[HN Gopher] On the trail of my identity thief
___________________________________________________________________
On the trail of my identity thief
Author : signa11
Score : 104 points
Date : 2024-05-20 03:48 UTC (1 days ago)
(HTM) web link (www.msn.com)
(TXT) w3m dump (www.msn.com)
| mrslave wrote:
| Article on original site that incidentally includes a lot less
| JavaScript
|
| https://www.bostonglobe.com/2024/05/15/magazine/on-the-trail...
| yumraj wrote:
| Perhaps @dang can replace the URL with this one.
| ggm wrote:
| The article also made PGN's "risk" list, which can throw up
| interesting discussion on a longer baseline.
| teeray wrote:
| Charming how the bank just skates through this whole thing with a
| little halo over its head. They should be liable for their own
| failure to authenticate the customer. Immediately restore the
| $5k, then _they_ chase after the thief.
| doix wrote:
| This is what I don't understand when it comes to identify
| theft. Why is it the customers problem and not the companies?
| washadjeffmad wrote:
| I've always agreed with David Mitchell's take:
|
| https://www.theguardian.com/commentisfree/2018/nov/25/identi.
| ..
| stevekemp wrote:
| And here's the sketch referenced in the article:
|
| https://www.youtube.com/watch?v=CS9ptA3Ya9E
| BLKNSLVR wrote:
| This should be the first comment on any "identity theft"
| story to change the onus of proof narrative amongst the
| populous.
| namdnay wrote:
| the term itself "identity theft" is part of the propaganda -
| instead of calling it "bank fraud" suddenly it's my problem
| because my identity has been stolen? no it hasn't, I'm still
| me. it's not my problem a bank got scammed by someone
| pretending to be me
| ako wrote:
| Identity theft framing helps customers understand they have
| a responsibility in using these systems in a secure way. If
| you call it bank fraud, customers don't see their part in
| the responsibility, and become careless, increasing the
| chance of bank fraud,
| notnaut wrote:
| And by calling it identity theft instead of bank fraud,
| the reverse effect is had on the common perception of who
| has responsibility when dealing with an incident. You can
| have your """identity stolen""" at a bank without an
| ounce of carelessness on your end.
| mingus88 wrote:
| That doesn't scan for me. We call it car theft and
| thousands of cars are stolen every day that are properly
| locked and parked, even in the owners driveway.
|
| Banks are notorious for adopting new technology at a
| glacial pace, often only when forced to do so.
|
| Witness the adoption of chip and pin in the U.S. oh wait,
| we still haven't properly adopted it and a stolen card
| can just be tapped on the terminal of most retailers in
| 2024 with no additional authentication.
| stuffinmyhand wrote:
| This is the real problem though. It's literally the money
| form of "password on paper" if you have such a card. Not
| that I have experience, but I'd assume the largest part
| of scams comes down to this, easily stolen and used
| credit card info. Like it's still 2014.
| ako wrote:
| Many more would be stolen if customers wouldn't lock
| their cars. Customer awareness doesn't prevent it, but it
| does reduce it.
| toast0 wrote:
| As a responsible consumer, how do I prevent Equifax and
| AT&T from distributing my information?
|
| Actually, when someone signed up for a Bank of America
| checking account with my AT&T information, I notified
| AT&T once I was done with BofA... And AT&T ignored it,
| until 2 years later.
|
| Whatever BS shreading and information hygeine I do
| amounts to nothing when a big company lets stuff out. Or
| when my employer's HR person keeps unencrypted payroll
| files on a USB drive in their car in SF.
| Terr_ wrote:
| Relevant Michell & Webb comedy audio:
| https://m.youtube.com/watch?v=CS9ptA3Ya9E
| imgabe wrote:
| Probably because there would be a way to exploit such a
| policy. You're a normal, honest person, so you think "Why
| wouldn't the bank believe me? I would only claim I lost my
| money through fraud if it were true."
|
| But the bank also has to deal with dishonest people who might
| make fraudulent claims about being defrauded.
| crooked-v wrote:
| This is also why credit card companies refuse to work with
| porn - there are an immense number of people who charge
| back porn purchases almost immediately.
