Slashdot Mirror
Torn-up Credit Card Apps Not So Safe
Maximum Prophet writes "This dude tears up a credit card application, tapes it back together, sends it in with his cell phone number and father's address, and voila, gets a credit card.
Who would have thought security at a credit card company was so lax? The company recommends that consumers "tear up" financial solicitations before throwing them away, "so thieves can't use them to assume your identity.", but according to them, "Applications that arrive in damaged form are customarily transferred to an electronic format, he said -- often by machine. So it's possible a human being never handled the taped-up application and never had the chance to spot the obvious sign of trouble." In this era where we worry so much about identity theft, this sort of thing really makes you wonder what the point really is.
I always shred this kind of thing.
-l
Help cure AIDS, cancer, and more. Donate your unused computer time to worldcommunitygrid.org. Join Team Slashdot!
'Shouldn't' this be the companies problem? MCI decided years ago I owe them money, I don't, and every two years some collection agency comes calling.
Physics is like sex: sure, it may give some practical results, but that's not why we do it.
I always try to put different pieces of my financial documents in different trash bins. I suspose burning them would be even more effective.
Facts do not cease to exist because they are ignored.
"Applications that arrive in damaged form are customarily transferred to an electronic format, he said -- often by machine. So it's possible a human being never handled the taped-up application and never had the chance to spot the obvious sign of trouble."
What, a machine opened the letter, recognized it was an application (and not, say, other junkmail that got stuffed into the nearest bulk reply envelope), fed it into a scanner, then trashed the hard copy? At no point in the process does a human see it? Sounds like bullshit.
He got the card in his own name, no actual fraud was comitted. This proof of concept only demonstrates that an actual fraudster could do exactly what he did.
Slashdot Burying Stories About Slashdot Media Owned
Buy a shredder. I shred every credit card offer and transfer check my current credit card company sends me. It's ridiculous the crap they send me. One of these days, a thief is going to raid my mailbox before I get home and get a credit card in my name. Oh well. At least I get to play Enron Executive with my niece.
Why do banks accept any application, even ones with errors?
Banks want you to have credit -- of course they'll accept any application as long as the name and social security number match their lookups, and your FICO score is reasonably high (although banks are now lowering standards to give out even more credit).
When a bank offers credit, it does so based on money it has (of course). Yet it is very important for the average person to understand where this "money" comes from -- especially digital money such as you'd have when you have an available credit line.
All banks that are part of the central banking system (the Federal Reserve) are required by the Federal Reserve to stick something called a money multiplier. I believe the current money multiplier is 12% or so, but it varies. This basically means that a bank must keep a reserve of that amount versus the actual money is sends out. If a bank loans out $1000, it has to keep $120 in the bank. Even if it loans out the $880 ($120 in reserves) the bank can stil say it has $1000 in demand deposits available -- even though it doesn't.
The collusion comes into place when the first bank is given $1000 by the Federal Reserve. The Federal Reserve is allowed to print new money out of thin air by creating loans against government property and future government income. This initial $1000 is placed in Bank A as available cash. Bank A holds $120 but loans the remaining $880 to Bank B which is also part of the Federal Reserve banking system. Bank A still holds a demand deposit value of $1000 which is available to be withdrawn! Bank B also has $880, but has to reserve 12% of it ($105). It then loans the rest ($775) to Bank C, but still lists $880 as its available balance of demand deposits. Bank C reserves its 12% ($93) and loans the rest ($682) to Bank D, while still listing the original $775) as its available balance. This collusion continues to go around until there is no more reserve balance available. In the end, the original $1000 the Federal Reserve created is held as a base reserve for the $9000 or so "new money" that is created.
Banks need people to accept this money in loans or in credit -- this is the way the bank actually makes money. Eventually all the loans are hopefully paid back into the system, so the bank makes a nice interest rate. On the new $1000 created, each bank wants to loan out as much as possible -- and these loans are used to buy goods, which recycles money back into the banks which can be kept as reserves to create even more money! If the bank takes $1000 and loans out $880 but receives $400 of that bank in, it can now loan out a portion of that $400 that it has in reserves.
