Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy

Identity Theft Skeptic Ends Up As Fraud Victim 388

An anonymous reader writes "British TV host Jeremy Clarkson recently wrote a newspaper editorial ridiculing the uproar that had occurred after the British government admitted to losing two compact discs containing the personal information on 25 million people. To support his claim about the overhyped risks of identity theft, he published his bank account information in the article. Proving that some identity thieves have a sense of humor, a week later, he found out that someone had set up an automatic bank transfer for $1000 to a diabetes charity from his account. This comes less than a year after the CEO of LifeLock, an identity theft protection company which publishes the CEO's social security number on its website, himself was a victim of financial fraud. Back in July of 2007, a man in Texas was able to secure a $500 loan from a payday loan company using the CEO's widely publicized SSN. Will this latest incident finally prove that identity theft is real, and that publishing your own financial info is an invitation for fraud?"
This discussion has been archived. No new comments can be posted.

Identity Theft Skeptic Ends Up As Fraud Victim

Comments Filter:
  • by nullCRC ( 320940 ) on Thursday January 10, 2008 @03:54PM (#21988946)
    Plain and simple.
    • by Naughty Bob ( 1004174 ) on Thursday January 10, 2008 @03:58PM (#21989030)
      I like the scam they pulled, but to be truly poetic, the bank transfer should have gone to Friends of the Earth. Anyone who knows of Clarkson will understand.
      • Re: (Score:2, Funny)

        by modecx ( 130548 )
        I like the scam they pulled, but to be truly poetic, the bank transfer should have gone to Friends of the Earth. Anyone who knows of Clarkson will understand.

        Hahah, no kidding!
      • by Joce640k ( 829181 ) on Thursday January 10, 2008 @04:34PM (#21989642) Homepage
        In the UK you can only set up a direct debit to certain registered things, one of them being charities.

        The pranksters couldn't have set up direct debit to their own account, for example.

        • by ShieldW0lf ( 601553 ) on Thursday January 10, 2008 @04:46PM (#21989882) Journal
          This guy is a jackass.

          "I opened my bank statement this morning to find out that someone has set up a direct debit which automatically takes £500 from my account," he said. "The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again.

          Admitting the error of his previous article dismissing identity theft concerns, he wrote that, "I was wrong and I have been punished for my mistake." The incident seems to have changed his opinion about the risks to which the 25 million Brits have been exposed. "Contrary to what I said at the time, we must go after the idiots who lost the discs and stick cocktail sticks in their eyes until they beg for mercy."


          So, does that mean that every charity and bank out there who has to deal with administrative headaches because he gave his information away should get to poke sticks in his eyes?
          • by fabs64 ( 657132 )
            He said "the idiots who lost the discs".

            Also, you're aware that clarkson is a comedian yes?
  • by Dr Caleb ( 121505 ) on Thursday January 10, 2008 @03:55PM (#21988966) Homepage Journal
    Clarkson, you ponce!

    And learn what a pickup truck is designed for, would ya?
    • Re: (Score:3, Informative)

      by Anonymous Coward
      They were DESIGNED to carry a small bag of £11 firelighters in little metal pots so you don't get the paraffin smell on your hands, ya maroon! (F-series)
      Or to be put on top of a building being demolished (hilux)
      Or to have an incredibly large outboard motor attached to the back and get capsize on a reservoir (another hilux, which he broke!)
      Or to be driven to the north pole. (modified hilux)

      What did you think they were designed for?
    • Re: (Score:2, Funny)

      by Thansal ( 999464 )
      What is that, some kind of Nazi word?
      • by Thansal ( 999464 )
        bah, people need to watch Ave Q more. (ok, so I knew I was gona get modded troll, but it was still worth it :P)
  • by MightyMartian ( 840721 ) on Thursday January 10, 2008 @03:55PM (#21988972) Journal
    In the immortal words of Bugs Bunny: "What a maroon!"
    • by VGPowerlord ( 621254 ) on Thursday January 10, 2008 @04:08PM (#21989182)
      From the other guy's perspective:
      In the immortal words of Bugs Bunny: "Ain't I a stinker?"
  • by Bongo Bill ( 853669 ) on Thursday January 10, 2008 @03:56PM (#21989000) Homepage
    If you give personal information away freely, is it really accurate to call taking it theft?

