FTC Kills Dirty Online Check Processing Outfit

coondoggie writes "The Federal Trade Commission today got a US District Court to stop permanently what it called the illegal operations of an Internet-based check creation and delivery service, and to require the group to give up over half a million dollars in ill-gotten gains. According to the FTC, Qchex.com created and sent checks drawn on any bank account that a Qchex user identified, but did not verify whether the user had authority to draw checks on that account. As a result, fraudsters worldwide used the Qchex service to draw thousands of checks on bank accounts that belonged to unwitting third parties. 'The evidence shows that the launch of Qchex.com was a "dinner bell" for fraudsters and resulted in a high number of accounts frozen for fraud...' said District Court Judge Janis Sammartino."

Re:

[PalmKiller]

Yet you come back again and again.

Re:

[Anonymous Coward]

protip: no all Anonymous Cowards are the same person

Re:

[PalmKiller]

LOL, that explains it then

Re:You are kidding arent you?

[rubycodez]

of course there's a logical explanation. Linus took another much older OS called Minix written by a cranky old C.S. prof and changed the M to an L and an i to a u, and then distracted the professor with a meaningless and pointless argument about kernel architecture. Even after the Dr. found out about his former student's shameless plagiarism, he was just mostly relieved to find out that long haired dope smoking hippie Berkeley types would now target Linus' work with their "improvements" instead of "always trying to make my Minix into some kind of faggot BSD".

Linux unsuccessfully tried to compete with Microsoft on the desktop, until the KDE 4.x window manager managed to trump Vista in complexity, distracting eye candy, user confusion, bugginess and bloat.

Re:

[interstellar_donkey]

Um, my Casio calculator watch from 1984 runs Linux, despite having no OS, no way to load media, and nothing but a 14 button keyboard.

Maybe you just don't understand how Linux works.

Now if I can only find a driver for the joysticks for my Atari 2600, that'll be running Linux too.

Check Security

[Adrian Lopez]

Checks are insecure. The lesson: withdrawing money from people's account should require more than an account and bank routing number.

Also...

[Adrian Lopez]

I just found this 2005 MSNBC article [msn.com] that talks about Qchex.com (the company mentioned in the above), and check security.

Re:

[Vlad_the_Inhaler]

So this scam was known to be a scam almost four years ago.

Why did the FTC not get involved several years ago? Are the people running this business facing prosecution? Does the fact that the FTC ignored these activities for years mean the people running Qchex.com are safe from prosecution?
I suppose the wider implications are that the FTC's inaction had a lot to do with the president of the day.

Re:Check Security

[fm6]

This is one of many things wrong with our current banking transaction system. It's not even the worst (though it is pretty bad). But the established financial institutions find the status quo extremely profitable, and aren't anxious to see it changed. So they write off the losses from the occasional fraud that they can't stick on somebody else.

I've often wondered if this institutional inertia is why online micropayments have never gained traction. The usual argument is that people prefer the alternatives (advertising supported media, flat rate subscriptions, etc.) But I don't see where these arguments have ever been tested by giving users a real choice.

Re:

[wvmarle]

The problem of micropayments (payments of less than US$ 0.05 or even fractions of a cent) is that you ask a user all the time when they want to see certain content, whether they want to pay for it.

So the user not only gets an extra step in between (accepting a payment) to see an article or blog post or youtube video, also they have to think and decide whether or not to make this payment.

This is probably the main reason why micropayments never took off. Setting up an account at some provider and charging i

Re:

[fm6]

The problem of micropayments (payments of less than US$ 0.05 or even fractions of a cent) is that you ask a user all the time when they want to see certain content, whether they want to pay for it.

"Viewing this page will cost you $0.001. To avoid this charge, navigate away in 5 seconds"

Re:

[Anonymous Coward]

Checks are also obsolete except that they make convenient gifts, but it's still not that difficult to deposit into another's account given the number. And note that when you buy something with a check the amount is now instantaneously debited from your account but when you deposit a check, it takes at least a few days to a week to clear. Why the inconsistency?

I've also noticed that some particularly thieving rat-bastard banks, the ones that Obama is trying to bail out, treat in-person bank teller withdr

Re:

[sndtech]

The instant debit you are speaking about comes from merchants use of automated clearing houses. essentially turning your check into a direct deposit into their account from yours. when you or I deposit a check into our account, we don't have a fancy ACH machine to run the check through, so the check needs to clear in the usual way.

Re:Check Security

[ciscoguy01]

For some time I have wanted my bank to just return any documents, checks, credit card charges, *anything* that does not include my original signature personally signed by me in ink.
They don't have the ability to set my account to do that.
Walmart, Sears, Kragen, all have signature capture hardware on their cash registers. But why would I want my signature stored in any computer? I wouldn't. I could easily put any signature on any document with a computer. *Lots* of people can today. A printed, pasted, captured signature on a document proves *nothing*.
I just make an "X" on those systems.
If we ever get to court about one of those transactions I will be expecting them to produce an originally signed ink signature, personally signed by me, proving I was here today and signed that document.
Without that, well, clearly I wasn't here.
Which is the only purpose of signing *anything*. To prove I was there that day and that *is* my signature.