In the long run, the system wants debt out there because it is created out of fake inter-bank loans anyway. Most of you don't even see your physical money because it doesn't exist -- there are about $600 billion dollars in circulation worldwide, but there are over $10.2 trillion dollars on the books!
And people have faith in the system.
If a real criminal would have attempted to tape it togather and send it in, the company would definitely not accept it...
And for the humor impaired ;-)
Looking for any old 8-bit Heathkit/Zenith software/hardware - http://heathkit.garlanger.com
Said it before, I'll say it again, I worry more about handing my card to the PFK at the corner gas station that about people going though my trash or grabbing my info off of the 'net.
Most of the fruad that I've suffered has been at the hands of large corporations that reckon that my lawyer won't be willing to take on their lawyer.
Three Squirrels
Isn't there a human in the processing chain somewhere? Doesn't someone have to physically open the envelop and scan the application? It seems like that is the logical place to check for potentially fraudulent applications. I don't believe that step is automated, but then again I've never worked at a place that needs to process thousands of letter a day. Or is it that the person getting paid minimum wage to open and scan letters could care less if someone is committing fraud?
"Oh dear, she's stuck in an infinite loop and he's an idiot" -Prof. Farnsworth (Futurama)
There's a foolproof way to keep this kind of identity theft from happening to you: just make sure your FICO score is really, really low!
That way, nobody will be able to get credit in your name. And, as a bonus, it's really easy to do!
figures, considering they bitch at us to beef up our secuirty with them, and look at them! they dont even bother looking at our applications. THEY ARE THE SECUIRTY THREAT. they all need a huge smack on the head...
>I really loathe these pre-approved credit card ads that come with large bright "0% for six months!!!" print on the outer envelope.
Amen. The reason I opted out of receiving those was exactly the one you mentioned, that they're a security problem.
The number to stop them at least used to be 888-5OPTOUT.
Better than a shredder, ask the banks to stop sending you the applications in the first place: http://www.optoutprescreen.com/. I used to receive several per month, now I get two per year.
Why should I spend my money to solve a problem that some credit card company creates? Especially when I'm not even their freaking customer?
Weaselmancer
rediculous.
I don't know if these credit card companies are legally liable for this sort of identity theft, but they should be. If they are going to make money putting us all at risk for identity theft, they should pay for any damages we incure, including any inconvenience it causes us. Ditto for all these companies that collect data on us.
I shred it, then I set it on fire. I then take the ashes and compress them into a diamond-like form. Then I smash it apart, and put the crystal shards inside the event horizon of a black hole, beyond which no information about the black hole's interior can escape to the outer universe.
its the only way to be completely sure.
In this era where we worry so much about identity theft, this sort of thing really makes you wonder what the point really is.
:)
The point is, that there isn't any point.
It's exactly that kind of thing, and the real lack of concern that I've witnessed from gov't agencies and financial institutions all along, concerning everything from someone's actual name and SSN being used as an alias by a known felon (and the SSA refusing to issue a new SSN for the "victim") to loan officers that say that there's so much junk data on credit reports that they often ignore a lot of it, that caused me not to worry if my "identity" is "stolen."
Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
If humans aren't involved in the letter opening process, it's time to have some real fun...see how well their machines handle foreign substances
1) Save the return envelope.
2) Fold up a blank piece of paper with a nice wad of chewing gum/peanut butter/diaper contents/etc
3) Mail your "application"
4) ???
5) Profit
I'd guess yes, at no point in the process does a human see it.
Here's one vendor -- OPEX. This one does opening and extraction but isn't particularly fast at 17,000/hr. They have a scanning solution as well -- significantly slower but the mail goes straight from envelope to scan.
This is just what I've found in a quick search because I knew something like it existed; I'm not that familiar with the high-speed mail processing industry. I'd imagine that the technology would surprise most people.
>Why not just shred it using a cross cut shredder. thats what i do . I would like to see somebody put something that has been through one of those back together.
