Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

duff (16)

duff
  (email not shown publicly)
http://www.pobox.com/~duff

Journal of duff (16)

Tuesday November 08, 2005
03:47 PM

Stealing is easy!

[ #27514 ]

This is a little something I wrote a few weeks ago and just never put out for public consumption.

No, I'm not referring to the occasional pilfering of office supplies
from work. What I am referring to is ultimately identity theft. And I
recently found out just how easy this particular crime can be.

I had not used my debit card for a while and had forgotten my PIN.
Well, I hadn't forgotten the numbers I don't think, just their order.
This was most bothersome when I went to the grocery store as I was used
to using my debit card there *as* a debit card. I'd enter what I
thought my PIN should be a couple of times and then finally give up
and hit "cancel" which would convienently switch the transaction from
debit to credit. After a couple of trips to the grocery store though, I
got bothered that I couldn't remember my PIN. After all, it was only
4 digits and I'd typed them many many times before. Why couldn't I
get the digits correct now?

Next I tried using an ATM to help me figure out my PIN. I'd go to
the ATM, insert my debit card and then attempt a balance inquiry. When the
ATM decided I'd entered the wrong PIN, it would helpfully ask me to
enter it again. And again. And again. And then the machine would
stop working. I tried this method at the same ATM twice and both
times, after what was ultimately the fourth time entering a PIN, the
machine would spit out my debit card and then the screen would show
a message that the ATM was "temporarily out of service".

So, after a couple of failed attempts at the ATM trying to guess my PIN,
I decided to actually go inside my bank and have them change it to
something I could remember. So, one day after work, I went to my bank
and asked if they could help me. Unfortunately for me the lobby was
closed at the time and the drive-thru teller said I'd need to come
inside in order to have my PIN changed. Since my bank stays open later
on fridays, I decided to just wait until that friday and again stop by
after work.

Here's where I have the initial realization just how easy it is to
steal. I walk into the bank and tell them I don't remember my PIN and
could they please help me. One of the tellers and I walk into the
office that has the machine that can rewrite the little magnetic strip
on the back of debit card. I give the bank teller my account number and
my debit card, she places the card in the machine, I enter my new PIN, I
sign a paper and I'm done.

An astute reader will notice that nowhere did I say "then the bank
teller asked for some form of identification" and that's because it
didn't happen! *Anyone* could have walked in off the street with my
debit card and account number and gained direct access to my account.

But wait! There's more. About a week later, I went to a credit union to
close the accounts that my wife had opened in our kids names as part of
some promotional deal. We'd both decided that the credit union didn't
seem to be advantageous over our other accounts and it didn't make much
sense to have accounts spread across several banks. So, armed with
nothing but the monthly statements for these 2 accounts, I went to the
credit union. I walked in, gave the statements to the teller and said
"I'd like to close these accounts", she asked why I wanted to close the
accounts, I said "just because", so she started typing on her computer, and
when she finished typing, I signed a paper and she handed me cash.

Again, there was no attempt to verify who I was. *Anyone* could have
come in and closed these accounts. What's worse is that on the paper
I'd signed was a little section entitled "ID Source" with places to
check if they'd used a driver's license, signature card, or some other
identifying method.

Moreover, only my children and my wife were listed on each account. My
name was no where to be found. The teller didn't even notice until after
she'd already handed me money from the first account and started on the
second. But, she did notice eventually and so I couldn't close the
accounts without my wife. Which my wife and I did later that day at
another branch of the same credit union. Guess what? That other
branch didn't ask for any form of ID either.

So, how easy is it to obtain an account numbers, bank statements or
debit cards? I don't know exactly as I'm no thief, but I'm sure I can
think of a couple of ways. Hmm. The account number/bank statement is
easiest to get I bet. Your bank statement sits unprotected in a
mailbox waiting for it's proper owner to read and the account number
is on the bank statement. A really dedicated thief might actually get
a job at the post office to as to maximize the number of accounts he
can pilfer. Also, I believe your account number is on every receipt
you get from a bank, so you'd better be careful with those.

As far as debit cards go, I'm not even sure *my* debit card was needed.
Once I gave the bank teller the account number, she just programmed that
information into the machine that was about to rewrite my debit card. I
certainly didn't see her do any checks to make sure that the card and
the account matched. But, debit cards can also be gotten via the
mail or even in the trash. People sometimes forget to cut up their old
cards before throwing them away.

Anyway, I feel my money isn't as safe as I once thought it was. I'm not
sure if that's just my naivete or what, but there it is.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • Wow, that sounds amazingly lax.

    In Australia, if you get your pin wrong three times in a row the ATM machine eats your card and doesn't give it back. Gone. You have to go through a lost/stolen/eaten card procedure to get a new one issued.

    And the identity thing is mandatated by government. The tellers can be personally responsible... and then there's the "passwords" on the accounts. You want to do something special, you need to give them the magic word. Which when there's no brute force options means the pass
  • hit "cancel" which would convienently switch the transaction from debit to credit.

    Well, so far, it wouldn't be identity theft, rather just... card theft :-)

    the ATM was "temporarily out of service"

    In Portugal, the third time you get the PIN wrong, the ATM "eats" your card.

    *Anyone* could have walked in off the street with my debit card and account number and gained direct access to my account.

    Er... OK, now *that*'s weird. But not too weird, just weird.

    Again, there was no attempt to verify who I was.

    You wouldn
  • If this would happen, at least with credit cards, I would expect the credit card company to carry the losses. In other words, it wouldn't be your money that got stolen.

    If this is the case — and I expect it to be, then the fact that they still don't care much, implies that it doesn't happen much.

    And, aren't there cameras? If you tried to pull that stunt, they'd probably have your face on videotape.