Why Lenders Overlook Warning Signs of ID Theft 225
Hugh Pickens writes "Despite all the new fraud alert tools and increased awareness of the perils of identity theft, incidence of the crime remains at 2003 levels, with about 10 million Americans falling victim every year. Now the NY Times reports that there may be a simple reason for the persistence of ID theft: lenders are too willing to extend credit to just about anybody, even when there are big red flags that indicate fraud. Chris Jay Hoofnagle at UC Berkeley worked with a small sample of six ID theft victims and delved into how they were defrauded. Of 16 applications presented by imposters to obtain credit or medical services, almost all were rife with errors that should have suggested fraud — yet in all 16 cases, credit or services were granted anyway. 'Identity theft remains so prevalent because it is less costly to tolerate fraud,' writes Hoofnagle. 'Adopting more aggressive and expensive anti-fraud measures is extremely costly and jeopardizes customer acquisition efforts.' Hoofnagle says business decisions leave individuals and merchants with some of the externalities of identity theft as victims spend their own money, and more often, valuable personal time dealing with the problem. Hoofnagle suggests that lenders contribute to a fund that will compensate victims for the loss of their time in resolving their ID theft problems."
Here we go.. (Score:4, Insightful)
Can't wait to see how people blame the victim on this one.
Re:Here we go.. (Score:5, Interesting)
Can't wait to see how people blame the victim on this one.
I think it's pretty clear that these 'honorable institutions' are actually enablers. Accepting that the cost to compensate individuals is lower than fixing the system sounds awfully familiar ... Ford's Pinto comes to mind as does the recent Toyota situation. They're not killing anyone ... they're just ruining their lives for a while.
Re:Here we go.. (Score:5, Insightful)
Ford's Pinto comes to mind as does the recent Toyota situation
The "Toyota situation" has been blown completely out of proportion. Whatever problems may exist with Toyota automobiles have long since been buried under sensationalist "OMG, if you own a Toyota you are going to die!!!" media headlines and politicians looking to build "I'm tough on big business" street cred. It's been alleged that 37 people have died due to problems with Toyota's in the last ten years. That's a drop in the bucket compared to the number of people who have died in old fashioned automobile accidents. Even if you accept that all of those were due to a design flaw (which hasn't been proven yet) it hardly seems worth all of this FUD.
I don't own a Toyota but if I did I wouldn't be afraid to drive it. I'd be more worried about getting killed because of the stupidity of a fellow driver than I would be about being killed by a design flaw in my own automobile.
Re: (Score:3, Informative)
Or compared to the number of Ford F150 pickup truck fires that actually caused deaths and damage. Oh wait, let's ignore that because a pickup truck is AMERICAN!
Re: (Score:3, Insightful)
Re: (Score:2)
NO, Not enablers. They are seriously greedy, and frantic for money. Because of this, they are actually ACCESSORIES TO ID THEFT CRIMES. Let's start prosecuting them as such. Oh, wait. The feds already ok banks and lending institutions as ok to steal, etc, so this would be ok, too. Oh, wait, the feds give the banks, etc money to cover their losses, so they could get more money from the feds for this, too.
Never mind.
Re:Here we go.. (Score:5, Interesting)
``Can't wait to see how people blame the victim on this one.''
The victims ... are all of us. The fallout of identity fraud is costly, and, eventually, all of society bears that cost. Higher rates for borrowing money, insurance against identity fraud, the enormous cost of cleaning up after your name has been misused, and society missing out on people who would otherwise have been productive members.
It seems to me that the choices we have are trading the inefficiency of a better identification system against the inefficiency of having more failures, and sharing the burden vs. letting a few shoulders carry it all so the rest of us goes unencumbered.
Personally, I think that there should, first of all, be fewer occasions where you need to authenticate. Usually, it doesn't matter who you are, so why require authentication? Secondly, authentication should not always disclose everything. If the same data that I need to hand over to buy a $50 mobile phone can be used to get a $20000 loan, that's a security hole.
Thirdly, when you're lending money, that's your choice. You can charge interest and/or fees to make it worth your while. What you can't do is get someone who wasn't a party to the agreement to be responsible for getting the money back to you. If you lent it to the wrong person based on false credentials, that's your mistake, not that of the person whose credentials were misused. Somehow, institutions seem to be able to strong-arm that person into paying up anyway. I'd like to see the end of that, too.
Re: (Score:2)
Personally, I think that there should, first of all, be fewer occasions where you need to authenticate. Usually, it doesn't matter who you are, so why require authentication? Secondly, authentication should not always disclose everything. If the same data that I need to hand over to buy a $50 mobile phone can be used to get a $20000 loan, that's a security hole.