Re:

[Majik Sheff]

Sounds like you bank with Wells Fargo. There's a reason the corporate office can afford heated sidewalks.

Re:

[Vegeta99]

Add M&T to that list of people who finagle the order of transactions to maximize your loss!

Example: Friday, I had $50 in my account, made 4 $10 purchases. On Saturday, I made a $50 purchase, overdrafting by $40. What is my balance, kids? -$10? WRONG!!

Friday night: $10.
Saturday night: -$40
Monday Morning: -$180. All your purchases on Friday went through, but when we went to "take out the money" that we were "just holding" it "wasn't there" because "you spent it on saturday". Therefore, 4 transactions over

Re:

[encoderer]

Well, if you want to get technical, nobody changes the order of anything. They just deduct PENDING SUM from CURRENT BALANCE to reach AVAILABLE BALANCE.

To use your example:

Thursday:
Current Balance: $50
Pending Sum: $0
Available Balance: $50

Friday:
Current: $50
Pending: -$40
Available: $10

Saturday:
Current: $50
Pending: -$90
Available: -$40

Monday Start of Biz:

Post 1st $10 transaction: Move $10 from Pending to Posted, Subtract $10 from Current Balance. Is Available balance negative? Post Overdraft Fee.

Post 2nd $10 tra

Re:

[Vegeta99]

Actually, to try and get you on a double whammy, they do both. Pending balance counts as your "real balance" and check card holds (like when I get gas and they check to see if there's $50 in there) count against that. On top of that, they re-order transactions when they post to go from higest to lowest. It's a feature, not a bug, but they say its so that higher-priority transactions go through first so they don't bounce (they don't ever bounce)

Re:

[bhiestand]

That's why I use ING Direct... my account came with an automatic no-fee overdraft line of credit of $1,000 charged at (as of December 08) 7.25%. So when I screw up or a payment goes through earlier or later than I expected, I only pay interest on it for a day or two until my balance gets fixed. The way it should be for anyone who is financially responsible and has a good credit score.

I know other banks offer features such as this. You should definitely check them out. Or let me know if you want a referra

Re:

[narcberry]

When I was taught about checks in high school, I was taught that all that matters is that a document is signed signifying the amount of money, the recipient, and the banking account number. I'm glad to see we can forgo the contractual aspect of checks, and reduce it to a set of numbers, both of which are found on every check. Glad my bank honors that. It's comforting to know that my entire savings is up for grabs every time they mail me a checkbook.

Re:Check Security + nigerian scammer

[Dare nMc]

It's comforting to know that my entire savings is up for grabs every time they mail me a checkbook.

and every time you give anyone a check, or cash any check (both transfer the same information.) after all this is not the last way to use a ABA# + account # to clear a bank account. I have in my canceled checks the account number, and bank ABA number for everyone who has cached one of my checks. I think we had a social agreement not to turn over the other guys bank info to a Nigerian scammer and wipe them out. But who knows...

Re:

[interstellar_donkey]

Just keep your checking accounting/routing numbers safe. I hear there are some financial institutions in Nigeria that are pretty good at doing just that.

Re:

[Kaenneth]

Is writing a bad check still a felony in California?, and does that only apply if it's a physical check, actually signed?

Re:

[interstellar_donkey]

It's the new magic ATMs that only have 4 numbers on it: 1,2,purple square and 8.

Re:Check Security

[c6gunner]

4 digits isn't very secure, since 4^4 yields only 256 possible combinations

Oh noes! Well, luckily 10^4 gives 10,000 combinations. Maybe you should get your bank to invest in better ATM keypads?

Re:Check Security

[Nerull]

You're going to wonder how you said that, I suspect, but think for a bit.

You just said a 4 digit number has only 256 possible values. Now count from 0 to 9999...

Re:

[francium de neobie]

It's pretty ironic that we techies use a myriad of algorithms to protect data that nobody really cares (raise your hands if you use TrueCrypt - I do). Yet our banks, supposedly protecting one of the most important things in our lives, don't give a shit.

Hey, a computer printed it, it must be valid!

[shanen]

Also, I read it somewhere on the Internet. Maybe even the creation of some of these oh-so-clever /. legends?

Mark this under "brilliant ideas"

[spartacus_prime]

I want whatever those guys were smoking when they thought this was fraud-proof.

Re:

[zonky]

What makes you think they were concerned with being "Fraud Proof' More likely they were out to get their cut of the people who never look at their bank statements.

Re:

[gujo-odori]

You mean his belly hangs over his belt as much as Ron Jeremy's does?

checks are only the beginning

[Son of Byrne]

The real problem is the ACH system? It relies almost exclusively on blind trust. Trusting that whomever I'm debiting authorized me to debit them, etc. It always amazes me when I build an ACH file to send to the bank as part of my business and send it through without a hint of a question from the bank or the processor. They just merrily send the file on through. I guess the bank and processor are counting on me being a good citizen. Hmmm...