| pdonis wrote:
| This doesn't justify putting all the responsibility on the
| innocent person whose money got stolen by fraud. The
| fraudster didn't get money from the innocent person. They
| got it from the bank. That should make it the bank's
| problem.
|
| If the bank is concerned about fraudulent claims about
| being defrauded, that's just another case of them needing
| to improve their fraud detection process.
| yencabulator wrote:
| You're focusing on compensation to victim (and that
| becoming a new fraud mechanism). Instead, try focusing on
| what the banks could do to decrease the actual crime. Some
| examples:
|
| US banking is notoriously sloppy about allowing
| _withdrawals_ with just knowledge of routing number and
| bank account number, while every check written contains
| both numbers -- in Europe, the bank account number can only
| be used to transfer money _to_ the account (and checks
| practically don 't exist).
|
| One day out of the blue, some hundreds of dollars were
| transferred out of my American bank account, seeming to
| claim purchases in a city several hours away. I didn't
| authorize such transactions. They were direct debits of my
| account, not credit card charges. A few days later, my
| money was returned. How was that possible? Why did the bank
| agree to transfer money out of my account?
|
| All the way back in the 90s, my European bank gave me a
| one-time codebook, to be used in addition to username and
| password to authenticate online transfers. Whenever I was
| close to running out of codes, they gave me a new codebook.
| Managing to steal my password wouldn't have let an attacker
| easily empty my account.
|
| My European bank in a small city, that I had been a
| customer of for decades, and whose employee that I was
| interacting with being a family friend, verified my
| passport before discussing a loan.
| grodriguez100 wrote:
| Yes, the situation in Europe is much better, even more so
| after the introduction of PSD2 which requires strong
| customer authentication and is specifically designed to
| avoid (or at least minimize..) identity fraud.
| mindslight wrote:
| Seriously. And this is the author writing her own story. You'd
| think that after two years she'd have done a little reflection
| to realize that there are two instances of fraud here. The mule
| deceiving the bank into giving them the cash, and the bank
| deceiving the author into thinking the bank owes her $5k less.
| Align the incentives and all the bloviating about fraud "czars"
| and difficulties of prosecuting non-violent crimes just falls
| away.
|
| I've got to wonder how much people's broken understanding of
| these situations is an extension of that same old mistaken
| belief that banks hold your money in their safe or something.
| Notice how she's continually going on about "my money". Whereas
| actually your bank balance is merely a _debt_ the bank owes
| you, which cannot have been altered by the bank being
| defrauded. Any more than a cursory one or two business days to
| fix her account ledger is unacceptable. If after 60, 90, or
| however many days the bank cares to spend investigating it
| turns out that the account owner lied when disputing the
| original transaction, that would be its own fraud and can be
| prosecuted post-facto the same as anything else.
| Nuzzerino wrote:
| > You'd think that after two years she'd have done a little
| reflection to realize that there are two instances of fraud
| here.
|
| Three if you consider that New York let the criminal walk and
| go on the lam without posting any bail, due to a 2020
| (presumably late 2020) 'law'
|
| From the post:
|
| > The bail reform law, which took effect in New York in 2020,
| eliminated the requirement for defendants to put up cash bail
| for most misdemeanors and nonviolent felony charges. It was
| meant to limit incarceration of defendants in New York who
| couldn't afford to get out on bail while their cases play
| out, according to the New York Civil Liberties Union. The
| nonprofit's website says reform has been essential to
| "upholding due process, advancing racial justice, and
| protecting public health" during the pandemic.
| mathieuh wrote:
| Making people pay for bail is an almost exclusively USA
| thing. Doesn't seem to be causing many problems in the rest
| of the world to assess bail on criteria other than "is able
| to afford it".
| infotainment wrote:
| Unfortunate, but realistically this will always happen
| unless we just kill criminals immediately, or do away with
| bail. I'd be in favor of either.
| Terr_ wrote:
| > Whereas actually your bank balance is merely a debt the
| bank owes you, which cannot have been altered by the bank
| being defrauded.
