What Happened After a Reporter Tracked Down The Identity Thief Who Stole $5,000 (msn.com) 46
"$5,000 in cash had been withdrawn from my checking account — but not by me," writes journalist Linda Matchan in the Boston Globe. A police station manager reviewed footage from the bank — which was 200 miles away — and deduced that "someone had actually come into the bank and spoken to a teller, presented a driver's license, and then correctly answered some authentication questions to validate the account..."
"You're pitting a teller against a national crime syndicate with massive resources behind them," says Paul Benda, executive vice president for risk, fraud, and cybersecurity at the American Bankers Association. "They're very well-funded, well-resourced criminal gangs doing this at an industrial scale."
The reporter writes that "For the past two years, I've worked to determine exactly who and what lay behind this crime..." [N]ow I had something new to worry about: Fraudsters apparently had a driver's license with my name on it... "Forget the fake IDs adolescents used to get into bars," says Georgia State's David Maimon, who is also head of fraud insights at SentiLink, a company that works with institutions across the United States to support and solve their fraud and risk issues. "Nowadays fraudsters are using sophisticated software and capable printers to create virtually impossible-to-detect fake IDs." They're able to create synthetic identities, combining legitimate personal information, such as a name and date of birth, with a nine-digit number that either looks like a Social Security number or is a real, stolen one. That ID can then be used to open financial accounts, apply for a bank or car loan, or for some other dodgy purpose that could devastate their victims' financial lives.
And there's a complex supply chain underpinning it all — "a whole industry on the dark web," says Eva Velasquez, president and CEO of the Identity Theft Resource Center, a nonprofit that helps victims undo the damage wrought by identity crime. It starts with the suppliers, Maimon told me — "the people who steal IDs, bring them into the market, and manufacture them. There's the producers who take the ID and fake driver's licenses and build the facade to make it look like they own the identity — trying to create credit reports for the synthetic identities, for example, or printing fake utility bills." Then there are the distributors who sell them in the dark corners of the web or the street or through text messaging apps, and finally the customers who use them and come from all walks of life. "We're seeing females and males and people with families and a lot of adolescents, because social media plays a very important role in introducing them to this world," says Maimon, whose team does surveillance of criminals' activities and interactions on the dark web. "In this ecosystem, folks disclose everything they do."
The reporter writes that "It's horrifying to discover, as I have recently, that someone has set up a tech company that might not even be real, listing my home as its principal address."
Two and a half months after the theft the stolen $5,000 was back in their bank account — but it wasn't until a year later that the thief was identified. "The security video had been shared with New York's Capital Region Crime Analysis Center, where analysts have access to facial recognition technology, and was run through a database of booking photos. A possible match resulted.... She was already in custody elsewhere in New York... Evidently, Deborah was being sought by law enforcement in at least three New York counties. [All three cases involved bank-related identity fraud.]"
Deborah was finally charged with two separate felonies: grand larceny in the third degree for stealing property over $3,000, and identity theft. But Deborah missed her next two court dates, and disappeared. "She never came back to court, and now there were warrants for her arrest out of two separate courts."
After speaking to police officials the reporter concludes "There was a good chance she was only doing the grunt work for someone else, maybe even a domestic or foreign-organized crime syndicate, and then suffering all the consequences."
The UK minister of state for security even says that "in some places people are literally captured and used as unwilling operators for fraudsters."
The reporter writes that "For the past two years, I've worked to determine exactly who and what lay behind this crime..." [N]ow I had something new to worry about: Fraudsters apparently had a driver's license with my name on it... "Forget the fake IDs adolescents used to get into bars," says Georgia State's David Maimon, who is also head of fraud insights at SentiLink, a company that works with institutions across the United States to support and solve their fraud and risk issues. "Nowadays fraudsters are using sophisticated software and capable printers to create virtually impossible-to-detect fake IDs." They're able to create synthetic identities, combining legitimate personal information, such as a name and date of birth, with a nine-digit number that either looks like a Social Security number or is a real, stolen one. That ID can then be used to open financial accounts, apply for a bank or car loan, or for some other dodgy purpose that could devastate their victims' financial lives.