    Of course, what defrauders do with it might constitute stealing. But that's less "identity theft" and more "money theft" if you ask me.
  • by Red Samurai ( 893134 ) on Thursday January 10, 2008 @03:57PM (#21989008)
    That was a pretty arrogant move, even for his standards, and I'm sure he's be humbled (somewhat) after being taken down a peg. I guess that's the price you pay for overconfidence.
    • by imipak ( 254310 ) on Thursday January 10, 2008 @06:08PM (#21991348) Journal
      Humbled?? Is this some sort of secret clone Clarkson that's roaming the earth? Doesn't sound much like the tosser we know and loathe so much. Viz ran a Roger Mellie (The Man on the Telly) strip taking the piss out of him, it has him doing a piece to camera - "this is the all-new Ferarri Testosterone, and it's 500 BHP of snorting, snarling bitch. If this car was a woman I'd drop my kecks right now and give it one right up the exhaust pipe. IN fact I think I will!" (next frame) "Ugh! Ugh! Ugh! Yeah, bitch, you like it like that don't you?!" "sproing, sproing sproing" (car springs) "Cut!"
  • Privacy Amendment (Score:3, Insightful)

    by Doc Ruby ( 173196 ) on Thursday January 10, 2008 @03:59PM (#21989060) Homepage Journal
    The US Constitution needs a Privacy Amendment specifying that people's right to privacy in our personal data shall be protected, that no one has the right to copy any such data except as necessary to complete the immediate transaction for which it was transmitted by that person, except under explicit permission from that person.

    The 4th Amendment already makes explicit the right to such privacy, but it clearly isn't enough anymore - not for a long time. But since the 4th Amendment itself was merely an emphasis of a right already implicit in the Constitution, but worth repeating explicitly to ensure government protection of it (like the rest of the Bill of Rights), it's perfectly appropriate to reiterate it in terms easily enforceable in the current era, like copyright terms.
  • How?? (Score:5, Insightful)

    by jackjeff ( 955699 ) on Thursday January 10, 2008 @04:00PM (#21989064)
    How in hell is this possible?

    Isn't your bank the only institution able to transfer money out of your account? Don't you have to show your ID? Don't you have to sign some documents???

    My opinion is ID theft is only possible because the clerks in the banks are too lazy to check for an ID or a signature. Whenever you go to a bar in the US, they will look at your ID before they serve booze, but if you set up a $xxxx account/load no one will ever check it. This is just how ridiculous the system is. Account number without proof of identity should be as useless as a car without gas.

    • by PJ1216 ( 1063738 ) *

      Whenever you go to a bar in the US, they will look at your ID before they serve booze.
      This is true. But what about fake IDs? If a kid in high school can get a fake id, i'm sure its not THAT difficult to get a fake ID if you got the right info to put on it.
    • Re:How?? (Score:5, Informative)

      by stranger_to_himself ( 1132241 ) on Thursday January 10, 2008 @04:14PM (#21989296) Journal

      Isn't your bank the only institution able to transfer money out of your account? Don't you have to show your ID? Don't you have to sign some documents???

      Not at all. I've just set up direct debits to pay my bills just by sending my bank account number to the electricity company. They do the rest. Presumably they just take my word for it that it's my money, and then the bank sets up the debit without asking any questions.

      Oh actually I think there was a 'this is not a fraud' tickybox.

    • Re: (Score:3, Insightful)

      by gstoddart ( 321705 )

      Isn't your bank the only institution able to transfer money out of your account? Don't you have to show your ID? Don't you have to sign some documents???

      No, you can sign a form with a company allowing them access to your account.

      I've done this with my insurance company for years. However, I won't let anyone else do it because I've heard too many stories of the company messing up and taking too much money too often or what have you. I don't remember the particulars, but I don't think I had to involve my ba

    • Naiveate` (Score:5, Informative)

      by Burning1 ( 204959 ) on Thursday January 10, 2008 @04:23PM (#21989448) Homepage
      A lot of people are very naive about the security provided by credit cards and checking accounts.

      I used to run credit cards and EFT as part of a previous job, and I was responsible for setting up the system. The only thing I need for an electronic funds transfer is your bank routing and account numbers. All that information is available on a voided check.

      The only security you have, is that it's difficult to complete these kinds of transactions anonymously. Bank fraud is a big deal if you are caught.

      The same is true of credit cards. Your signature is a contract promising to pay. It protects the business against customers reversing charges on purchased goods. It is not used for authentication of any form.
      • Re: (Score:3, Informative)

        by jrumney ( 197329 )

        The only security you have, is that it's difficult to complete these kinds of transactions anonymously.

        It's difficult to complete these kinds of transactions anonymously, and still get your hands on the money. Which is why the exploit in this case was to set up a regular payment to a charity.