|
| It's often amusing--and sometimes enlightening--to imagine
| how well the same nonsense-logic would work if it was being
| used _to the benefit of a consumer_ instead of an
| institution:
|
| "Hi Bank, I just sent enough money to fully pay off my
| mortgage! Now I fully own my house and our business is
| done... Wait, you didn't get it? That was some scammer who
| showed up randomly at my door with a fake business card?
| Well, that sucks.... for you, that is. I hope you manage to
| get your money back from them someday, ciao!"
| foresto wrote:
| Obligatory Mitchell and Webb sketch:
|
| https://www.youtube.com/watch?v=CS9ptA3Ya9E
| worldwidelies wrote:
| Because banks are as thick than thieves.
| RecycledEle wrote:
| Interesting idea.
|
| Could we write laws that require banks to both reimburse the
| money stolen and to either catch the criminal or to pay more?
|
| I think the banks would just deny that a crime occurred.
|
| As tempting as it is, I have to be against it for now
| teeray wrote:
| Imagine you owe $15k to a hospital, and someone knocks on
| your door saying "hi, I'm from the hospital, can you pay us
| $5k?" You, in your naivety, head up to your mattress, get $5k
| in cash, then pay them. Turns out, they are not from the
| hospital. What happens if you say to the hospital,
| "unfortunately your identity was stolen, and now I only owe
| you the $10k left." Given bank deposits are debts owed to
| you, this is _exactly_ what the bank is doing to you.
| SV_BubbleTime wrote:
| Interesting takes...
|
| Sees the issue with bail reform right away, then wishes we had
| more regulations like the UK.
| OutOfHere wrote:
| Never keep more money in your checking account than you can
| afford to lose. Based on my reading of the news, it often gets
| stolen.
|
| There is however the question of a potential negative balance.
| For this, do not allow overdraft protection beyond a small
| amount. Also, don't have a linked account such as a savings
| account that gets used for potential overdrafts.
| rPlayer6554 wrote:
| Then where do you put it?? Your couch??
| secondcoming wrote:
| Have several bank accounts. Keep the bare minimum in your day
| to day account, and higher sums in the other ones.
| englishrookie wrote:
| Amusingly, there are languages where the word for bank and
| couch are the same: bank (Dutch).
| ozim wrote:
| You know you can have more than one bank account.
|
| You can have separate account that doesn't have any cards
| attached.
|
| Give that account number to your employer and then when you
| need transfer amounts to account with debit/credit cards.
| OutOfHere wrote:
| With regard to a separate account, I would consider having
| one of these, in order of most preferred to least
| preferred:
|
| 1. An investment account to move money into, even if it's
| not invested.
|
| 2. A savings account at a second bank from which
| transactions or even withdrawals cannot be done, only
| transfers to your checking account at the first bank can be
| done.
|
| 3. A CD (Certificate of Deposit) at a bank, although this
| locks up your funds for the designated time.
|
| Any checking account leaves you most at risk.
| OutOfHere wrote:
| With the attitude that you have, a couch or even a shoebox
| will do. For others I will advise other choices.
| adriancr wrote:
| Or do.
|
| If a victim of fraud, file a police report, go to the bank with
| it and get your money back. Then change banks as they are
| incompetent.
|
| It's the banks problem now.
|
| It's always the banks problem to keep your money safe and
| authenticate things.
|
| It's insane this kind of theft is possible.
|
| Also, OP got the money back:
|
| "two and a half months after the theft -- the stolen $5,000 was
| back in my account."
| dgoldstein0 wrote:
| After a fairly ridiculous roundabout.
| OutOfHere wrote:
| You deserve to lose it. Not everyone gets it back.
| adriancr wrote:
| I wont, in europe its pretty much impossible to do that
| identity theft scam.
|
| Someone taking cash off my debit card would need to do it
| via 3d secure and me approving it via phone.
|
| Someone doing this via check in a bank would get them
| laughed off... I'm not sure people even know what those are
| still.
|
| Someone trying to use my identity to withdraw money at a
| bank agency... they'd need an inside man and police would
| catch that idiot on complaint... plus since corona going to
| bank agency is via appointment...
|
| I can also complain to government entities if banks wont
| help, that would lodge official complaint from consumer
| protection agency and they need to do due diligence to not
| get fined...