And there's a complex supply chain underpinning it all — "a whole industry on the dark web," says Eva Velasquez, president and CEO of the Identity Theft Resource Center, a nonprofit that helps victims undo the damage wrought by identity crime. It starts with the suppliers, Maimon told me — "the people who steal IDs, bring them into the market, and manufacture them. There's the producers who take the ID and fake driver's licenses and build the facade to make it look like they own the identity — trying to create credit reports for the synthetic identities, for example, or printing fake utility bills." Then there are the distributors who sell them in the dark corners of the web or the street or through text messaging apps, and finally the customers who use them and come from all walks of life. "We're seeing females and males and people with families and a lot of adolescents, because social media plays a very important role in introducing them to this world," says Maimon, whose team does surveillance of criminals' activities and interactions on the dark web. "In this ecosystem, folks disclose everything they do."
The reporter writes that "It's horrifying to discover, as I have recently, that someone has set up a tech company that might not even be real, listing my home as its principal address."
Two and a half months after the theft the stolen $5,000 was back in their bank account — but it wasn't until a year later that the thief was identified. "The security video had been shared with New York's Capital Region Crime Analysis Center, where analysts have access to facial recognition technology, and was run through a database of booking photos. A possible match resulted.... She was already in custody elsewhere in New York... Evidently, Deborah was being sought by law enforcement in at least three New York counties. [All three cases involved bank-related identity fraud.]"
Deborah was finally charged with two separate felonies: grand larceny in the third degree for stealing property over $3,000, and identity theft. But Deborah missed her next two court dates, and disappeared. "She never came back to court, and now there were warrants for her arrest out of two separate courts."
After speaking to police officials the reporter concludes "There was a good chance she was only doing the grunt work for someone else, maybe even a domestic or foreign-organized crime syndicate, and then suffering all the consequences."
The UK minister of state for security even says that "in some places people are literally captured and used as unwilling operators for fraudsters."
Happened to me but with store cards (Score:2)
Ghost in the Shell (Score:1)
Did the suspect have a Polaroid with a dog? Most of us have seen that movie.
Banks don't care about security if you eat losses (Score:5, Informative)
Re:Banks don't care about security if you eat loss (Score:4, Interesting)
Banks have been losing countless millions every year to fraud for decades. A lot of the banks don't even know it's happening because anything under ten million doesn't get noticed.
My favorite was several years ago a ton of banks (mostly south Asian but others too) were being defrauded to the tune of hundreds of millions over a period of years and had no idea all that time. Once the scam became known the scammers just vanished. Cops think they were Russian but they always think that so really no one knows where a few hundred million went and no one even looked for it.
Just another day in the banking world.
Re: (Score:2)
Re: Banks don't care about security if you eat los (Score:5, Interesting)
US bank security is laughable. First, the fact that paper checks are still used. Second, that just having the numbers off the bottom of a check allows someone to *withdraw* money from an account.
I saw the latter when I came to the US to close down my mother's affairs. Call a company to cancel an account - they ask for the bank info, so they can take whatever they want...WTF, no?!
I still have one US account, because I receive the odd paper check from US companies. Why can't they just deposit the money into the account, instead of sending international letters? Bizarre.
Re: (Score:2)
I don't get why checks still exist in 2024 anyway when electronic payment systems of all kinds exist and are far superior to moving bits of paper around.
Re: (Score:2)
Because they are easy and convenient for the payer and payee to move arbitrary and exact amounts of money around?
Re: Banks don't care about security if you eat los (Score:4, Interesting)
Because they [checks] are easy and convenient for the payer and payee to move arbitrary and exact amounts of money around?
Using an app is far easier. We have the "Twint" system. In a shop you scan a QR code off the card reader and click ok. For a private transfer, you select a person from your contacts, enter an amount, and click ok. Transfers are immediate - there is no danger equivalent to a check bouncing.
Also important: Electronic transfers are "send only" - no one can withdraw money from your account. Nor do they have any way to tamper with the amount transferred (whereas checks are easy to mess with).
Re: (Score:2)
Most people here use debit cards for that. Money goes straight out of your account, and authorization is one-time via PIN or biometrics so they can't make bogus repeat debits.
Haven't had a cheque book for decades.
Re: (Score:2)
Sorry, ignore my other comment. Need more coffee.
Re: (Score:2)
Using an app is far easier.
So what happens when you lose your phone, or it's stolen? Doesn't that give a thief a much easier time of draining your bank account while leaving you with no recourse?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Online payment systems are now excellent, much easier to use for everyone and with way more options if you like.