This is a good idea. I just can't figure why one needs to hand over an SSN to buy even a prepaid phone plan. Even worse, I was expected to give it out for a blood draw/lab work. I went in all adamant about kicking ass when they demanded it, telling them that they weren't paying me anything so they didn't need to make any IRS filings, privacy, etc. Then they didn't even care when I left the field on the form blank -- I was almost disappointed. I suppose that many times, SSNs are demanded just because th
Re: (Score:3, Interesting)
Really?
My prepaid phone has some basic (and out of date) information on me. No DOB, no SSN.
Someone I knew had a stalker, arrested multiple times for stalking her. He'd somehow get her phone number. He'd find out when she moved and to where. She resorted to living with friends and moving frequently, but had no cell phone. I bought a prepaid phone with cash. They only aske
Re: (Score:2)
Thirdly, when you're lending money, that's your choice. You can charge interest and/or fees to make it worth your while. What you can't do is get someone who wasn't a party to the agreement to be responsible for getting the money back to you. If you lent it to the wrong person based on false credentials, that's your mistake, not that of the person whose credentials were misused. Somehow, institutions seem to be able to strong-arm that person into paying up anyway. I'd like to see the end of that, too.
I think it has to go further than that. If an institution extends credit to someone who is using a stolen identity they should be liable for the costs of the person whose identity was used that are incurred as a result of this. This is fairly complicated and the amount that institutions should be held responsible for needs to be increased to decrease their incentive to extend credit to people who are using a fraudulent identity. (As an aside where are all the people who say that stealing Intellectual Proper
Re: (Score:3, Insightful)
``(As an aside where are all the people who say that stealing Intellectual Property isn't theft on this--if you steal my identity, I still have it)''
I happen to be one of those people, which is why I prefer speaking of "identity fraud" rather than "identity theft".
Re: (Score:2)
It's the victims fault for not protecting their info. It's also the victims fault for not checking their credit report every 60 seconds.
finally it's the victims fault for electing the scumbags they have in government that hates consumers and loves banks.
Honestly, the US government fully supports credit fraud, otherwise they would have put in rules for banks that made it the banks responsibility and liability at all times. It needs to become expensive for banks to ignore the red flags. I support a $50,00
Re: (Score:2)
That's exactly where I was heading when I read the article. The creditors want to pass the responsibility on to anyone but themselves. And others in turn try to shift responsibility onto the individuals whose names and/or numbers are being used.
I wonder how often various individual rights activists are involved in the lobbying or proposal for new law and regulation, but someone needs to do something to reform this blame game that ultimately ends up victimizing innocent people.
I participate VERY sparingly
Re:Here we go.. (Score:5, Informative)
If you steal someone's identity and scam a bank out of $1,000, then there is more than one victim: namely, the person whose identity you stole, and the bank (or broadly, its shareholders)
If the ID theft involved a credit card account then you can add the merchant(s) to your list of victims. When a credit card charge is disrupted it's the merchant who winds up taking the hit.
Re:Here we go.. (Score:4, Insightful)
Re: (Score:2)
Except that in certain cases the merchant is the one responsible for the loss. For instance, they are supposed to compare your signature on the charge slip to the signature on the back of the card. This simple step would stop a large number of illicit transactions using stolen credit cards but most merchants can't be bothered -- even though the agreement they signed to accept credit cards says this is part of the process.
Mind you, that wouldn't help with ID theft, but I don't think it's fair to ask the b
Re: (Score:2)
The credit card companies should allow merchants to check ID, then. Comparing a signature is pointless. It only takes a few minutes to learn to forge something that's passable to untrained eyes.
Though some merchants ask for ID anyway, the merchant agreement usually forbids requiring ID to complete the transaction. This is pretty much there because the credit card company wants to make using the card as easy as possible. They don't want any negative implications to the card. It's the same reason that yo
Re: (Score:2)
"Allow"? How about "require"?
Does anyone really have a problem with pulling out an ID when making a purchase? You're already pulling out one card. Is it really too much trouble to show a second?
Banks don't care because they're going to get paid, one way or the other.
Re: (Score:2)
Yes, that's a great solution: let's combat identity theft by exposing more personal information! </sarcasm>
(Yes, I have a problem with showing an ID, both on its own "merits", and that an ID isn't required to get a card and thus shouldn't be required to use it.)
Re: (Score:2)
Does anyone really have a problem with pulling out an ID when making a purchase? You're already pulling out one card. Is it really too much trouble to show a second?
Yes, I do. The merchant agreement they sign doesn't give them the right to ask for ID, unless your card is unsigned or the signatures don't match up. I refuse to show ID as a matter of principle. If they push the matter I'll file a complaint with Visa and/or Mastercard.
Re: (Score:2)
Comparing a signature is pointless. It only takes a few minutes to learn to forge something that's passable to untrained eyes.