Churchstreet Technologies will scan the debris in a shredder's output bin and their software will reconstruct it in RAM. They claim to be able to piece together even crosscut documents as long as you haven't mixed several bags together. Seems to be that columns of number would be an intractable problem, I don't know whether they can manage those.
For folks in the US: To opt out of receiving offers of credit in the mail, call: 1-888-5-OPTOUT (1-888-567-8688). http://www.ftc.gov/bcp/conline/pubs/credit/idtheft .htm#Minimizing/
Before the invention of eruptions, lava had to be carried down the mountain by hand and thrown on sleeping villagers.
Working in the mailing industry, I'll call your bullshit, and raise you a scanner.
Not only is it possible, but probable. While I would expect a lot of errors, or "bad" data from the scan, I promise you it was scanned...
It's that damn 3M company and their transparent tape at it again!
1) Credit card companies send out blank checks with your account info on them, in feeble attempts to get you to spend up with a lower interest rate where they will charge you jacked up rates when you don't pay in full.(and anyone swiping your mail can use your CC
as good as cash)
2) Credit card companies are sending out more and more "authoritative looking" mail offers that makes it look like a check is being made out to you, but it swindles you into some sort of agreement that will cost you more.
Even if you opt out with various agencies, all bets are off if you have a service with any company, and they will adwhore you until you submit!
These companies are extremely shady.
From the http://www.ftc.gov/ websight: "1-888-5-OPTOUT (1-888-567-8688) or visit http://www.optoutprescreen.com/ for details" This will prevent companies from pre-approving you for credit stuff. Cut down my mail by half.
Clearly they didn't make even the slightest attempt to validate the charge. I've closed that account and put fraud watches on our credit and so forth, of course, and no other suspicious charges have shown up. Still, it makes me nervous.
Meanwhile, my father-in-law discovered his bank account was several hundred dollars short. Turns out he was auto-paying someone else's gas bill. My wife had a heck of a time straightening that out. The bank insisted it was the utility's responsibility and vice versa. "He signed up for automatic payment!"
"My father doesn't own a computer. Why would you authorize withdrawls for someone else's utility bill in the first place? Especially when their account number is identical except for two transposed digits..."
A mistake in that case, but it would be so easy to do that deliberately...
PHEM - party like it's 1997-2003!
Maybe the opening and scanning got outsourced to India?
For sale: Signature. One owner. Low miles. Always garaged. New punctuation, just installed!
The point he was tyrying to make is that the standard advise of ripping up credit card offers is worthless if any random person can tape the pieces together and apply for credit in your name fraudulently. That's why he applied in his father's name - he put in a fradulent application and it was accepted.
I know I'm going to be more careful to shred them all, but if you still think it's useless, that's fine by me. Send all of your ripped up CC applications to me, and I'll dispose of them.
"As God is my witness, I thought turkeys could fly." A. Carlson
The technology now exists to scan fragments of documents en-mass and piece them together semi-automatically in electronic format. Some human interaction is still required, but it is much faster and easier than the Iranian effort. This is being done to restore ancient manuscripts but I'm sure it's being done in the covert and criminal fields as well with shreded documents.
Support Right To Repair Legislation.
My wife did a few months on graveyard shift at a First Security payment processing center (before Wells Fargo assimilated them). She said those machines are *really* cool, really fast, and jam up so easily that they have dedicated staff on-hand to fix particularly nasty jams.
So if you want to put a (albeit small) dent in the productivity of the Evil Credit Card Sharks, send back those handy self addressed envelopes stuffed with their own junk mail. Be sure to fold, spindle, and mutilate the envelope, too. :)
Method of processing duck feet
is send you endless reams of "balance transfer" cheques or convenience cheques. Not only are they a complete rip off to use as interest and endless fees apply the second you use one, but they get mixed in with all the other crap they love to send you in the envelope and you don't realize they're there. You end up throwning them away in the trash without voiding or otherwise defacing them to make them worthless. Any enterprising thief scrounging through your garbage can come across them and use them. This happened to a good friend of mine when she threw them away thinking they were some sort of advertising without realizing they were real cheques. Cheque fraud isn't the easiest thing in the world to do anymore, especially in Canada where no merchants will accept cheques anymore, but it does happen.
