Torn-up Credit Card Apps Not So Safe

Maximum Prophet writes "This dude tears up a credit card application, tapes it back together, sends it in with his cell phone number and father's address, and voila, gets a credit card. Who would have thought security at a credit card company was so lax? The company recommends that consumers "tear up" financial solicitations before throwing them away, "so thieves can't use them to assume your identity.", but according to them, "Applications that arrive in damaged form are customarily transferred to an electronic format, he said -- often by machine. So it's possible a human being never handled the taped-up application and never had the chance to spot the obvious sign of trouble." In this era where we worry so much about identity theft, this sort of thing really makes you wonder what the point really is.

shred shred shred

I always shred this kind of thing.
-l

Re:shred shred shred

In the US, you can now use a phone number (it's something like 1-888-3OptOut) to opt out of the prescreened credit card offers. I did so several weeks back and the offers have slowed to a trickle.

I do kind of miss shredding the fake AmEx cards that came with their offers, though.

Re:shred shred shred

The FTC has an alert [ftc.gov] that gives you a few options, including the phone # to call for opting out.

Re:shred shred shred

I keep a copy of the 217 page Bankruptcy Abuse Prevention and Consumer Protection Act of 2005 [gpo.gov] handy for this kind of thing. When I get a credit card offer, I print out a polite letter explaining that I must decline the card because of a lack of bankruptcy protection, and that I am including a copy of the legislation in case they have any questions. I cram it all into the business reply envelope. Unfortunately I have to print double sided or 4 sheets to a page but that envelope gets crammed pretty good- nice and heavy.

I met a guy with an even better idea. He has a home equity line of credit (HELOC). When a stupid credit card offer comes offering 0% interest, he pulls a couple grand out of the HELOC. Then he applies for the card and does a balance transfer from the new CC account to the HELOC. (Credit cards are too smart to just send you wads of cash when you apply, but they will give you the money if it's to pay another creditor- that's why he uses the HELOC, as an account to shift balances around.) If he gets the card and the transfer goes through, he puts the money in a CD earning 4.5% that matures when the card's introductory period expires.

Pre-approved applications

>I really loathe these pre-approved credit card ads that come with large bright "0% for six months!!!" print on the outer envelope.

Amen. The reason I opted out of receiving those was exactly the one you mentioned, that they're a security problem.

The number to stop them at least used to be 888-5OPTOUT.

Re:shred shred shred

I solved this problem by having credit that is so bad, people literally laugh at me when I apply for a card. The weird part is I still get these offers in the mail; I still think it is a ploy by the credit card companies to give their employees a good laugh now and then.

Re:shred shred shred

Several years ago when I had no credit record I applied for a Discover card. On the same day a few weeks later, I received two pieces of mail: a rejection of my application due to insufficient history, and a offer to sign up for a Discover card.

Re:shred shred shred

The reason these are considered "safe" is that most all credit card applications require a social security number. So, that means the identity thief has to steal a piece of mail from your health insurance company, which is a pretty reliable way of obtaining a social security number, since most insurance companies use it as a unique subscriber identifier. Theres no way to win.

Actually, if you sign up for insurance, for most applications you can write the words "please assign" in the space for the SSN, and the company will assign a number for your policy. I should note that some brokers will get smart with you, and try to "guilt you" into providing your real social "in the event you are incapacitated" and "so your loved ones can help". Don't let them guilt you (if I am incapacitated or dead - I don't care anymore, now do I?). Also, don't put in a "fake SSN", as these get caught fairly easily (and you'll get a phone call or letter) - or if they aren't, then it might be YOU who are guilty of "identity theft", if it is found out it matches someone else's real number in the system...

Re:shred shred shred

Yep, cross cut shread everything that I throw away that even might have encriminating data. If you are more paranoid, you can keep a burn bag of the shreaded stuff.

Re:shred shred shred

If for some reason you're fire averse a pair of scissors properly applied for about 10 seconds will prove sufficient to defeat the roll of tape.

You'd think so, wouldn't you. However, you might want to read this story [edwardjayepstein.com] about the Iranian students in 1979.

First three sentences of the fourth paragraph:

This was the situation up until November 1979 when Iranian students seized an entire archive of CIA and State Department documents, which represented one of the most extensive losses of secret data in the history of any modern intelligence service. Even though many of these documents were shredded into thin strips before the Embassy, and CIA base, was surrendered, the Iranians managed to piece them back together. They were then published in 1982 in 54 volumes under the title "Documents From the U.S. Espionage Den", and are sold in the United States for $246.50.

This particular story didn't say so but I read elsewhere that the students laid out the shredded documents on the floor of gymnasiums and pieced the documents back together.

gymnasium and scotch tape no longer required

This particular story didn't say so but I read elsewhere that the students laid out the shredded documents on the floor of gymnasiums and pieced the documents back together.

The technology now exists to scan fragments of documents en-mass and piece them together semi-automatically in electronic format. Some human interaction is still required, but it is much faster and easier than the Iranian effort. This is being done to restore ancient manuscripts but I'm sure it's being done in the covert and criminal fields as well with shreded documents.

wimp

I shred it, then I set it on fire. I then take the ashes and compress them into a diamond-like form. Then I smash it apart, and put the crystal shards inside the event horizon of a black hole, beyond which no information about the black hole's interior can escape to the outer universe. [uiuc.edu]

its the only way to be completely sure.