| OutOfHere wrote:
| That's great. The original comment was exclusively in the
| context of the US. It's a backward country with
| inconsistent use of ID verification.
| elric wrote:
| The customers are not the problem. The banks are. Having worked
| with and for banks around the world, I can say with some
| confidence that US banks are soooo far behind most Western and
| Asian banks. Heck, even many African banks outshine US banks in
| terms of IT infrastructure, security, and customer features.
| skipkey wrote:
| My wife and I had a somewhat similar thing happen, one week
| before our wedding. She had a debit card declined at Starbucks.
|
| Someone had printed a business check with our account number,
| made out to a name that matched a dead person on the sex crimes
| registry, and then someone had cashed that check at a bank in New
| Jersey. The check was for over $11k, and left about $20 in the
| account.
|
| Now, we never left that much money in the account generally but
| we had transferred some in to settle with the various vendors and
| for spending cash on the honeymoon.
|
| The good news was that Chase saw it as fraudulent immediately and
| the money was back in our account in less than 48 hours, and they
| put a few thousand in before then so we could travel.
| bradley13 wrote:
| Security is hard, in whatever field. Customers do want to be
| able to get service at their bank, without jumping through
| crazy hoops.
|
| That said, bank security in the US is generally awful. Checks
| should not exist - they are a concept out of another era.
| Actually, in the US, just having someone's account number
| enables you to withdraw money from their account. That is just
| nuts.
|
| By now, all money transfers should be electronic and immediate.
| Where I am, we use the "Twint" service. Want to pay in a shop?
| Scan a QR code off the card reader, then click ok. Want to send
| money to a private person? Select them from your contacts,
| enter the amount, click ok. Transfers are completed in seconds,
| which also eliminates the issue of bouncing checks.
| ArtTimeInvestor wrote:
| The web of trust that we have built is the best we could do in
| the past. But now we would have technology to get rid of all the
| headaches it creates.
|
| On a blockchain, we could have a contract that says "To move more
| than $X of my money per week, I need to agree by signing with my
| private key.".
|
| So the bank can only mess up $X per week. And if I lose my
| private key, I still can get the money out in chunks of $X per
| week.
| namdnay wrote:
| > And if I lose my private key, I still can get the money out
| in chunks of $X per week
|
| So the 5% of people _every year_ who are going to lose their
| private key can no longer buy a house or car for the rest of
| their life?
| ArtTimeInvestor wrote:
| The bank can still send $X per week to wherever it wants.
|
| So if one loses their key, they would tell the bank to
| transfer the money in amounts of $X per week to a new
| account.
|
| If they have set $X to 2% of their savings, they would have
| to wait 50 weeks until they can use the full sum again.
| lmz wrote:
| Well they can trickle their money to a new account and use
| that new account for the ~10 yrs until they lose their key
| again.
| evanb wrote:
| My non-blockchain bank already puts such a limit (amount
| electronically transferred per day). If you need to move more
| than that you've got to do more than just use the website.
| ArtTimeInvestor wrote:
| That does not protect you from incompetence or malice of the
| bank.
|
| Your bank is still a single point of failure.
|
| In the article, the bank claims: Someone
| had actually come into the bank and spoken to a
| teller, presented a driver's license, and then
| correctly answered some authentication questions to
| validate the account.
|
| The bank does not claim that someone just "used the website".
| dgoldstein0 wrote:
| I had a similar situation with bank a few years ago, not identity
| theft but rather some checks stolen out of the mail and cashed by
| the third party, and didn't realize it for a few months (so it
| was being the easy ach reversal point). I tried to escalate
| within the bank, must have talked with tier 2 support a dozen
| times.
|
| What worked was to file CFPB (consumer financial protection
| bureau) complaints against both banks involved. At that point I
| got to talk to executive support, who is responsible for handling
| such complaints, and was able to get the two banks to talk to
| each other. Should've done that about 6 months or so sooner.
| saxonww wrote:
| patio11 (bitsaboutmoney) invests in the banks he uses, and then
| is able to call investor relations when he's having trouble
| with that bank.
|
| https://www.bitsaboutmoney.com/archive/banking-in-very-uncer...