    • Whenever you go to a bar in the US, they will look at your ID before they serve booze, but if you set up a $xxxx account/load no one will ever check it.

      What's worse is that if a bar serves an underager they get slapped with a fine and worse. When cashiers don't bother to check for ID and they let a fraudulent purchase get by there is no penalty for not following protocol. I know this is hard to enforce since it probably has no real legal leggings but it would seem that being able to sue companies that are
    • In America the big one is the Automated Clearing House. That's how you do thing like automatic bill pay or such if you want. The company you are paying tells the bank "The customer for this account said I could have this much money," and the bank transfers it. Now the balance on this is that you don't just hop on the network. I can't just go and do an ACH debit from your account. Those that are part of the network are subject to strict regulations, once of which being you have to say it is ok for them to ta
    • UK law allows you to set up direct debits to certain registered entities without too much verification. The pranksters simply chose one of them.

      There's no way a thief could transfer money to their own account (in theory).
    • Isn't your bank the only institution able to transfer money out of your account?

      Generally yes. The banks also approve companies and non profits who can then take part in the Direct Debit scheme. They can then set up a mandate and start collecting money from your account say as bill payment or a membership subscription. These transactions are covered by the Direct Debit Guarantee.

      Don't you have to show your ID? Don't you have to sign some documents???

      No, these can be set up electronically online or over

    • by dlim ( 928138 )
      Just a comment on the laziness of the banks: My wife and I each have a separate checking account and we have a joint account that we use for bills. Last year, I accidentally wrote our rent check from her personal account instead of the joint account. At the time we had completely different names, and the name I signed on the check didn't even resemble the name printed on the check. The bank cashed the check. Probably didn't even look at it.

      I don't know why people go through all the trouble of ident
  • by Reality Master 201 ( 578873 ) on Thursday January 10, 2008 @04:00PM (#21989070) Journal
    It seems like making people paranoid about protecting their personal data is the wrong way to attack the problem, especially given the significant chance that whatever they do, some 3rd party will release that data and put them at risk.

    Instead, we should remove the incentive for identity theft and make it MUCH more onerous and difficult to get anything worthwhile out of stolen financial data.

    Plus, it'd be nice to not get those 10-15 credit card offers a week in the mail.
    • by Anonymous Coward on Thursday January 10, 2008 @05:07PM (#21990250)
      "Plus, it'd be nice to not get those 10-15 credit card offers a week in the mail."

      No, no, no! You're looking at this all wrong!

      I LOVE getting those free offers in the mail - but only the ones with the return-postage-paid envelopes.

      Did you know that you can tape that envelope to ANYTHING (almost...) that weighs less than 70 lbs.? And it will be delivered?

      That's how I get rid of my old 486, 386, etc computers. And I don't fill up MY landfill! (And they have to dispose of them correctly!)

      Sweeeet!!
      • Re: (Score:3, Informative)

        by CodeBuster ( 516420 )
        They changed the postal regs on that one a long time ago, at least here in the United States (I think it goes back to the Nixon presidential campaign during the 1970s when people were using his postage paid campaign fund raising envelopes to mail bricks and other heavy objects by taping the envelope to the object in question). Anyway, if it doesn't fit inside the standard envelope or weighs more than a certain low amount, less that 3.5 ounces and 0.25 inches thick are the maximum limits for standard envelop
  • Re: (Score:2, Informative)

    Comment removed based on user account deletion
    • by gnick ( 1211984 ) on Thursday January 10, 2008 @04:25PM (#21989474) Homepage
      Actually, it doesn't say that he was a victim of "identity theft". It says that he is an "Identity Theft Skeptic" and that he is a "Fraud Victim". The article called the crime "identity fraud" which seems accurate. Somebody said "These is my account information, please accept my money." - Perfectly describable as "identity fraud" and nearly enough for the article submitter to assume that the fraudsters were "identity thieves" as he described them.
    • by raftpeople ( 844215 ) on Thursday January 10, 2008 @04:26PM (#21989502)

      When it becomes "theft" is when someone steals an identifying document, such as a passport, social/national security card, or a driv[er's|ing] licen[c|s]e.
      So, if they steal a document then it's identity theft, but if they create a false document using accurate information, then it's not identity theft?
  • During the news segment this season. He somehow blamed it on using his credit card at the gas pump, whether or not it was while filling up his Lamborghini he didn't say. James May did not say "oh cock" to this.
  • by whitehatlurker ( 867714 ) on Thursday January 10, 2008 @04:05PM (#21989142) Journal
    Clarkson now says of the case: "Contrary to what I said at the time, we must go after the idiots who lost the discs and stick cocktail sticks in their eyes until they beg for mercy."