Re:wimp

Wasteful. I work for the department of defense. I just claim the documents are part of the war on terror. They get marked classified, and no one sees them for 25 years.

whose fault

'Shouldn't' this be the companies problem? MCI decided years ago I owe them money, I don't, and every two years some collection agency comes calling.

Re:whose fault

Can MCI provide you with a copy of a document you signed regarding the charges? If not (and if I'm not mistaken), what they're doing is illegal. Next time you get a call, request this information and if they can't or won't provide it, tell them that if they call you again it's off to the FCC and your state's attorney general.

Re:whose fault

'Shouldn't' this be the companies problem?

Can MCI provide you with a copy of a document you signed regarding the charges? If not (and if I'm not mistaken), what they're doing is illegal.

Please forgive me for sounding condescending, but parent and grandparent posts are COMPLETELY missing the point. It doesn't matter if it's illegal, all that matters is the they (giant, godless corporations) have infinitely deep pockets and an army of lawyers, while you have enough trouble making the rent. They are COUNTING on this.

As long as they're vastly more powerful than us, it is usually to their advantage to create problems for you that you may (or may not) pay to make go away. I finally paid a lawyer over $5,000 to correct MBNA's refusal to stop reporting credit fraud as mine. Once the 100 page brief was filed with the court and MBNA saw that there would be financial consequences, they finally backed off.

There's a huge difference between what's illegal and what's prosecuted.

Re:Its called a cross cut shredder

>Why not just shred it using a cross cut shredder. thats what i do . I would like to see somebody put something that has been through one of those back together.

Churchstreet Technologies [eweek.com] will scan the debris in a shredder's output bin and their software will reconstruct it in RAM. They claim to be able to piece together even crosscut documents as long as you haven't mixed several bags together. Seems to be that columns of number would be an intractable problem, I don't know whether they can manage those.

For the extra paranoid

I always try to put different pieces of my financial documents in different trash bins. I suspose burning them would be even more effective.

Possible? Yeah, but highly improbable

"Applications that arrive in damaged form are customarily transferred to an electronic format, he said -- often by machine. So it's possible a human being never handled the taped-up application and never had the chance to spot the obvious sign of trouble."

What, a machine opened the letter, recognized it was an application (and not, say, other junkmail that got stuffed into the nearest bulk reply envelope), fed it into a scanner, then trashed the hard copy? At no point in the process does a human see it? Sounds like bullshit.

Re:Possible? Yeah, but highly improbable

If humans aren't involved in the letter opening process, it's time to have some real fun...see how well their machines handle foreign substances

1) Save the return envelope.
2) Fold up a blank piece of paper with a nice wad of chewing gum/peanut butter/diaper contents/etc
3) Mail your "application"
4) ???
5) Profit

Re:Possible? Yeah, but highly improbable

I send most junk mail solicitations back to the sender in their own return envelope. If they send those neat colorful stickers, I stick a few of those on the envelope's outside border for good measure. So you have an over-stuffed envelope with stickers to gum up the machines.

My wife did a few months on graveyard shift at a First Security payment processing center (before Wells Fargo assimilated them). She said those machines are *really* cool, really fast, and jam up so easily that they have dedicated staff on-hand to fix particularly nasty jams.

So if you want to put a (albeit small) dent in the productivity of the Evil Credit Card Sharks, send back those handy self addressed envelopes stuffed with their own junk mail. Be sure to fold, spindle, and mutilate the envelope, too. :)

Re:Possible? Yeah, but highly improbable

So if you want to put a (albeit small) dent in the productivity of the Evil Credit Card Sharks, send back those handy self addressed envelopes stuffed with their own junk mail. Be sure to fold, spindle, and mutilate the envelope, too. :)

Nah, just send back the application (blank) with a thin layer of jelly.

OMG!

Nah, just send back the application (blank) with a thin layer of jelly.

OMG! That's not jelly! EEEEEEWWWWWW!

Re:Possible? Yeah, but highly improbable

Forgot to mention the solution I did end up using for a particularly determined bank which kept sending me high interest "pre-approved" credit card applications:

I made my own checkbox next to the "YES! Sign me up." that said "No thanks," and checked it. Naturally, I put it in the business reply envelope, along with a dollar or two in pennies (to be used toward the processing fee of course), and sent it on its way.

They never sent me another application.

Re:Possible? Yeah, but highly improbable

What, a machine opened the letter, recognized it was an application (and not, say, other junkmail that got stuffed into the nearest bulk reply envelope), fed it into a scanner, then trashed the hard copy? At no point in the process does a human see it? Sounds like bullshit.

I'd guess yes, at no point in the process does a human see it.

Here's one vendor -- OPEX [opex.com]. This one does opening and extraction [opex.com] but isn't particularly fast at 17,000/hr. They have a scanning solution as well -- significantly slower but the mail goes straight from envelope to scan.