| geek_at wrote:
| I had something similar happen to me [1]. I won 500$ Apple gift
| cards in a sysadmin contest but they were for the US only and I
| (from Austria) wasn't able to spend them so I tried to sell them
| for about a year and then found someone who tricked me and stole
| the cards.
|
| Over a year I tracked them down and in the end got my money back
| by sending facebook messages to his mother and brother. Found out
| his real name because some school friend of him had posted a
| screenshot of a windowed game which facebook open in the
| background where you could see his friendlist. Crazy stuff. Even
| BBC wrote about it later [2]
|
| Fun fact: Since that article aired (8 years ago) I'm still
| getting 2 to 5 messages per week from random people who ask me to
| track down their scammers too
|
| [1] https://blog.haschek.at/2016/how-a-scammer-
| stole-500-dollars...
|
| [2] https://www.bbc.com/news/technology-37348014
| StrauXX wrote:
| I love how you named the scammer ungustly in your blog. He was
| quite an Ungustl :)
| nox101 wrote:
| I'm curious what the solutions are. People, including myself,
| feel this should legally be the bank's problem. Someone pretended
| to be the account owner and the bank gave them money. That seems
| pretty clearly the bank at fault
|
| But, let's say the laws got fixed and it became the bank's fault.
| Would there be un-intended consequences or only good ones? I'd
| expect banks to maybe get rid of checks. Or, require every check
| to be approved when received. You send a check, the check gets
| deposited, the bank pings you (email, sms, app) .. did you write
| this check? Or maybe something else.
|
| If I understand correctly, some countries (Estonia?, Singapore?)
| when you use a credit card, the bank requires some form of 2
| factor. I've seen that once in a while with USA cards, usually
| only when ordering something abroad. In Japan some banks require
| a 2 factor calculator that generates codes. No idea if that's
| prevented much fraud.
| Boltgolt wrote:
| A second factor (like 3-D Secure) is required by EU directive
| in the whole block for online payments. For in person payments
| having access to the card and knowing the code already
| satisfies the 2 factors, and checks are extremely rare and have
| been for decades
| nox101 wrote:
| So you sign up for a subscription and every month you must
| use a 2nd factor to secure it?
|
| Do you have amazon or equivalent? Does every time you order
| you have to second factor or do you just have to do it once
| when you sign up for an account?
| m1n7 wrote:
| nah you only need to do it once for subscriptions, but you
| can revoke access.
|
| with other purchases it depends on the site. some ask you
| every time and others don't. i'd assume charges in the same
| range don't have to be approved again, but idk how it works
| exactly
| piva00 wrote:
| Subscriptions don't need to 3-D Secure every transaction,
| the initial transaction is considered identified and the
| auth code is re-used for subsequent charges until you
| revoke it.
|
| For Amazon and other larger merchants I feel there is some
| rules system taking as parameters the merchant size (also
| as a "trustworthiness" score of sorts), recency of last
| identified purchase (or even some kind of re-using
| identified auth codes on that merchant), and amount of
| purchase since almost all larger purchases I make online
| seem to require 3-D Secure even on larger merchants.
|
| It's not a big hassle, sometimes buying through a new
| checkout process requires me to authorise the transaction
| even for small amounts but where I live I can do it through
| a electronic identification app on my phone, takes some
| seconds.
| daveoc64 wrote:
| The second factor isn't always needed.
|
| The banks use the sort of risk factors they do for other
| kinds of fraud protection.
|
| If you make a larger transaction than usual, or try to make
| a transaction with a merchant you've not used before, then
| you'll usually be prompted to authenticate.
|
| There's also a limit to how many unauthenticated
| transactions you can make within a period of time.
| surfingdino wrote:
| 2-factor is common for online card transactions in the UK.
| joelccr wrote:
| All major CC companies have the extra layer (3-D Secure)
| available to merchants. Whenever I make a card transaction
| online that is in any way unusual the bank makes me do an
| app/SMS 2-factor.
|
| As with any extra step in a purchase its a balance between
| security and conversion rates. It seems companies have decided
| it reduces conversion too much in the US hence the low uptake,
| whereas UK/EU seem to use it very often.
