A 24-Year-Old Scammed Apple 42 Times In 16 Different States 419
redletterdave (2493036) writes "Sharron Laverne Parrish Jr., 24, allegedly scammed Apple not once, but 42 times, cheating the company out of more than $300,000 — and his scam was breathtakingly simple. According to a Secret Service criminal complaint, Parrish allegedly visited Apple Stores and tried to buy products with four different debit cards, which were all closed by his respective financial institutions. When his debit card was inevitably declined by the Apple Store, he would protest and offer to call his bank — except, he wasn't really calling his bank. So he would allegedly offer the Apple Store employees a fake authorization code with a certain number of digits, which is normally provided by credit card issuers to create a record of the credit or debit override. But that's the problem with this system: as long as the number of digits is correct, the override code itself doesn't matter."
Brilliant... (Score:1, Insightful)
Re:Brilliant... (Score:4, Insightful)
Presumably he was treating it as a source of income rather than a source of Apple hardware.
Re:Wow ... (Score:5, Insightful)
Re:Wow ... (Score:5, Insightful)
If you printed your own card and put a number for an issuer that you controlled I don't see what the difference is.
Re:Wow ... (Score:5, Insightful)
I understand the long-running and much-honored Slashdot tradition of not reading TFA, but couldn't you at least have read The Fucking Summary?
When his debit card was inevitably declined by the Apple Store, he would protest and offer to call his bank — except, he wasn't really calling his bank. So he would allegedly offer the Apple Store employees a fake authorization code with a certain number of digits....
There was ample dumbshittery (and liability) to assign here, but it's all on the Apple Store drones. No bank involved.
Re:$7142.85 (Score:4, Insightful)
A few laptops gets there.
The scam works better with a large purchase. Banks routinely deny transaction over some amount, forcing the retailer to call for an override code. Apparently the denial for "bad account" look identical to the one for "valid account, but that amount is high so give us a call, okay?"
If his card was denied for a $500 purchase, he'd need to convince the retailer that it was a bug in the system, not just a routine check for a large purchase.
Re:Wow ... (Score:3, Insightful)
The customer didn't print special cards here - they're just normal, expired cards.
The store doesn't call the number on the back of the card - the store calls their own merchant bank.
This was just straightforward grift (a con game), not some glaring flaw in the banking system. The sales clerks got suckered, perhaps due to lack of training by Apple, or perhaps the con-man was just that good.
Re: Wow ... (Score:5, Insightful)
Not really, I know people who write POS code for a company that competes with NCR. They have no ties to banks. it's all about talking to processors, like VISA, Mastercard, etc.
I guess people are trying to pin this on the bank because banks are evil. #wallstreet #99% #ideserverwhatyouworkedfor #givemestuff
Re:Wow ... (Score:3, Insightful)
Re:Wow ... (Score:4, Insightful)
Other than mentioning that the store declined the debit card (which is by definition an interaction between the POS and the credit/debit clearinghouse).
But since you've raised the issue, you've shown exactly where you missed the boat.
The exploit is completely OUTSIDE of the POS<->bank interaction. (Cuz, "debit refused"). The exploit occurs in the "call a fake bank, offer up a fake reference number, have the Apple Store drones accept it as proof of a valid credit/debit transaction" phase AFTER the machine-to-machine part.
Apparenly, you've fallen for the same trick the Apple Store drones did: fixating on the machine-to-machine debit transaction (which failed as expected) and completely neglecting the social engineering that followed.
Re:Wow ... (Score:5, Insightful)
it is up to the cashier to hold the card, read the number and call it themselves
It is up to the cashier to call THEIR OWN BANK.
They are not supposed to call the number on the back of the customers card -- for reasons that should be pretty bleeding obvious.