Slashdot Mirror

← Back to Stories (view on slashdot.org)

Corporate Identity Theft on the Rise

Posted by michael on from the hello,-Mr.-Microsoft? dept.

prostoalex writes "As millions of Americans lose their identities to online and offline thieves, a new kind of crime has been cooked up by the criminals who are not bothering with doing pesky credit card charges. They steal entire companies, opening up merchant accounts for existing businesses and running up charges from aforementioned stolen credit card numbers. What's worse, is that the hole the criminals exploit seems to be built into the system. According to Bob Sullivan from MSNBC, "Many of the processing firms interviewed for this article claimed they caught on to the fraud after the transactions had cleared, but before the suspects had withdrawn the money from various checking accounts around the country. One did concede, however, that the scheme has real potential.""

19 of 193 comments (clear)

  1. seems it would be by Prince+Vegeta+SSJ4 · · Score: 4, Insightful
    just as easy, and potentially more profitable.

    All you would need is a legit FEIN, and real or forged Articles of Formation. Maybe an operating agreement. Open a bank account and VOILA!

    1. Re:seems it would be by robogun · · Score: 2, Insightful

      I agree, but the article is talking about merchant account fraud (where companies go to a special type of bank account to accept credit card payments). Unlike personal credit card accounts, this process is vetted at all levels. Like you said, fraud at cardholder level is unlikely to provoke a useful response. But this article is talking about fraud at the level of the credit card acceptor - a much higher level. I was suggesting that the merchant bank who provides this service to these companies is risking its entire ability to open merchant accounts -- that VISA and MasterCard would literally put it out of business if they felt they were being defrauded, since they're who pays for this type of fraud.

  2. Good Idea by alarocca · · Score: 5, Insightful

    I love these articles that outline great ways to break the law. Like the one a while back about how to open a kryptonite U-Lock with a pen. It used to be hard to come up with great criminal schemes...now you just have to watch the news.

    1. Re:Good Idea by Rev.+DeFiLEZ · · Score: 5, Insightful

      Security through obscurity never works. The only thing putting on the news does is create outrage until the problem is fixed. "criminals" (and kryptonite) knew about the u-lock bic pen weakness for _years_ (2-3) now that it is on the news, kryptonite is replacing the defective ones.

      now maybe the banks will ask the client for their goverment papers that proves they registered the bussiness.

    2. Re:Good Idea by Anonymous Coward · · Score: 1, Insightful

      You sound like the people who advocate War on Drugs instead of information and education. Information is *never* a bad thing.

      Erlang Smorgreff

  3. Re:As long as... by hype7 · · Score: 4, Insightful

    on the subject of questionable ethics, does anyone else wonder about the guy who said "One did concede, however, that the scheme has real potential"? Potential? Potential? Maybe "potential for abuse" would be ok, but the way that's phrased at the moment... I can see the cogs turning over in this guys head for companies to target!

    -- james

  4. Theft via deception = Theft by squiggleslash · · Score: 4, Insightful
    We're talking about a crime, as I understand it, that involves taking property from others by pretending to be someone you aren't. We don't talk about "Lock theft" (as in you pick a lock, get in, take what you want, and run out), but if it was unique enough for people to want to deal with it in special ways, I'm sure we would.

    I'd say it's legitimate to call Identity Theft "theft" under the circumstances, whatever your opinions are on the "proper" wording for piracy.

    --
    You are not alone. This is not normal. None of this is normal.
    1. Re:Theft via deception = Theft by (void*) · · Score: 3, Insightful

      But deception is also fraud. The grandparent poster is NOT WRONG, and has a point. The point being that
      even if the theft did not go through, one can still
      prosecute it as fraud. Thus the credit card companies who repay the merchant but don't persecute
      the fraudsters even with a lot of evidence are PART OF THE PROBLEM.

    2. Re:Theft via deception = Theft by shreak · · Score: 2, Insightful

      > The OP believes that it isn't theft if the
      > stolen items were obtained through fraud

      No the OP believes that the term "Identity Theft" implies that the identity was stolen. Just as your "Lock Theft" implies that the lock was stolen.

      There is a crime here, it's theft of property (the merchandise that was stolen from the store). The mechanism used to steal the stuff was fraudulent use of someone's credentials (identity). This mechanism already has a term (fraud) and it's already a crime to perpetrate it.

      The OP is complaining because everyone keeps using the term "identity theft" for which there is no crime on the books.

      No doubt some official somewhere will get lathered up and make a law about "identity theft" when there is a perfectly good one available.

      =Shreak

  5. Re:As long as... by ArsenneLupin · · Score: 5, Insightful
    They nail the AT&T's and Microsofts, and not the smalltown businesses owned by ma and pa (are there any left?), I don't have a problem with it at all. Go crooks go!

    Problem is, they do target ma and pa businesses. Indeed, apparently their scheme only works if the victim does not yet have a merchant account on his own (or else the fraudulent account would be easily flagged as duplicate...). Thus the perfect victim is a company too small to be accepting credit cards. Sorry, Microsoft will unfortunately never be the target of these gentlemen;-(

  6. Bring on those people who roll their eyes by Featureless · · Score: 5, Insightful

    ...every time some "paranoid" person starts talking about security. You know who I'm talking about.

    They're everywhere. Nobody thinks worrying about security is cool or fun, it seems like a waste of money, a sign of mental instability, even a kind of obsessive behavior.

    Everyone much prefers to be surprised and wave their hands when things go wrong. "It's out of control. You can't stop hackers/criminals/etc."