This is just what I've found in a quick search because I knew something like it existed; I'm not that familiar with the high-speed mail processing industry. I'd imagine that the technology would surprise most people.

Re:Possible? Yeah, but highly improbable

Working in the mailing industry, I'll call your bullshit, and raise you a scanner.

Not only is it possible, but probable. While I would expect a lot of errors, or "bad" data from the scan, I promise you it was scanned...

True, but why is it *my* problem to solve?

Why should I spend my money to solve a problem that some credit card company creates? Especially when I'm not even their freaking customer?

Solution!

Buy a shredder. I shred every credit card offer and transfer check my current credit card company sends me. It's ridiculous the crap they send me. One of these days, a thief is going to raid my mailbox before I get home and get a credit card in my name. Oh well. At least I get to play Enron Executive with my niece.

Re:Solution!

One of these days, a thief is going to raid my mailbox before I get home and get a credit card in my name.

Last summer I had a notice in my mailbox from the Postmaster that stated there were reports of mail theft in our neighborhood and that we should be watching closely for ID theft.

My wife is concerned with throwing mail away and the thieves getting it there. Why would they bother to go through my trash and get dirty when they can get it fresh from my mailbox w/no one the wiser.

The basis: Where Credit Comes From

Why do banks accept any application, even ones with errors?

Banks want you to have credit -- of course they'll accept any application as long as the name and social security number match their lookups, and your FICO score is reasonably high (although banks are now lowering standards to give out even more credit).

When a bank offers credit, it does so based on money it has (of course). Yet it is very important for the average person to understand where this "money" comes from -- especially digital money such as you'd have when you have an available credit line.

All banks that are part of the central banking system (the Federal Reserve) are required by the Federal Reserve to stick something called a money multiplier. I believe the current money multiplier is 12% or so, but it varies. This basically means that a bank must keep a reserve of that amount versus the actual money is sends out. If a bank loans out $1000, it has to keep $120 in the bank. Even if it loans out the $880 ($120 in reserves) the bank can stil say it has $1000 in demand deposits available -- even though it doesn't.

The collusion comes into place when the first bank is given $1000 by the Federal Reserve. The Federal Reserve is allowed to print new money out of thin air by creating loans against government property and future government income. This initial $1000 is placed in Bank A as available cash. Bank A holds $120 but loans the remaining $880 to Bank B which is also part of the Federal Reserve banking system. Bank A still holds a demand deposit value of $1000 which is available to be withdrawn! Bank B also has $880, but has to reserve 12% of it ($105). It then loans the rest ($775) to Bank C, but still lists $880 as its available balance of demand deposits. Bank C reserves its 12% ($93) and loans the rest ($682) to Bank D, while still listing the original $775) as its available balance. This collusion continues to go around until there is no more reserve balance available. In the end, the original $1000 the Federal Reserve created is held as a base reserve for the $9000 or so "new money" that is created.

Banks need people to accept this money in loans or in credit -- this is the way the bank actually makes money. Eventually all the loans are hopefully paid back into the system, so the bank makes a nice interest rate. On the new $1000 created, each bank wants to loan out as much as possible -- and these loans are used to buy goods, which recycles money back into the banks which can be kept as reserves to create even more money! If the bank takes $1000 and loans out $880 but receives $400 of that bank in, it can now loan out a portion of that $400 that it has in reserves.

In the long run, the system wants debt out there because it is created out of fake inter-bank loans anyway. Most of you don't even see your physical money because it doesn't exist -- there are about $600 billion dollars in circulation worldwide, but there are over $10.2 trillion dollars on the books!

And people have faith in the system.

A Simple Way To Prevent This!

they'll accept any application as long as the name and social security number match their lookups, and your FICO score is reasonably high

There's a foolproof way to keep this kind of identity theft from happening to you: just make sure your FICO score is really, really low!

That way, nobody will be able to get credit in your name. And, as a bonus, it's really easy to do!

But He Sent it In

Where the problem??? Obviously, the credit company has some really advanced process that allowed them to determine that he actually sent it in (maybe they check the fingerprints on the tape, who knows)..

If a real criminal would have attempted to tape it togather and send it in, the company would definitely not accept it...

And for the humor impaired ;-)

Pimply faced kids

Said it before, I'll say it again, I worry more about handing my card to the PFK at the corner gas station that about people going though my trash or grabbing my info off of the 'net.

Most of the fruad that I've suffered has been at the hands of large corporations that reckon that my lawyer won't be willing to take on their lawyer.

Isn't there a human somewhere?

Isn't there a human in the processing chain somewhere? Doesn't someone have to physically open the envelop and scan the application? It seems like that is the logical place to check for potentially fraudulent applications. I don't believe that step is automated, but then again I've never worked at a place that needs to process thousands of letter a day. Or is it that the person getting paid minimum wage to open and scan letters could care less if someone is committing fraud?

Make the banks liable...

Once again, I like Bruce Schneier's proposed solution:

The bank must be made responsible, regardless of what the user does.

That quote is from Mitigating identity theft [com.com], which provides a refreshing perspective on the problems collectively labelled as identity theft. Bruce points out that many of the "solutions" to identity theft focus on aut