What makes you think your typical teenage brat/criminal punk who stole a credit card is this sophisticated? I've caught stolen credit cards in my days behind the register -- they never even made an attempt to match the signatures. In fact they seemed surprised that I bothered to check them. My employer was one of the few who was smart enough to follow his merchant agreement to the letter -- consequently we never had any chargebacks in the time that I worked there.
Re: (Score:2)
It really is a pretty bad deal for the merchants. What they get out of it, though, is the ability to compete with other merchants who take credit cards. Since that is most other merchants, it just means that they're on equal footing. If they refused to take credit cards, they'd probably lose a lot of sales.
I'd love to have more proof of identity in purchasing with credit cards. Having had my CC stolen or compromised 3 times in my life (and gone through the hassle of changing auto-pay services to the new
Re: (Score:2)
I write "Check ID" on the signature field of my credit/debit cards
I hope you realize that by doing that you've voided your credit card. Read the little blurb under the signature panel, it says "Authorized signature, not valid unless signed."
If you handed that card to me in my days behind the register I would have refused to use it. Read the Visa/MC merchant agreements -- merchants who follow them aren't allowed to accept such a card.
Re: (Score:2)
That's the way I mark all of my cards. Block letters "CHECK ID" in the signature block. I've been doing that for probably 15 years or so. Only once a vendor said "You have to sign there", so I took their pen and scribbled my signature in what was left of the blank and they were satisfied. They didn't check my ID though. {sigh}
It used to be about 10% of the time someone would verify my ID. Now it's less than 1 in 50.
I have a friend who asks me to buy stuff fo
Re: (Score:2)
For instance, they are supposed to compare your signature on the charge slip to the signature on the back of the card
That's a nice idea, but whoever stole the card has the signature to study, and you're asking some highschooler to perform handwriting analysis to see how close of a match it is. Not to mention the proliferation of those digitizer tablets that turn your signature into something like a solid block of pixels.
I suspect, though, that given the relative frequency of a mugger taking one credit card
Re: (Score:2)
This already exists and is cheap for the individual. Just open an additional savings account with $50 under your main account, and then set up recurring transfers to move the entirety of your paycheck to your regular savings
Re: (Score:3, Insightful)
The first NSF fee is because your account *MIGHT* become overdrawn. It's like a warning shot. They still charge you
I find that a little hard to believe. Got a link to the bank policy where they state that they do that?
Something like 75% of a banks income, comes from NSF fees.
And 98% of all statistics are made up on the spot.....
Re: (Score:2)
Except that MasterCard and Visa have significant fraud departments that spend all of their time monitoring bank, merchant, and customer fraud. The biggest asset the credit card companies have is their brand, so they need to keep fraud low to maintain good PR. For example, if a bank's MasterCard fraud rate goes over a certain percent (around 2% IIRC), the bank's contract is flagged and will lose it if they don't improve.
A large burden is put on the merchants because they are the ones who are present when t
Re: (Score:2)
If the ID theft involved a credit card account then you can add the merchant(s) to your list of victims.
Right, but out of the 2-3 victims, only one showed up to the party saying "You can trust me to make your money/transactions convenient and safe."
Re: (Score:2)
Every identity theft incident is two victimizations rolled into one. First, the ID thief defrauds the bank (here the bank is the victim) then the bank victimizes the real person whose ID was used by trying to extort the money from them.
The extortion is of the form "Pay us or we'll spread libel far and wide and harass you relentlessly".
If some guy gets mugged in the park, we may feel sorry for him. However, if he "solves" the problem by mugging someone else, we'll throw him in jail with the other muggers.
His
Re:Here we go.. (Score:4, Insightful)
This just goes to show exactly how despicable the banks have become. The guy making 40K is the only blameless person in the whole deal. The ID thief, is of course to blame for committing a crime. The bank had the opportunity to verify their ID more carefully and take other measures to catch the actual criminal, but doesn't bother because it's much easier to just extort the losses from the guy making 40K by hiring someone to make harassing phone calls, threaten him with expensive court proceedings, and spread libelous claims that he is a bad credit risk. In extreme cases, the bank might even lie to the courts and the sheriff to get them to take the money from him at gunpoint.
The guy making 40K had nothing whatsoever to do with any of it. The banks have somehow convinced everyone that the combination of person defrauds bank plus bank extorts the losses from a 3rd party to be a new crime committed by the fraudster against the bank's victim.
Re: (Score:2)
So are you saying it's ok to rob banks, because that's where the money is kept?
So your saying it OK to rob places without money?
Re: (Score:2)
No, it's ok to rob banks because they're FDIC insured. Whatever you get from the bank, the fed pays them back. No harm, no foul, unless someone gets hurt in the process. Ok, we all end up paying, but at least someone gets the lump sum. :) Don't take watches, wallets, and purses though, individuals aren't insured for this kind of theft.