    People have a terrible problem understanding scale. Nobody understood at Microsoft that the computer wasn't a little house in the country where you could leave the doors unlocked so occupants wouldn't have to fumble with the keys. When engineers there raised the problems they were scoffed at, disciplined. "Keep your priorities straight. Don't be paranoid." Nobody got it when the first spam was sent and we were all outraged... "What's wrong with a little spam?" How about what's wrong with 300 spam a day? It's just the "logical conclusion" - which is not logical anymore to people who don't like to be bothered thinking deeply about their responsibilities.

    The many systems our financial institutions use for identifying and tracking "consumers" are ridiculously insecure. And although the victims wail and now are allowed a few minutes a month to tell their horrible tails on 60 minutes, we as a whole seem determined to close our eyes and race grinning into the brick wall of scale again. How many hundreds of thousands of people have to have their lives ruined before colleges stop making everyone spout their social security number like it's their first name, and the mother's maiden name loses its appeal? How long before companies stop letting $5 an hour employees handle "meaningless" data (with literally no background checks or security controls) that is worth millions when properly exploited?

    This is a cultural change we need to kick off. We need to take security seriously. It needs to become uncool to roll your eyes and mock the security expert.

    --

    Want to Know How to Cheat the GPL? Read On!
    1. Re:Bring on those people who roll their eyes by JimBobJoe · · Score: 3, Insightful

      How long before companies stop letting $5 an hour employees handle "meaningless" data (with literally no background checks or security controls) that is worth millions when properly exploited?

      Or, alternatively, when will companies stop pretending that they can be trusted simply because of employee credit card verification checks, background checks and a piss test?

      I like to look at it this way, here in Ohio (as in most states) you need to go through the most awewsome background check ever in order to take the state bar. Full multi level 10 finger fingerprint check (local, state, national) credit check, employer verification check for all jobs worked since you were 16, the list goes on and on and it may even go into your mental health history (one of the few jobs you hear of that occuring.)

      In spite of all of this, the industry as a whole can be summarized as a convention of pricks.

      There are limits to background checks.

    2. Re:Bring on those people who roll their eyes by forkboy · · Score: 3, Insightful

      You could always find your mortgage broker and piss-pound him into giving back your file.

      You're luckier than most people, you actually know the identity of the person who took yours.

      --
      This message brought to you by the Council of People Who Are Sick of Seeing More People.
  7. Re:Stolen? by Saeed+al-Sahaf · · Score: 4, Insightful
    THIS IS NOT THEFT!!! Theft involves the physical taking of something!!

    Like credit cards with SOMEONE ELSES name on them? Like SOMEONE ELSES money or "physical" merchandise? Theft is when you steal something of value. Websters gives examples of both tangible and intagible theft.

    Besides, what's your point? Just trying to be argumentative, or perhaps justify something darker?

    --
    "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
  8. Damn right the problem is built-in to the system by wowbagger · · Score: 4, Insightful

    You are damn right the problem is built-in to the system.

    The scum create an account, and charge a bunch of crap to it from stolen cards. They then extract the money and run.

    The people bilked bitch to the credit card companies.

    The card companies attempt to reverse the charges.

    The poor business who was impersonated gets stuck with the bill. At best, the company can establish its innocence, and the CC company writes the cost off its taxes.

    If the *credit card companies* were the ones who had to suffer the costs of fraud, rather than shifting it to the companies or to the taxpayer, then they would be a HELL of a lot more motivated to add stronger authentication to the system.

    As it stands now, if somebody is committing massive credit card fraud in the form of lots of small charges, and you try to bring this to the card company's attention, they blow you off because it just isn't worth their time - it is easier to just charge back to the merchants. A friend of mine who works in the order-processing chain for a large company ran into just that - he detected a fraud ring attempting to rack up a lot of charges, he called the card company and said "I'll give these guys to you with a ribbon tied around them - addresses, names, the works." "Not interested - bu-bye!"

    --
    www.eFax.com are spammers
  9. Re:As long as... by fizban · · Score: 2, Insightful

    Ah, relative morals, don't you just love 'em?

    A crook's a crook, no matter his target.

    --

    +1 Insightful, -1 Troll. What can I say, I'm an Insightful Troll.

  10. Re:How to article by Zak3056 · · Score: 3, Insightful

    They not only report on the scam, but tell exactly how it was carried off. They've even provided the names of the merchant transaction companies which can be suckered.

    To me that says one thing: honeypot.

    --
    What part of "shall not be infringed" is so hard to understand?
  11. What is particularly outrageous is ... by Presence1 · · Score: 4, Insightful

    ... that the company whose identity is misused is seen as being responsible for the losses. It is the merchant service providers and banks that should be held fully responsible -- they are the gatekeepers who failed to mind the gate, never checking the imposters' identies or association with the company.

    "For all of us, it's a tough business," Steinberg, of Merchant E Services, said. "It's a large, large problem."

    No Shit, Sherlock. It may be a large, large problem, but it is your responsibility to solve it. If you can't solve it or handle the losses, you shouldn't be in the business. Period.

    Any suggestions on how to keep the losses on the banks and service providers, instead of the businesses?

  12. Re:Fraud != Theft by Anonymous Coward · · Score: 1, Insightful

    If someone impersonates me, he's not taking away my identity

    Are you sure? If you don't get a loan because "you" have fucked up your credit rating, is it still your identity? If you get lots of people demanding money for things "you" have bought, is it still your identity? If you can't get on a plane because "you" have been acting suspiciously, buying components that can be used for explosives on your credit card, is it still your identity? Or has your identity been taken away and used by somebody else?

    I'm one of the first to point out that copyright infringement isn't theft, even when people are referring to GPL violations, but I think t hat identity theft can quite legitimately be called theft. It's not like the impersonater is making a copy of your identity and damaging the copy, he's actually taking your identity from you.