Ask them to stop sending them to you and they swear up and down it will happen, but it never does. It's just too lucritive for them to stop sending them to you.
You want high volume processing? Try First Data. My Dad worked there for like 5 years overseeing hundreds of people who ran the machines that did this stuff 24 hours a day. For a while, I worked in one of the Quality Assurance departments for Credit Card bill printing and our team could (mostly) ensure the quality of over a million pieces every day. It's mainly an automated process, but there was always human verification at some point or another. But that doesn't mean that someone can't get sloppy! There were always bonuses the more you pushed through your department (but there were also punishments for letting something like that through).
So sure, if you fill out a credit app, tear it up, and some bozo then pieces it back together, you're in trouble - but if you don't ever fill it out, where's the problem? Seems like a big pile of sensasionalist FUD to me.
Okay, suppose you tear up a credit card application and toss it in the garbage. A few days later you tear up a paycheck stub, old tax form, bank or brokerage statement -- anything with your SSN on it -- and throw that away. What makes you think that a garbage raider won't find the information and use it to fill out the torn-up application? Sure there are other, more dastardly things they could with the information, and even without the application the thief could simply go online, but small-time crooks are often opportunists who do whatever is most convenient.
Something like this is not far-fetched in the least, at least not if credit card companies will process a taped-together application. Years ago someone fished my torn-up credit card information out of the garbage and used it to subscribe to a porn site (the fact that the moron logged in regularly was his undoing). Needless to say, I now shred 80% of everything that arrives in my mailbox.
That's why he applied in his father's name - he put in a fradulent application and it was accepted.
Nope, it's not quite that insane. He used his fathers address, but he used his own name (and presumably correct SS#). If you look close you can even see his name (Rob Cockerham) on the application. Learn to read more carefully next time, lest you miss-inform a huge number of people.
AccountKiller
You know, I've had other friends suggest the "smear some of substance X on the paper" idea. I'm no lawyer, but I think sending biohazardous material through the mail is probably a felony, and would likely be the target of a much larger investigation in a "Post 9/11 era" than I'd care to be a party in. While peanut butter may not count, its less tasty digested form probably would.
https://www.eff.org/https-everywhere
So if you want to put a (albeit small) dent in the productivity of the Evil Credit Card Sharks, send back those handy self addressed envelopes stuffed with their own junk mail. Be sure to fold, spindle, and mutilate the envelope, too. :)
Nah, just send back the application (blank) with a thin layer of jelly.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
Forgot to mention the solution I did end up using for a particularly determined bank which kept sending me high interest "pre-approved" credit card applications:
I made my own checkbox next to the "YES! Sign me up." that said "No thanks," and checked it. Naturally, I put it in the business reply envelope, along with a dollar or two in pennies (to be used toward the processing fee of course), and sent it on its way.
They never sent me another application.
https://www.eff.org/https-everywhere
"Can someone explain to me why a PO Box is not acceptable as an address?"
One reason, which has nothing to do with your problems, is that UPS/FedEx/etc. cannot deliver to PO boxes.
"As God is my witness, I thought turkeys could fly." A. Carlson
So I came up with my $0.50 shredding system: 1 bucket, 2 cups of bleach, water.
- put papers flat in bucket
- pour bleach, let sit outside until bleach- and ink- is gone (a day or two)
- and/or add water, wait, stir until its pulp soup
Takes a total of 5-10 minutes, and there's no recoverable information: much, much better than my old shredder could do. If I wanted to go artistic I could make paper from the pulp- but the bleach thrashes fiber quality. Maybe I could make some paper bricks to mail in those postage free envelopes if I ever felt I needed to give something back to the credit card offering companies.OMG! That's not jelly! EEEEEEWWWWWW!
Then let's see them put it back together...
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
Shred the application, but if it came with a postage-paid return envelope, take all the rest of the crap in there, and fold up the outer envelope as well, and maybe some sawdust and dust bunnies, and mail it back to them so they have to pay the postage. Make sure you shred the bit that had your name and address on it or they might give you a credit card anyway.
Something to do while watching movies.