| remus wrote:
| > People, including myself, feel this should legally be the
| bank's problem. Someone pretended to be the account owner and
| the bank gave them money. That seems pretty clearly the bank at
| fault
|
| I think it is a little more nuanced. While I think banks should
| shoulder more of the responsibility account owners also need to
| be invested in keeping their personal information secure. If I
| left my passport, driving license, pin, password, phone
| (unlocked of course) and 5 years of bank statements by the side
| of the road a stranger could pick those up and pretend to be me
| with very little effort, and the bank would be very hard pushed
| to distinguish the stranger from the real person. If it was
| purely the bank's problem what incentive would there be for
| people to secure their information? They'd just reclaim the
| loss back from the bank.
| xwolfi wrote:
| But we didn't ask the bank for any of this. They can just
| check my fingerprint each time I go to an ATM and provide no
| card, and I'll survive. They built these systems, we can't do
| without them anymore, and on top of it I have to secure their
| identity checks?
|
| Someone stole 2k$ from me by using my CC number recently.
| Well, awesome, why wasn't there even an OTP ? When I want to
| buy a 10$ crap on Amazon they send me 3 SMS... They leave
| these things a bit open to reduce friction, they have to pay
| for it. My bank paid me back the same day, and that was the
| least they could do.
| ako wrote:
| You'd survive, but loose your fingers in the next
| robbery...
|
| Plus, fingerprint is super unreliable. Every time I'm hand
| sanding a wood project, or go windsurfing or wingfoiling
| for a couple of hours, my fingerprints are unusable for
| some days.
| yencabulator wrote:
| > If I left my passport, driving license, pin, password,
| phone (unlocked of course) and 5 years of bank statements by
| the side of the road a stranger could pick those up and
| pretend to be me with very little effort, and the bank would
| be very hard pushed to distinguish the stranger from the real
| person.
|
| Until you report those items as stolen, after which they
| should be not useful at all. Especially the 5 years of bank
| statements should have no power of authenticating you.
| remus wrote:
| > Until you report those items as stolen, after which they
| should be not useful at all.
|
| But if it's all on the bank (and to generalise, the other
| party trying to authenticate the request) why would you
| report the items stolen? You've got no incentive to do
| that.
|
| Im exaggerating of course, but the point is that
| authentication is really difficult if the party you're
| trying to authenticate isn't motivated to work with you
| (and why would you be if there's no cost to you if a
| mistake is made?)
| yencabulator wrote:
| Yes, you are exaggerating. Your argument is that we
| should not make any improvements unless we can achieve
| utopia.
|
| Imagine a world where bank fraud was only possible in
| that rare scenario you described, and then only for a
| limited amount of time since you can be required to
| report loss of identity documents, and then only for
| transactions that cannot be reverted in time, _and even
| then_ financial liability might be pushed on to the bank(
| /'s insurance). That'd solve practically all of the
| current day bank fraud, without in any way solving your
| hypothetical.
| remus wrote:
| > Your argument is that we should not make any
| improvements unless we can achieve utopia.
|
| Not at all. As I said originally:
|
| > I think it is a little more nuanced. While I think
| banks should shoulder more of the responsibility account
| owners also need to be invested in keeping their personal
| information secure.
|
| Some of the comments on this article just strike me as
| quite idealistic about the ability of banks to bear full
| responsibility for authentication and authorisation.
| Practically, I think it works more smoothly when both
| parties are invested.
| Am4TIfIsER0ppos wrote:
| In-person banking only where the employees are long term and
| recognize the customers, you can see the manager, and you can
| close your account at any time and are handed a stack of bills.
| Yes, reversing 50+ years of "progress".
| mindslight wrote:
| First, it essentially already _is_ the banks ' problem legally.
| This does not stop a bank from defrauding the customer into
| giving the bank a loan for months while performing hundreds of
| hours of paralegal work, but in most cases the bank will
| eventually be on the hook. So we're not talking about any new
| risk, but rather for banks to stop giving people the runaround
| pretending they aren't directly responsible.
|
| Checks would be completely unaffected, as they're already
| reversible like any other ACH transaction.