    I wonder if he poked sticks into his own eyes ... after all, he did exactly the same thing, the only exception being that he did it to himself, rather than to others.

    I can only hope he continues to contribute to the charity so he can stay humble.

  • by Albanach ( 527650 ) on Thursday January 10, 2008 @04:07PM (#21989174) Homepage
    To be fair what happened was someone set up a Direct Debit in his name, where a company or organisation can deduct money directly from your bank account. These are _very_ common in the UK, much more so than direct bill payment in the US.

    One of the reasons they are so common is that every transaction under them is covered by the Direct Debit Guarantee [bacs.co.uk]. Under this, he can get an immediate refund from his bank just by asking.

    The process of being approved to collect direct debits is pretty arduous, as the banks bear a lot of the costs if something goes wrong. At the same time, the consumer has a level of protection light years beyond that offered in the US for similar transactions.

    It's not that uncommon for friends exchanging money in the UK (say someone borrowed some cash for a night out) to simply hand over their bank details and get the money from their friend as an electronic transfer using online banking. In general it'd be pretty difficult for someone to take money from an individual's bank account, even knowing their details for their own benefit. I'm not even sure most online banking in the US lets you deposit money directly into another person's account?
  • Strangely (Score:3, Insightful)

    by Billosaur ( 927319 ) * <wgrother.optonline@net> on Thursday January 10, 2008 @04:10PM (#21989226) Journal

    I still hear the LifeLock commercials on the radio as I drive to work all the time. I don't see how they can prevent someone from stealing your identity, especially if you're dumb enough to give out the information to people who will use it for nefarious purposes. If all there offering is a service to undo the damage, that might be useful given how time-consuming it is, but then can they necessarily represent you to organizations where you need the information changed or charges nullified?

  • by MyNymWasTaken ( 879908 ) on Thursday January 10, 2008 @04:11PM (#21989248)
    The information he gave out was the same information a person gives out when they hand over a check. It's analogous to a pundit loudly proclaiming that it is perfectly safe to walk around outside. This is then demonstrated by walking through a large crowd of people. Somebody decides to prove otherwise & stabs them in a non-lethal manner solely to illustrate the point.
    • by smaddox ( 928261 )
      Except you don't usually send checks to people you don't know, unless you are buying something.

      So really, it's more analogous to a pundit loudly proclaiming that it is perfectly safe to walk around inside a prison. This is then demonstrated by walking through a prison with $100 bills stuck out of his pocket. Somebody decides to prove otherwise and steals the money solely to illustrate the point.
  • Open Mouth. (Score:2, Funny)

    by AndGodSed ( 968378 )
    Insert Foot.
  • Regarding the recent loss of CDs containing data on 25 million UK people, Clarkson says: "We must go after the idiots who lost the discs and stick cocktail sticks in their eyes until they beg for mercy."

    Can't argue with that.
    • by LWATCDR ( 28044 )
      Yea except he himself thought that it was no big deal to start with and harmless... So when does he start sticking those cocktail stick in his own eyes?
  • With all the money being lost in this kind of crime you'd think the vulture lawyers would be swarming all over the poor practices by financial companies. These companies have lots of money to "liberate". The crimes are utter negligence.
  • Identity theft - how hard can it be?

    (And if you don't get it, watch Top Gear [wikipedia.org].)

  • by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Thursday January 10, 2008 @04:53PM (#21989998) Homepage
    Why the F should the data protection act stop the bank investigating fraud ? What questions are the bank prohibited from asking ? In the UK the data protection act is often used by organisations as an excuse to not do something - quite often because the are too lazy to do a proper job.

    If a crime bas been committed the police have good reason to seek to have privacy doors opened - perhaps with the oversight/approval of a judge. Recent UK legislation is giving civil servants wide investigation powers - without judicial oversight.

    This smacks of an excuse.

  • by mpapet ( 761907 ) on Thursday January 10, 2008 @04:57PM (#21990100) Homepage
    Can this topic come up and not a single person asks ANY of the following questions:

    1. I get someone elses ssn, and I'm off to the bank. (or whatever) Why is the process that associates a unique identifier (U.S. = SSN) with financial activity so simple?

