, and, later, to add the joint-account option whose absence had shaped the original complaints. The finding, in short, was not that the card was biased. It was that no one had been able to show, at the moment it mattered, that it was not.

What an auditable version would have shown

The question the Department set out to answer, whether outcomes for similar applicants were similar across protected groups, is an aggregate measurement. Its investigation reconstructed that measurement from about four hundred thousand applications over more than a year. An auditable version computes the same measurement continuously and signs it, so the distribution of credit limits by relevant applicant characteristics is a figure the bank, a regulator or a board can inspect at any time, rather than one assembled after the fact. Alongside it, each individual decision would carry a record of the factors that drove it, the kind the customer-service representative could not produce when a cardholder asked why a spouse with a better score received a lower limit. With both, a claim of bias can be met with a checkable answer, and a disparity explained by joint-versus-individual credit history can be told apart from one that is not.

Where the gap was

An automated system set decisions that affected people’s finances, and when those decisions were challenged, neither the customer, the front-line staff nor the public could see the basis for them or verify that the pattern of outcomes was fair. A MetricRecord makes the aggregate behaviour of the model, outcome rates across applicant groups, bound by a chain root hash to the underlying decisions, a signed figure a regulator or board can check, which is precisely the evaluation the Department had to build from scratch. A ConductRecord ties each credit decision to the factors that produced it, so that the reason a particular limit was set is retrievable and explainable at the counter, rather than absent when a cardholder or a representative goes looking for it.

What governance should have looked like

The Department cleared the card, but reached that finding by reconstructing, from hundreds of thousands of applications, evidence the bank did not have ready to hand. In the interval between the viral claim and the finding, the card had no quick way to answer the accusation, because the basis of its decisions was not available in a form a customer, a representative or the public could check. Where an algorithm sets terms that affect people, explainability and verifiable aggregate fairness are what let a claim of bias be answered with a record rather than a reassurance. Best practice would be for an institution running automated decisions about people to be able to demonstrate, on demand and from signed records, both why any single decision was made and how outcomes are distributed across protected groups, so that the fairness of the system can be shown rather than taken on faith or reconstructed later.

Failure Pattern: an algorithm set credit limits that neither customers nor front-line staff could explain, so a fairness question could not be answered from any record and had to be reconstructed by a regulator.

Governance Principle: an automated decision that affects people must be explainable from signed records, and its aggregate outcomes verifiable, so fairness can be demonstrated on demand rather than presumed or denied.

The reference implementation of MetricRecord and ConductRecord is open source. It lives at github.com/saffronandindia/headlights-oss, Apache 2.0 licensed and free to install. The repository is public now.

Sources

The mailing list

Fresh incident reports every week. One email to match.

We add new incidents to the library regularly, and send a single short email each week with what's new. The library stays free and open; this is just how you keep up with it.

No tracking. Unsubscribe in one click.

The record

An auditable system would have produced a signed, tamper-evident record the moment this happened: what the system did, the version that did it, the basis it acted on, and the action taken, and Goldman Sachs Bank USA (Apple Card issuer); Apple Inc. could have produced it on demand.

This is the record the system as deployed did not produce in a signed, auditable form.

What this teaches
Capture what happened when it happens
What the system did, the version that did it, the basis it acted on, and the action taken, recorded at the moment, not reconstructed after.
Sign it, so no one has to trust the record-keeper
A tamper-evident entry. Edit it later and the signature breaks. The record does not ask for the benefit of the doubt.
Make it verifiable by anyone
A court, a regulator, a customer's lawyer can check the record themselves, without taking the company, or us, at our word.

Headlights summarises publicly reported AI incidents. All summaries are independently written, attributed to their original sources, and intended for research and educational purposes. Allegations are identified as such until established through official findings.

Last reviewed June 2026. This report is based on the sources listed above and reflects information available at the time of review; later developments may not be captured. Where a person is described as charged with or alleged to have done something, that allegation is unproven unless a conviction or a court or regulatory finding is stated. Headlights publishes journalism and commentary, not legal advice.

Want to write back?

Direct to my inbox.

ellie@useheadlights.com →