In LEO school (one of those things I though I'd do once upon a time), there was a huge discussion about criminal liability. If someone is hurt in the com
Re: (Score:2)
But the lender's not the one who's going to have their credit rating trashed and have their accounts cleaned out.
I wouldn't be surprised if at some level, the banks see identity theft as a profit center.
Tell me about it (Score:5, Insightful)
Bank fraud is why i shutdown my business after losing about 15k. Banks make a LOT of money milking the merchants with fees & services to create a "Safe shopping facade" but to screw you over in the end. What sucks even worse is that the consumer always wins in the end regardless or not if the consumer is legit or fraud and the banks LIKE it that way.
Banks make a lot of money in playing the high risk game and its screws everyone over in the end.. someone is paying for it.
Re: (Score:2)
Kinda ironic, the shite I wade through to cash a legit check with my name on it... My GF's purse was stolen a couple weeks ago, and whoever got it has cashed THOUSANDS of dollars in checks, mostly in the four- to eight-hundred dollar range. I wish I knew the secret, I'd like to get away with cashing my own checks more easily.
Re: (Score:2, Flamebait)
Find a bank that isn't run by assholes. The girls at my local community bank know who I am, never ask me for ID and never give me any issues cashing a check. Do business with an outfit that sees you as a person rather than someone who is looking to rip them off.
Re: (Score:2)
Wow, looks like the mods are on fire today... this one and the reply both got flamebait for no reason whatsoever. You'd almost think some bank employee was trawling Slashdot and downmodding people who point out that many (particularly large) banks are run by dickholes...
Re:Tell me about it (Score:4, Interesting)
This is exactly why I always say, "identify theft" doesn't exist. This is credit fraud which is encouraged by banks and especially credit reporting agencies. If laws didn't exist specifically to protect banks and credit agencies, we would all be calling them fraudulent organizations and lots of people would be jail. But since lots and lots of politicians financially benefit from fraud, the status quo is actively maintained.
It is impossible to fix credit fraud until lenders and credit agencies are help liable for their willfully fraudulent actions.
Hoofnagle is right (Score:5, Interesting)
Re: (Score:2)
I think that is like getting compensated for SPAM damages. An idea too good to see daylight. "There was an impassioned plea for an end to corruption in government, but cooler heads prevailed."
They make money off of it. (Score:2)
I'm sure people will add more reasons to the list.
Credit Agencies (Score:5, Interesting)
I've got an idea. How about the credit agencies be required to inform me when they give out reports about me? They already know everything about me, right? If someone is illegitimately getting credit under my name, I'll find out about it. If they have incorrect information, I'll find out about it. The cost of an inquiry would go up by $1(US), the cost of printing and mailing a duplicate report.
Re: (Score:2, Insightful)
I like your plan, but it would first require the approval of the credit agencies and $1 million in lobbying (by the credit agencies) before any congressman would sponsor such a bill. Unless of course some influential consumer advocacy group can out-lobby the credit agencies, but none come to mind.
Your plan would only work if you use the strategy that got us health reform. The bill has to be written by the enablers (banks and credit agencies). The bill would mandate that all Americans be required to pay f
Re: (Score:2)
Re: (Score:2)
If someone can convince a bank to give them a loan using your name, how difficult could it be to have the contact information changed?
Re:Credit Agencies (Score:5, Insightful)
You seem to be under the illusion that credit agencies are legitimate businesses, interested in the welfare of their customers, and you are their customer.
Let me fix that for you: Credit reporting agencies are a blackmail and extortion ring that somehow are allowed to legally exist. They don't give a shit that your information is correct or not, or if someone defrauds you. If you get defrauded, they're happy to just put it in the report. After all, if you get defrauded, you're a risk, aren't you? Still not their problem.
No one has ever been contacted by a credit agency, unsolicited, to verify the accuracy of information in their file.
The only way your idea will come to pass is if it is legislated.
Personally I think a better idea is to just get rid of credit agencies. Make holding information about a person without their knowledge or consent illegal. Require that anyone holding information (of a certain nature) about a person notify that person of the content and existence of that data on a regular basis. Thus holding information about people becomes expensive, and illegitimate extortion operations like credit agencies would be forced (economically) to improve.
Re:Credit Agencies (Score:5, Insightful)
You seem to be under the illusion that credit agencies are legitimate businesses, interested in the welfare of their customers, and you are their customer.
Let me fix that for you:
You're completely right. The Fair Isaac score is a measure of how likely a creditor is to make money from you. If you're a victim of identity theft, then you may cost the creditor money. So you necessarily get a lower score.
The credit reporting system is an ingenious scam. They've created a number from nothing. Then tied this number to behaviors they want to see from you. Don't go into enough debt? You get a low score. Don't pay reliably? You get a low score. It's a worthless shiny object that you've been conditioned to pursue.