    2. Why does "sucks to be you" suffice every single time this issue comes up?

    3. While individual financial data is available to the financial institutions, it's totally opaque to the consumer. Ex. how is my credit score calculated? How come consumers have practically no control over it?

    4. The risks of an easy credit system far outweigh the benefits and yet no one seems to acknowledge this. An indirect example of this is the bad packaged loans that are driving the current "credit crunch."

    Transparency is the keystone to a healthy economy and yet there's less and less with each passing year.
  • Wrong Focus (Score:2, Insightful)

    by Anonymous Coward
    The report here should not be that some person had their identity stolen.
    The report should be that some dumb bank transferred funds without checking identity.

    The sooner we put the right focus on this problem, the better. It shouldn't be called identity theft. It should be called bank malfeasance.

    When somebody walks into Citi bank and tells the teller my name, the teller shouldn't hand all my cash over to that person. That isn't identity theft; it is complete incompitence, or worse, collusion.

    Don't report th
  • If someone steals money from my account it is totally up to bank to deal with it, I usually don't care and in only one occasion when something happened I got my money back in hours. Law should put all responsibility in these cases on thieves and companies who failed to verify identity. If companies and financial institutions would be held responsible for not validating customer's identities properly I guess identity fraud cases will drop dramatically. If they afraid to make few extra checks in fear of losin
    • by Shados ( 741919 )
      Its not quite that easy... There's a question of convenience here, and do too much, and your customers get fed up.

      Take Visa's "Verified By Visa" program. For a long time I'd systematically avoid online stores requiring it. Its just one more password I have to remember or store in a password manager, I always forget the darn thing, and if it takes me more than 3 tries to remember it, I have to call my back to get the freagin card unblocked. Its total hell.

      Now, not long ago, I got my debit card cloned (ironic
  • God, Clarkson is a Genius, yes, he may act like an idiot sometimes (case in point) but for humerous value, it's incredible, and he is a guy you can relate to - everything he says, if you agree with it or not, you can see where he is coming from, and laugh at the way he presents it. Much like Zero Punctuation or for the more adventurous, Encyclopedia Dramatica. Recently there was a petition signed by many on the UK Government's website for Clarkson to become prime minister - everyone likes the guy. He always
    • Re: (Score:3, Interesting)

      by dave420 ( 699308 )
      Not everyone likes the guy. Some folks realise he's intentionally an ass to get great reactions from folks. He does make great TV, but it's contrived. It's presented as non-scripted, but that couldn't be further from the truth. I like a lot of what he does, but I wouldn't trust him with anything important.
  • Information != ID (Score:4, Insightful)

    by davburns ( 49244 ) <`davburns+slashdot' `at' `gmail.com'> on Thursday January 10, 2008 @05:44PM (#21990852) Journal

    I think this is possible only because people confuse information about an identity with that identity, and therefore believe that knowledge of that information proves that the person is who they say they are.

    I think there's way too many people and organizations with legitimate access to all kinds of information about me for me to consider that my SSN (or an account number that's printed on every statement that goes through the mail, or 16+4+3 digits on a credit card) is a good shared secret between me and my bank (or employer, or anyone.) Then, there's all the people who have illegitimate access.

    We still use this because... it works "well enough." Banks make enough that they can cover the loss from a few fraudulent loans. And a person having to clean up a credit record is a PITA, but it's doable. And it's an externality from the bank's perspective.

    Thinking about this, I don't have a real solution. It's advisable to guard your psudo-secrets, when you can. A law or two to help this might help, but not get rid of the problem. Until someone comes up with a good identifier[1], we're stuck with it.

    [1] For values of "good identifier" that include a way that one person can prove they are the same person who established the good credit / made the bank deposit / whatever, including letting someone act as a limited agent of another (so the power company can take my electricity bill out of my account, but not let a rogue employee take all my money and buy Enron stock) and also doesn't let someone establish multiple identities with which to keep ripping off banks and others.

  • by geekoid ( 135745 ) <dadinportland&yahoo,com> on Thursday January 10, 2008 @07:15PM (#21992348) Homepage Journal
    He published is information, and the only thing that happened was an automatic withdraw?

    If it was as rampant as people are bing led to believe, his account wold have been empty.

    Yes, it exists, but I don't think it's worth the panic people tend to go into.

    Of the millions and millions of people whose information has been stolen or lost or were copied froma computer system, only a very tiny fraction have been the victims of identity theft.

Real Programmers don't write in FORTRAN. FORTRAN is for pipe stress freaks and crystallography weenies. FORTRAN is for wimp engineers who wear white socks.

Working...