|
| If there is any affect it would be on cash withdrawals and wire
| transfers seeing increased authentication requirements (places
| where the transaction "hardness" of money increases). But
| that's precisely what we want to happen! I do personally
| withdraw thousands of dollars in cash at a time. But if say I
| had to use my ATM card + PIN instead of merely writing my
| 9-digit account number on a paper withdrawal slip, I would
| certainly understand.
| yencabulator wrote:
| Most European cards are chip cards now. (Many of them might
| require a PIN too.) American cards still have magnetic stripes
| that are very vulnerable to skimming. But credit card companies
| (/banks) can't get rid of the magnetic stripes (in a
| commercially viable way) until readers are upgraded to support
| chips. In Europe, you'd probably just have a law saying this
| needs to perform to that security level by this date, and make
| the companies upgrade -- but the US theme is "stuck in the 70s"
| for this kind of stuff.
|
| I have high hopes for contactless payments to finally force
| reader upgrades, because the difference is something the
| consumer notices and might appreciate. With magnetic strip vs
| chip, the user experience was too similar.
|
| (Of course, my phone fails to pay about half the time at the
| local grocery store, but at least the credit card tap works.)
| jstummbillig wrote:
| Shout outs to diverse value generation, by people going through a
| big issue,investing huge chunks of life time and then dispersing
| knowledge by doing write ups (which are not easy to do in general
| but it gets harder the nastier the topic).
|
| I have deep empathy for how costly these experiences are, that I
| can then just learn from in 5-10 mins. I hope that in the future
| more of the bad stuff can be avoided upfront but in the meantime
| I think this is wonderful and something to foster (which I should
| remind myself of and participate in more often).
| datpiff wrote:
| _"Forget the fake IDs adolescents used to get into bars," says
| Georgia State's David Maimon, who is also head of fraud insights
| at SentiLink, a company that works with institutions across the
| United States to support and solve their fraud and risk issues.
| "Nowadays fraudsters are using sophisticated software and capable
| printers to create virtually impossible-to-detect fake IDs."
| They're able to create synthetic identities, combining legitimate
| personal information, such as a name and date of birth, with a
| nine-digit number that either looks like a Social Security number
| or is a real, stolen one. That ID can then be used to open
| financial accounts, apply for a bank or car loan, or for some
| other dodgy purpose that could devastate their victims' financial
| lives. "_
|
| Does this seem a little far-fetched? The reporter lost $5000 - a
| lot of money! - but if it required a high-tech impossible-to-
| detect fake ID, layers of shadowy criminal gangs and cash mules
| it seems like there won't be a huge profit left. It seems more
| likely that this kind of fraud is much less sophisticated, and is
| exactly the same technology used by adolescents to get into bars.
|
| This feels like another argument that this is an unsolvable
| problem, and banks are helpless against mysterious dark web
| hackers. Dive bars are held reasonably accountable over verifying
| identity, it seems crazy that we accept that banks can't/won't do
| the same.
| tromp wrote:
| > On April 18, 2023, according to a police report, she'd gone
| into a Citizens Bank branch in New Rochelle in Westchester
| County, presented an ID with another woman's name, and walked
| away with $3,500. A bank employee had become suspicious and
| called the account owner to confirm she'd made the withdrawal
| herself. She hadn't.
|
| What confuses me is that the bank has my photo ID already. So
| when someone comes in to make a large cash withdrawal using a
| fake ID with my name on it, doesn't the teller see my face on
| screen to match?
|
| I find it hard to believe that the thiefs managed to find a mule
| that looks exactly like the victim.
| wildrhythms wrote:
| So she walked into a bank with nothing but an ID and walked out
| with thousands in cash? I did not realize someone could make a
| withdraw like that without a debit card (or a check, or some
| other bank authenticated mechanism).
| Terr_ wrote:
| There's an incisive Mitchell & Webb audio sketch on this,
| where banks with bad security are using the phrase to shift
| blame onto consumers.
|
| https://m.youtube.com/watch?v=CS9ptA3Ya9E
| tingletech wrote:
| I lost my wallet once and I was able to write a counter check
| for cash while I waited for my new ATM card to come. That was
| in the early 2000s, I did have my passport however. I also
| had the key to my safety deposit box, but they didn't check
| that.