Somehow, the US doesn't have these (probably banks don't want them) and people still remember some older type of systems where you had to enter various identifiers for the payee and their bank, branch etc.
Now you just select the person / payee from your address book, or they give you their number, or flash their QR code or send you a pay request. Then you select the amount enter you password etc (
Re: (Score:3)
US has FedNow, but congress didn't just tell banks to support it so it's fairly useless.
Re: Banks don't care about security if you eat los (Score:5, Insightful)
Re: (Score:2)
US bank security is laughable. First, the fact that paper checks are still used. Second, that just having the numbers off the bottom of a check allows someone to *withdraw* money from an account.
I saw the latter when I came to the US to close down my mother's affairs. Call a company to cancel an account - they ask for the bank info, so they can take whatever they want...WTF, no?!
I still have one US account, because I receive the odd paper check from US companies. Why can't they just deposit the money into the account, instead of sending international letters? Bizarre.
Because no such system exists in the US.
To be fair, here in the UK where its simple to deposit money into accounts, a fair few still use cheques. I had my car written off a bit over a year ago, both the insurer and DVLA (UK's DMV) sent me cheques for the payout and the remainder of my VED (car registration/tax). Sometimes cheque is just easier, especially if you don't have their banking details, it also avoids having to pay visa/MC to refund the money.
That being said, personal cheques have almost disa
Re: (Score:2)
Your regulators don't advocate for the consumer. It likely won't change until they do.
Here in the UK (and a good amount of Europe), banks are liable for fraud on customers accounts - not the customer (unless the customer has been wilfully negligent with their security details - and even then, still maybe not really). Sure, banks will try really hard to pretend the consumer is at fault, but if you keep on at them (and perhaps recite the relevant regulations) they'll eventually return your money.
Funnily enoug
Re: (Score:3)
Run a small business.
The bookkeeper is out when we have to run checks (it's America, LOTS of things still get paid by check)
She explains in detail to me how to do the check run with our software.
I successfully run checks.
With some sense of triumph I assemble all the outgoing checks (lots need registers attached or the original billing attached, etc) - I think there were 30-some payments.
Find the stamps, mail them all out - MISSION ACCOMPLISHED.
She braces herself for me fucking something up...but no, everyon
A question of perspective (Score:5, Insightful)
"You're pitting a teller against a national crime syndicate with massive resources behind them," says Paul Benda, executive vice president for risk, fraud, and cybersecurity at the American Bankers Association"
Or, alternatively, you are pitting an amateur fraudster against the full might of the American Bankers Association. But the ABA isn't willing to put in the necessary resources.
Re: (Score:2)
Why would they? I don't know how much of the responsibility of identity theft banks shoulder in the US, but elsewhere the laws are typically skewed so, that it is very hard to pin it to the bank. Why so? Because the banks basically write the liability laws. Consequently, the banks are almost completely disinterested in fraud prevention, as it doesn't concern them, and, unsurprisingly, avoid spending any money on it.
Tell 6 year-olds this (Score:4, Insightful)
Yep, the more someone talks about their pets, family, school/education, sport affiliations and home-town, the easier it becomes to find him/her or steal his/her stuff.
This is what children should hear repeatedly before they get a Facebook/Instagram/WhatsApp account or even a 'school'-based account. It won't mean much because they don't have wealth or fame to protect but when they get older and see ugliness on the internet, they'll remember it's their job to avoid it.
Re:Tell 6 year-olds this (Score:5, Funny)
Re: (Score:1)
So you’re saying all those years as an introvert is really starting to pay off.
Tell me you don't know the meaning of introvert without actually telling me.
People who don't disclose everything are private, shy, tight-lipped, etc.
Introverts "rest and recharge" in solitude; extroverts rest and recharge around people.
Re: (Score:2)
And that is why you don't give real answers to the security questions.
Example:
Q: What city were you born in?
A: Rhubarb
Then you save the answers you gave in your password app, so you don't forget them.
Identity Theft = propaganda term (Score:5, Insightful)
But the correct term in such cases is Bank Fraud.
Where it rightfully should be and appear to be more of the Bank's problem.