They flood television with commercials spouting propaganda for the current system of credit. Responsible people pay their bills on time, even if it means they have to feed their kids crap food for dinner, or pull them out of private schools, or avoid taking them to the doctor because they can't afford it. Responsible people establish and maintain a good credit history. Responsible parents teach their kids about credit and help them get their first credit card. It's a confidence game. You groom the mark. Then you fleece them. You give up your hard-earned money so that a number in a computer doesn't drop.
Here's how it is folks: take care of yourself and your family first, even if your credit score takes a hit. You can't eat your credit score. It won't keep you warm in the winter. And if you have no desire to finance anything, then your credit score is utterly irrelevant.
Re: (Score:2)
Even an email would be fine. A simple message saying that "Bank X has requested your credit report in order to process an auto loan. If you have not initiated this loan request, please contact so-and-so at Bank X immediately."
They're totally unaccountable. (Score:5, Interesting)
Did you know you cannot even compel a credit agency to produce the documentation proving that you owe the claimed debt? Verification involves them contacting the party reporting the debt, saying "This guy owes money, right?" When they reply in the affirmative, that's called "verified."
Financial regulations in the United States are practically non-existent. The reason for uncertainty in our markets has nothing to do with government regulations - it has to do with the total lack of accountability and transparency required. Every five years the scheisters are exposed, and the markets collapse, because everyone - Wall Street, the credit rating agencies, and of course the companies themselves - are in on the take.
Re: (Score:3, Informative)
They do that already, but they charge for it. Why would they want to ruin a perfectly good revenue opportunity?
However, you can put a freeze on your credit report, and people can't pull it unless you are contacted and approve.
Re:Credit Agencies (Score:4, Informative)
How about the credit agencies be required to inform me when they give out reports about me? They already know everything about me, right?
You can get this service, for a fee. Unfortunately, you have to pay for it.
Also, you can put a fraud alert on your credit file. That forces the lender to contact you directly to confirm your application. Unfortunately, you have to renew it every 60-90 days, at all 3 credit reporting agencies. Of course, you can pay a fee to have someone do it for you.
I've been paying for this service for a few years. I don't like it, but it's a necessary evil after my birth certificate was stolen during a burglary at the home of another family member.
The obvious solution to ID Fraud (Score:5, Interesting)
The solution is this: you loan money to Joe and Joe signs his name as David? Wow, too bad for you, lender. You just gave away your money to Joe. David can't be held liable for this since he had no hand in it?
Doesn't it sound like the logical solution. If someone goes to the bank claiming to be me and the bank gives them a loan in my name, then the impetus is on the bank to track down the schmuck who tricked them. The bank ought to be liable for allowing themselves to be duped like this; they shouldn't be allowed to come after me. After all, I didn't do anything!
What's wrong with this solution?
Re:The obvious solution to ID Fraud (Score:5, Funny)
Mitchell and Webb covered this [youtube.com]
Re: (Score:3, Insightful)
Re: (Score:3, Funny)
Re:The obvious solution to ID Fraud (Score:5, Insightful)
What's wrong with this solution?
The banks spend millions on lobbyists to fight making the laws more fair to the consumer. Otherwise your solution would already be law.
Banks start whining that making them responsible would raise the cost of extending credit. Good. Credit should be harder to get.
One slight problem (Score:3, Insightful)
Re:One slight problem (Score:5, Insightful)
If it's the bank's decision to lend or not, then the bank should take responsibility for fraud. Suppose Joe borrows money under my name fraudulently, from a bank I don't personally do business with. I have had no opportunity to influence the security of the bank's system, except politically. I have had no market influence, not being a customer. The decision of what level of fraud to accept is the bank's.
Any cost pushed off on me is an externality for the bank, since they don't have to pay, and they aren't even losing a customer. Therefore, market forces will not create incentives for banks to reduce fraud below what is best for their balance sheets. In the situation where I can be forced to repay the loan, there is no incentive for the bank to avoid fraudulent loans, and the amount of fraudulent loans increase until everybody's doing it as a matter of self-defense.
In general, the cost of a loss is best assigned to those with the ability to avoid the loss. That way, the market pushes them to the correct balance of preventing and accepting the loss.
Re:One slight problem (Score:4, Insightful)
Even DNA checks are not good enough for this (as cases involving identical twins have shown), so the actual solution is very, very hard.
Just take a thumbprint with the signature. That's good enough to cover 99% of the cases. (If someone is rich enough that someone else will make a thumbcap to match, then you're getting into real cloak-and-dagger. But most crooks are dumb.) Inkpads are cheap. Even though the bank likely can't verify the thumbprint immediately, it will be invaluable to the police when the fraud is investigated.
Re: (Score:2)
However, once you make them take the hit, all that will happen is they pass on the costs to the customers by increasing their charges.
