Forgot your password?
typodupeerror
Crime Apple

A 24-Year-Old Scammed Apple 42 Times In 16 Different States 419

Posted by timothy
from the fool-me-42-times-won't-get-fooled-again dept.
redletterdave (2493036) writes "Sharron Laverne Parrish Jr., 24, allegedly scammed Apple not once, but 42 times, cheating the company out of more than $300,000 — and his scam was breathtakingly simple. According to a Secret Service criminal complaint, Parrish allegedly visited Apple Stores and tried to buy products with four different debit cards, which were all closed by his respective financial institutions. When his debit card was inevitably declined by the Apple Store, he would protest and offer to call his bank — except, he wasn't really calling his bank. So he would allegedly offer the Apple Store employees a fake authorization code with a certain number of digits, which is normally provided by credit card issuers to create a record of the credit or debit override. But that's the problem with this system: as long as the number of digits is correct, the override code itself doesn't matter."
This discussion has been archived. No new comments can be posted.

A 24-Year-Old Scammed Apple 42 Times In 16 Different States

Comments Filter:
  • Brilliant... (Score:1, Insightful)

    by Kyokugenryu (817869) on Tuesday July 29, 2014 @10:15AM (#47557703)
    Brilliant tactic, but dumb enough to use it 42 times? He had to know he was pressing his luck the FIRST time, why would he keep going?
  • Re:Brilliant... (Score:4, Insightful)

    by Sockatume (732728) on Tuesday July 29, 2014 @10:21AM (#47557771)

    Presumably he was treating it as a source of income rather than a source of Apple hardware.

  • Re:Wow ... (Score:5, Insightful)

    by hawkinspeter (831501) on Tuesday July 29, 2014 @10:35AM (#47557923)
    As the bank didn't provide an override code and have no record of providing an override code, why should they accept liability?
  • Re:Wow ... (Score:5, Insightful)

    by PlusFiveTroll (754249) on Tuesday July 29, 2014 @10:53AM (#47558117) Homepage

    If you printed your own card and put a number for an issuer that you controlled I don't see what the difference is.

  • Re:Wow ... (Score:5, Insightful)

    by idontgno (624372) on Tuesday July 29, 2014 @11:30AM (#47558439) Journal

    I understand the long-running and much-honored Slashdot tradition of not reading TFA, but couldn't you at least have read The Fucking Summary?

    When his debit card was inevitably declined by the Apple Store, he would protest and offer to call his bank — except, he wasn't really calling his bank. So he would allegedly offer the Apple Store employees a fake authorization code with a certain number of digits....

    There was ample dumbshittery (and liability) to assign here, but it's all on the Apple Store drones. No bank involved.

  • Re:$7142.85 (Score:4, Insightful)

    by SydShamino (547793) on Tuesday July 29, 2014 @12:34PM (#47559027)

    A few laptops gets there.

    The scam works better with a large purchase. Banks routinely deny transaction over some amount, forcing the retailer to call for an override code. Apparently the denial for "bad account" look identical to the one for "valid account, but that amount is high so give us a call, okay?"

    If his card was denied for a $500 purchase, he'd need to convince the retailer that it was a bug in the system, not just a routine check for a large purchase.

  • Re:Wow ... (Score:3, Insightful)

    by lgw (121541) on Tuesday July 29, 2014 @12:44PM (#47559089) Journal

    The customer didn't print special cards here - they're just normal, expired cards.

    The store doesn't call the number on the back of the card - the store calls their own merchant bank.

    This was just straightforward grift (a con game), not some glaring flaw in the banking system. The sales clerks got suckered, perhaps due to lack of training by Apple, or perhaps the con-man was just that good.

  • Re: Wow ... (Score:5, Insightful)

    by madhatter256 (443326) on Tuesday July 29, 2014 @01:01PM (#47559215)

    Not really, I know people who write POS code for a company that competes with NCR. They have no ties to banks. it's all about talking to processors, like VISA, Mastercard, etc.

    I guess people are trying to pin this on the bank because banks are evil. #wallstreet #99% #ideserverwhatyouworkedfor #givemestuff

  • Re:Wow ... (Score:3, Insightful)

    by ddtmm (549094) on Tuesday July 29, 2014 @01:09PM (#47559293)
    Seems to me Apple should have been the one calling for authentication, not the customer. Definitely Apple's err.
  • Re:Wow ... (Score:4, Insightful)

    by idontgno (624372) on Tuesday July 29, 2014 @01:24PM (#47559453) Journal

    Other than mentioning that the store declined the debit card (which is by definition an interaction between the POS and the credit/debit clearinghouse).

    But since you've raised the issue, you've shown exactly where you missed the boat.

    The exploit is completely OUTSIDE of the POS<->bank interaction. (Cuz, "debit refused"). The exploit occurs in the "call a fake bank, offer up a fake reference number, have the Apple Store drones accept it as proof of a valid credit/debit transaction" phase AFTER the machine-to-machine part.

    Apparenly, you've fallen for the same trick the Apple Store drones did: fixating on the machine-to-machine debit transaction (which failed as expected) and completely neglecting the social engineering that followed.

  • Re:Wow ... (Score:5, Insightful)

    by vux984 (928602) on Tuesday July 29, 2014 @01:36PM (#47559547)

    it is up to the cashier to hold the card, read the number and call it themselves

    It is up to the cashier to call THEIR OWN BANK.
    They are not supposed to call the number on the back of the customers card -- for reasons that should be pretty bleeding obvious.

Chairman of the Bored.

Working...