| tingletech wrote:
| Why does your bank have your photo id? I've never heard of a
| bank record having a photo attached.
| mixmastamyk wrote:
| That's changing, at least in the US. I don't know the
| timeline however. Also recently had to call my bank to verify
| some credit bureau type details they'd dug up on me.
| tingletech wrote:
| You are saying know your customer requires the bank to keep
| a copy of your photo ID on file, and that it shows up on
| the teller's terminal when you go into a bank? That seems
| pretty insane to me that tellers would be able to look up
| any customer's photo ID, and it seems like a huge liability
| for the bank to keep those on file.
|
| I've had my primary checking account since the 80s, the
| photo would not look anything like me. When I opened my
| passbook savings in the 70s I didn't even have a photo ID,
| just a socical security card.
| elric wrote:
| Banks are required to keep their KYC up to date.
| Regulations will obviously vary depending on where you
| are, but in general, banks have a fuckton of information
| about you, all alledgedly to prevent fraud (and
| terrorism).
| mixmastamyk wrote:
| No big company has faced any big liability in the US that
| I'm aware of. Experian comes to mind.
|
| They originally sent a mail with that requirement, but
| changed it to the interview instead. I don't know the
| internal policy. Presumably they thought they had enough
| from "public records" as they called it.
|
| I agree with the 'insane' moniker... but realized a few
| years back we're not in Kansas anymore.
|
| Just went to a concert where you're not allowed to attend
| w/o a internet connected terminal in your hand.
| ((boggle))
| OJFord wrote:
| KYC? I wouldn't expect the teller to have it (if my bank even
| had branches) but certainly I've provided driving licence or
| passport as well as 'selfie' for KYC and to subsequently
| prove my identity.
| RecycledEle wrote:
| The author is a sucker!
|
| The criminal pretends to be injured after cops arrest her while
| she is running from them, and she composes herself so she looks
| like a victim. LOL!
|
| Then the criminal gets the victim to feel sorry for her.
|
| Then she gets released almost immediately, so she can do it
| again!
|
| This is why we used to hang criminals on the day of the trial.
| neonate wrote:
| https://archive.ph/KG95Q
|
| https://web.archive.org/web/20240520073631/https://www.msn.c...
| 1vuio0pswjnm7 wrote:
| Works where archive.ph is blocked, no Javascript needed:
| x=https://www.msn.com/en-us/news/crime/an-identity-thief-
| stole-5000-from-me-i-spent-two-years-tracking-down-how/ar-
| BB1mqh0b
| x=https://assets.msn.com/content/view/v2/Detail/en-in/${x##*-}
| (echo "<meta charset=utf-8>";tnftp -4o'|grep -o "<p>.*</p>"'
| $x|tr -d '\134') > 1.htm firefox ./1.htm
| links 1.htm
| jdkee wrote:
| It is shameful who the banks have turned their authentication
| problem into a problem for their customers, branded as "identity
| theft".
| droopyEyelids wrote:
| The detour into anti-bail-reform talking points was a sour note
| in this article.
|
| It sucks that the criminal skipped bail, so without bail reform
| that would have only been allowed if she passed a certain
| threshold of wealth. Thats not mentioned because its clearly not
| a better outcome.
| ghssds wrote:
| Nobody stole her identity. Someone stole the bank and then the
| bank used the "stolen identity" scam to somehow put the burden on
| an uninvolved third party.
|
| Things will get better when the customers realize they aren't the
| victims of the thieves. Banks are the victims of the thieves.
| Customers are actually the banks' victims.
| djoldman wrote:
| What happens if you sue the bank?
| hiddencost wrote:
| My mom was subject to a very similar scam recently, so this hits
| close to hone.
|
| But this was secretly an article about bail reform, trying to
| paint a sympathetic picture and then redirect your anger at bail
| reform.
|
| I hate that. Bail reform is a good, wise policy that works, and
| no amount of dishonest articles like this will change that.
| noja wrote:
| Obligatory Mitchell & Webb:
| https://www.youtube.com/watch?v=CS9ptA3Ya9E
___________________________________________________________________
(page generated 2024-05-21 12:01 UTC)