This oft-used expression runs counter to the model of supply-and-demand in a market with any demand elasticity.
Re: (Score:2)
Re: (Score:2)
The only thing wrong is that it's the banks playing field and they set the rules...
Re: (Score:2)
But outside of criminal cases, you ARE guilty until proven innocent.
Because (Score:2)
The rules of accountability only apply to people who don't have any money. Every middle class American needs to accept responsibility for their actions, even if they are victims of simple misfortune.
Banks and corporations play by a different set of rules. They make big bets, pay themselves billions in bonuses for providing the illusion of profit, and then walk away without a slap on the wrist when the illusion collapses. I think today this is referred to as a "free" market. But the costs are indeed very hig
Re: (Score:2)
Re: (Score:2)
AFAIK, just say no. (Score:5, Interesting)
I've dealt with things like this before with my bank. The worst I had to do was sign an affidavit that stated I didn't make the fraudulent transaction, and the problem "went away".
Here's something interesting: about 5 years ago, I was called up by someone claiming to be an insurance company, trying to collect a debt that I supposedly owed for a hit and run accident with my "red truck". I do have a red truck. But I had never, as they claimed, been involved in a hit and run accident with it, two years prior to the call.
To make a long story short, the insurance company paid out for someone's totalled car in an accident. The accident report listed the other vehicle as a red Dodge pickup, license plate unknown. The insurance company then sold its "debt" to a collection agency, which then acquired the registrations (via the state DMV, no less) for every red truck registered in Illinois. In spite of the fact that mine was a Chevy, and the accident report was for a Dodge, they called me, trying to get me to pay up. Basically, they were cold-calling truck owners in the hope that someone would admit to the crime.
They called back a few times. Imagine, for a moment, if I had died and my wife had answered the phone. She could have been defrauded into paying a debt which she didn't owe, simply because she didn't know any better. These collection agencies are borderline fraudulent operations. Yet they enjoy legal status.
It's interesting that banks try to pass the cost onto the consumer. But ultimately, it would take very little to show in a court of law that:
Most IT professionals can get between $50 and $100 per hour for there services. Should a bank require me to settle a case of fraud with anything more than a signed affidavit, you can bet I'll be sending them an invoice. After all - they'll charge you an hourly fee for balance reconciliation when you're at fault; therefore, they should expect likewise treatment.
ID theft is due to the pure negligence of lendors (Score:5, Insightful)
If lendors had to pay for the damage they cause, the problem would disappear overnight. They should be responsible, not the poor victims, for cleaning up the mess. Sadly, they do not care, as it costs them nothing.
Re: (Score:2)
They do, just not from the same person they lent it to.
Less about greed, more about legacy... (Score:4, Insightful)
You have to keep in mind that a lot of systems that check people's IDs, Credit Cards, and Applications are built on top of legacy systems that were designed to work using modems and other terminals. I mean, yes, they have lovely UIs and web-sites but you rip all that stuff away and the entire process runs on the same communications channel as it did in 1990.
Credit Cards address information is often only checked in a very vague way. Since there is no encoding standards and since the address often winds up as one string you have to be very easy going about what passes and what doesn't. For example this might be the string you get in (all examples are valid/legal):
"123 Fake Street TownName State Country POCODE"
"123 FakeStreetTownNameStateCountryPOCODE"
"POCODE"
"123 Fake Street"
And this is the information you have to validate - Address Line 1, Line 2, Line 3, Line 4, Line 5 (Country), POCode (Post Code/Zip code). See the problem?
Re: (Score:2)
Re: (Score:2)
To be fair, programs like Verified by Visa do attempt to stem this... but then, conspiracy theorists could make the argument that Visa only did that to make it harder to make a chargeback in case that password is stolen (kinda like PIN-authenticated transactions in Chip-and-PIN countries).
It is a little weird to me that some merchant accounts allow online transactions without fully using AVS (address verification system). The real problem here are those last two examples you gave:
"POCODE"
"123 Fake Street"
Where the full set of data
Re: (Score:2)
That's the best solution they could come up with? (Score:2, Insightful)
Considering how lending institutions generally operate, it makes more sense that they are making a bigger profit off of "ID Protection" insurance, than they take in actual losses from ID theft.
The only solution I see is to introduce regulation that forces the lenders to pay the cost of ID theft instead of the victims.
Bad incentive alignment (Score:5, Insightful)
Lenders are being completely rational from their perspective. They get paid for creating a market for loans. If they don't issue loans, they don't get paid.
They are using Other People's Money by packaging the resulting debt into CDO's and selling them off, so they don't have an incentive to look too closely at how credit-worthy the individual is. It's a bad combination of negative externalities and information asymmetry. It's a market failure that requires government regulation to fix.
Re: (Score:2)
Why does it require government regulation?