No checks in Finland

[Anonymous Coward]

Personal checks haven't been in use in Finland for 30 years. What we have is a system of personal direct deposits. So instead of authorizing the payee's bank to withdraw funds from your account, you transfer funds from your account to the payee's bank.

Yes, everybody is virtually forced to own a bank account.

Re:

[alen]

in case of fraud you are probably very easy to find and arrest

Re:a lot of society relies on trust and a paper tr

[tchuladdiass]

Actually, all you need is to have the check number, account & routing number hashed with a secret key known only by your bank & check printing company. Have this unique hash (unique to each check number) appear on the bottom of each check, and the bank can refuse to clear it if it doesn't match up, or if a check number is duplicated. You end up with the same paper check everyone is used to, but with a bit more security. The only way fraud can happen is if someone steels your blank checks, or dupl

Re:

[tchuladdiass]

One additional thing. This can be implemented using the existing system, by an individual bank if they desire. Since the account number begins with a bunch of zeros, the hash (or a fingerprint of it at least) can be stored where those zeros are. So the first 10 digits become the hash fingerprint, and the remaining digits are the actual account number.

These guys were (are?) spammers

[whoever57]

At my previous company, we got frequent emails from qchex/neovi.com sent to an email address that must have been scraped from a website -- no-one used it as their personal address, so there was no legitimate reason for the to be sending to that address.

Day late...

[Fished]

Man, and I just NOW hear about this!

entirely predictable

[Trailer Trash]

I just read Frank Abagnale's autobiography and another book that he wrote. He was one of the greatest con men who ever lived, cashing two or three million in bad checks in the 1960's, before he even turned 21. Anyway, the last book of his I read was written around 2002 or so, and he was pretty spooked by the idea of people being able to pull money from accounts simply by knowing the routing and account numbers. He designs checks nowadays and does security consulting, among other things.

People still use cheques... WTF?

[jonwil]

Who in this day and age takes cheques but wont take other forms of payment? (be it credit cards, cash, paypal or whatever else)

Re:

[dcollins117]

if you have a better way worked out, let me know. thanks.

You just go to your bank and make a bank-to-bank wire transfer.

Re:

[bcwright]

Arrgh. Somehow Slashdot logged me out before I posted this, so it got put up under "Anonymous Coward" - but I did have a couple things to add to it.

3% of $500,000 is $15,000, not $150. $500k would pay for a lot of concrete though - a whole lot more than a few metric tons. :-) But the point is well taken - for large transactions that kind of processing charge can be prohibitive.

ACH/wire transfers can sometimes also be expensive to set up, though not nearly as much so as credit cards - perhaps $25 (unless

Cheque Security

[geoff_smith82]

I live in Australia and have always wondered about the security of cheques because of the place your bank account number on the cheque as well as a incrementing cheque number. The first thing I would do is make the cheque number pseudo random, so that someone who was able to get an image of a cheque wouldn't be able to create another valid cheque, just by increasing the cheque number. Even the account number could be a random number... which points to a record at the bank which determines which account t

Re:

[cdrguru]

One problem in the US is that checks (or cheques) aren't submitted back to the originating bank any longer - they are scanned and just the image is sent to the bank electronically. As far as what account and so on, this is handled completely separately from the image of the check.

Really, the piece of paper is meaningless today in the US. Everything is done electronically.

Re:

[bcwright]

And in what way is the electronic transaction processing any less secure than the piece of paper? It's pretty easy to generate the printed check if you have the appropriate numbers, and in either case by the time anyone notices something is amiss you can be long gone.

The problem isn't that the printed checks are any more secure, but rather that in both cases all of the necessary numbers are right there in plain sight and unencrypted.

Qchex.com - guilty of fraud?

[Dynamoo]

The implication here is that Qchex.com (and its parent (Neovi Data Corporation) are somehow the fraudsters.. they're not. If they are guilty of anything, it is that than ran an ill-advised business model which they naively assumed would not be used by organised criminals.

Heck, you can actually buy a check printer yourself which can even use the same magnetic ink that bank-issued checks use. Nothing illegal in that.

Re:

[Raenex]

You are correct, they weren't charged with fraud, but with "unfair" business practices. They knew there was substantial fraud going on and did not take adequate steps to address it. The court document linked to in the summary explains all this in detail. Here are some excerpts:

"A practice is unfair under the FTC Act if: (1) it causes or is likely to cause substantial injury to consumers, (2) the injury is not reasonably avoidable by consumers themselves, and (3) the injury is not outweighed by countervai

Just like the Feds

[moxley]

This is just like the federal government - get rid of one of the symptoms instead of the actual problem.

Typical FTC non-penalty

[richmaine]

The article doesn't say how much the perpetrators netted from this scheme, but it is a pretty safe bet that it is a lot more than the $500k penalty, probably by about an order of magnitude. I did see a comment about "thousands" of checks.

Typical FTC "penalty". Make the crook pay back 10% or so of his take and promise not to do it again.