That said in my country it's harder for such a thing to happen - the IDs are harder to forge - the ID card has digitally signed stuff including biometrics - so the person has to at least look like you and also successfully fake your thumbprint/fingerprint (if there's supposed to be one).
For example if you go to a bank and try to pretend to be me, the teller will ask for the ID card, then insert the ID card into the reader and at this point if you don't look like the photo and your fingerprint doesn't match then you might end up "inconvenienced"...
Of course in the USA such ID card stuff is considered against the "national religion" or similar.
Re: (Score:2)
Don't believe me? Who's backing genocide again? Who's responsible for tobacco caused lung cancer / opioid addition? Who's responsib
Re: (Score:2)
The reason it's against the "national religion" is because we have good reason both historically and recently to distrust the intent of any entity government / corporation / individual / etc. that would collect such information. I.e. We know that such entities would abuse the information for personal / private / political gain. Even to the extent of mass death and destruction.
Don't believe me? Who's backing genocide again? Who's responsible for tobacco caused lung cancer / opioid addition? Who's responsible for Flint Michigan's water crisis? Who's responsible for all of those train derailments? Who's responsible for most of this "identity theft" in the first place? It ain't those who live outside of North America that's for sure. Those that don't live there have and enforce far higher expectations from their leaders, and forget that not every country has or is able to do the same. Just reading the news, even from mainstream media outlets, should be enough to convince them of that. Or do you think that everyone in the US actually wants to be swindled constantly? If so, you're even more far gone than the Americans.
You're proving his point... but most Americans will still have some form of ID, a passport, driving license, military ID, et al... issued by the government so the whole "gubbermint baaad" argument really doesn't hold water.
The reason the US, much like most western nations such as the UK, Australia, et al. don't need a national ID card is because other forms of nationally recognised government issued IDs (and some non government issued IDs) are trivial to get. Anyone who drives can get a drivers license,
Facial recognition used to catch her (Score:5, Insightful)
Given the undesirablility of that usually, is this a case where its use is appropriate?
Re: (Score:2)
I think it's more "how" its use is appropriate. IMO, there's a big difference in (when investigating ID theft/fraud), "hey, we got an 80% match on this rando! Let's go round him up for questioning!" and, "hey, we got an 80% match on this woman who's already in custody on ID Theft charges... We should probably go investigate..."
DNA works the same way. If you just ran it against everyone in a city of 250k, you'd end up with thousands of false positives. Run it against your shortlist of existing suspects for a
Re: (Score:2)
It order to do facial recognition you need to compare one person's face against a database with the faces of many people, and this usually comes from either mass surveillance or driver's license or passport photos. And that's where the moral outrage comes from. In this case it could have been a database of convicts, since she was already incarcerated. I'm not sure whether that would be less outrageous.
How compassionate! (Score:3)
But Deborah missed her next two court dates, and disappeared. "She never came back to court, and now there were warrants for her arrest out of two separate courts."
This is so heartening to see. In the bad old days this poor lass might have just sat in jail all this time. Truly we have compassion now for the less privileged ...
Real ID ? (Score:2)
Re: (Score:2)
So much for Real ID, I would guess she has one for her License since I head people are told to select it on License Renewal. I thought the purpose of Real ID was to stop fake ID /s
In California, RealID was to go into effect in 2008, and has been delayed until May 2025... presuming it doesn't get delayed again. We can opt for it, but for reasons it is not required.
Nevada City, CA court incompetently enabled fraud (Score:1)
[N]ow I had something new to worry about: Fraudsters apparently had a driver's license with my name on it...
I got a debt collection letter for a whole ass [used] car once. The perpetrator had a driver's license with my name on it, because it was their name too. My FULL name is approximately the 400th most common FULL name in THIS country, middle name included. But that is not sufficient proof of identity to establish a debt. What the court in Nevada City, CA decided WAS sufficient proof was a check cashing card with my SSN written on it in pen.
Who knows which of the many identity breaches I've been "involved" wit
Re: Nevada City, CA court incompetently enabled fr (Score:2)
Weird that some troll wants to bury my story of identity theft. Maybe they are the thief.
Why not to use biometrics? (Score:2)
Biometrics are used on passports. EU now has automatic face recognition devices and gate control. Why not to force banks, by law, to require biometrics? In my original country (Poland) banks serve the role of ID confirmation provider, that confirms and opens goverment online documents, including IDs in the form of an phone apps.