I would think that the entities buying those CDOs would all be bankrupt by now and hence not buying anymore putting an end to such a ridiculous setup. Or at least not making enough money to continue funding such schemes.
Oh, the government bailed them out you say? And the government buys the CODs too?
Well yes, you do need government regulation if the government intentionally fucks over the market correction.
Re: (Score:2)
Well yes, you do need government regulation if the government intentionally prevents the next Great Depression.
Fixed that for you.
Re: (Score:2)
I think you mean "causes".
Re: (Score:2)
Into the future (Score:2)
Why does it require government regulation?
Because there has to be a relatively uncorrupted third party to enforce contracts for a market to function properly. That's why strong governments dominate economically worldwide. When a government is unable to enforce it's own laws, either by lack of power or by corruption of it's governing body, it's called a failed state.
If there are no rules than there can be no coherent markets, since it has the same incentive structure as a casino. Put your money in Blue Chips! Sometimes, you get your money back!
Well yes, you do need government regulation if the government intentionally fucks over the market correction.
If Gl
Re: (Score:2)
Its not "ID Theft" its FRAUD (Score:5, Insightful)
Its not "ID Theft" its FRAUD
Before "ID Theft" existed, con artists would regularly pretend to be someone they weren't in order to steal things. If I pretend to be an engineer from the local telephone company in order to con my way into an old ladies house and steal her purse, no one would even think for a minute that the telephone company should foot the bill, but when someone pretends to be me and convinces a bank to give them some money on that basis, apparently it is ok for the bank to turn round and try to get me to pay for the result of their gullibility.
MOD PARENT INSIGHTFUL (Score:5, Insightful)
People give away too much info (Score:5, Interesting)
It seems evident that most who deal with them just hand this stuff over, and then wonder why they end up being owned.
In the end it turned out good for me since I looked elsewhere and got a much better service on phone numbers - but at the time it looked to me as if I was paying a cost (today) for trying to keep secure (future). They do not need my credit limit for their purposes, I am concerned about what is happening with such information that others have given them; I will report them to the UK ICO [ico.gov.uk].
Re:People give away too much info (Score:5, Interesting)
That's why I do not blur those numbers but replace them with fake numbers. the idiots making the decision as to the legitimacy of a document never actually try to verify it so they want to see something that LOOKS legitimate. Honestly anyone with an IQ over 90 can generate a legitimate looking document in 30 minutes on a computer. yet banks and phone companies hire people with an IQ under 60 to verify the legitimacy of documents.
ID Theft is not a crime (Score:2, Insightful)
Lenders will do nothing until it costs them money (Score:3, Informative)
Lenders will not do anything until it costs them more money to get it wrong than to get it right. I have recently been the target of a fraud. The bank has called me 4 times in the past year about this account. They have my name and my home telephone number. They have the wrong home address, nothing right except the state. They have the wrong SSN. They have the wrong birth month, day, and year. The birth year is off more than 30 years. The card has my name and some other guy (I'm not even going there). How much do you need to get wrong before you refuse this guy? How did they get my phone number? My suspicion is that the original phone number was incorrect so they just looked up anyone with my name in my state and updated it.
Twice I hung up on the bank because I thought they were a telephone phishing attack trying to get me to hand over PII (They were asking my SSN, my home address, my birthdate). The last two times I've talked to their fraud department saying that whomever this is is not me and has no PII even close to me.
Re: (Score:3, Interesting)
Re: (Score:3, Interesting)
Here is a trick I did for the above case. I do not give out SSN to anyone I did not call. They (the other end) were not allowed to give out the SSN, they said that they required me to give it to them. To which I responded that I have no way to confirm who they are. Classic Mexican standoff. So I did a simple hash. Lets say your SSN ends in ABCD (these are variables). I had them add AB to CD and tell me the number. If it does not match mine, and it didn't, I know the SSN does not match. If it does, I have a
Just like DRM (Score:2)
So it's just like DRM: More costly to implement than the money it saves.
And like anti-theft in stores.
There's always a line that you cross where you -can- prevent more theft, but to do so will cost you more money than you save.
I know this from experience (Score:5, Interesting)
I had someone open a credit card in my name. They knew my name, address, date of birth and social security number. What they didn't know, however, was my mother's maiden name. However, the credit card company (*cough* Capital One *cough*) ignored this and let them get a credit card in my name via an online form. Then they immediately changed the address to another address in another state halfway across the country. Then they called up and asked for a $5,000 cash advance before the card was even activated. None of these set off red flags apparently.
The only reason it was caught was that the thieves tried to get the card quickly and so paid for "rush delivery." The card was sent out before the address change went through and it wound up at my door. When I called up, the credit card company first gave me the runaround insinuating that perhaps my wife did it. (Neither of us would ever open a credit card without consulting the other. Much less open an account in the other person's name and then try to get a $5,000 advance.) Then they claimed that they couldn't give me any information because (and this is a nearly direct quote) they'd be "liable if I went out and shot the person." Yes, they were now insinuating that I'd commit murder and then *they* would be sued.
Fine, I had the police call them. But they gave the police the runaround also. They insisted the police call a special "police" number, but apparently only an answering machine staffs that number and nobody returns calls from it.
Basically, the credit card company doesn't care *who* they give a card to because they can write off the fraud and will wind up making a profit either way. Fraudulent charges that consumers pay mean credit card company profits. Fraudulent charges that consumers don't pay are charged back to the merchants for no real loss (to the credit card company, the merchant's out the merchandise). In the end, they don't give a rat's posterior about messed up consumer credit or store losses due to fraud/ID theft. They're making a tidy profit and that's all that matters.
Shifting the risk (Score:2, Insightful)
It doesn't help that many customers are ignorant (Score:2)
At a former job of mine, I had to deal with customers over the phone (a customer service representative). The company actually had some anti-fraud policies that were slightly better than average, but a lot of representatives would ignore them, mostly because many customers were just ignorant (or perhaps they were the fraudsters themselves).
When I would try to enforce those policies strictly, I would get yelled at a lot by customers. Occasionally, I would get a thank you for enforcing those policies in suc
Greatest PR Spin Ever (Score:2)
"Identity Theft?" HAH! That's not what it is. It's the lender's failure to provide a secure credit. transaction. And they offload the risk and expense onto the consumer. Enough of this bullshit fucking doublespeak!
Don't let the PR spin blind you. Push for consumer-oriented credit reform!
Risk - Insurance - Investments -Investor's Risk (Score:5, Informative)
This is why they can get away with it; Lenders sign up as many new lending accounts as possible. They have certain % that will default or are fraudulent. They buy insurance for this risk. The insurance company sells insurance policies which it says have a certain risk (low compared to the # they sell) of actually being claimed on. An insurance policy is something that keeps making money (with a certain % risk of being claimed on). These policies are sold as investment instruments (insurance bonds) to investors. Investors like you and me. They are put into people's pension funds, 401Ks, RRSPs, wrapped into various types of funds. And bingo.... it is now you and I who are carrying the risk. Magic.
Catching fraudulent checks, so we stopped IDng (Score:2, Informative)
PCI Does Nothing To Stop This (Score:4, Insightful)
This is exactly why PCI compliance won't do much to stem identity theft. The institutions that get the benefit of credit cards, i.e. the issuers like Visa/Mastercard, have nothing to gain from preventing it and everything to gain from allowing it. If Visa card is fraudulently obtained and used, Visa loses absolutely nothing. The person whose identity was stolen loses time and effort to get things reversed, the merchant loses because the charges will be charged back, and the merchant loses again because she pays fees for the original transaction and fees for the chargeback. The issuers actually make MORE money when this happens. Visa/Mastercard don't even have to game the system, they are the system. PCI stands for payment card industry. Foisting all security onto the merchants is one small step removed from blaming the consumer.
The banks don't give a shit (Score:5, Interesting)
Then there's the other factor... to even make the FBI's case load, you need to commit a felony. A felony is more than $5000 USD theft.
What happens is most ID thefts are under this amount so they don't make the FBI's radar. Even when they do, the FBI has bigger fish to fry. They are in line behind frauds that are much bigger so never make the FBI's case load. This enables id thieves to pretty much operate with impunity. No one files a complaint with local law enforcement so neither locals, nor the FBI goes after them.
I had the same guy, in Chicago, use my ID 3 separate occasions with Household bank in 2004 (yes, they kept on issuing loans to the same guy that just ripped them off). Each theft was $4500-4900.
Their collections people kept calling me and my wife, and told my wife I have a mistress in Chicago. She thought this was funny since I was home every night with her and NEVER traveled to Chicago (Indeed I wasn't traveling at all after 2001).
So not only to they enable thieves to ruin your credit, their asshole collections douchebags try to break up your family too. I was able to straighten this out by calling the credit bureau directly, raising a dispute (once for each fraud), at which point Household could not produce my signature, and I'd never lived in Chicago (according to credit bureau records) which enabled me to tell Household they can go fuck themselves and the bureaus simply deleted the non-payment entries in their database.
Very nice... but this could have been a real problem had the fraud been local. I'm not sure I'd have been able to clear it.
A way to "fix" this that might work (Score:2)
Set things up so that every time a bank allows fraud to happen the amount in question goes into a "register"
when a certain threshold gets met within a rolling 12 month period (or if 85% of the amount is met within 18 months)
then all the officers of the bank* get charged with RICO violations and go to prison (and are also barred from ever working in a bank or other financial institution in the future).
Since this is very definitely a money scam going on and there has to be a conspiracy...
* to be defined as al