Slashdot Mirror
Identity Theft Skeptic Ends Up As Fraud Victim
An anonymous reader writes "British TV host Jeremy Clarkson recently wrote a newspaper editorial ridiculing the uproar that had occurred after the British government admitted to losing two compact discs containing the personal information on 25 million people. To support his claim about the overhyped risks of identity theft, he published his bank account information in the article. Proving that some identity thieves have a sense of humor, a week later, he found out that someone had set up an automatic bank transfer for $1000 to a diabetes charity from his account. This comes less than a year after the CEO of LifeLock, an identity theft protection company which publishes the CEO's social security number on its website, himself was a victim of financial fraud. Back in July of 2007, a man in Texas was able to secure a $500 loan from a payday loan company using the CEO's widely publicized SSN. Will this latest incident finally prove that identity theft is real, and that publishing your own financial info is an invitation for fraud?"
They were DESIGNED to carry a small bag of £11 firelighters in little metal pots so you don't get the paraffin smell on your hands, ya maroon! (F-series)
Or to be put on top of a building being demolished (hilux)
Or to have an incredibly large outboard motor attached to the back and get capsize on a reservoir (another hilux, which he broke!)
Or to be driven to the north pole. (modified hilux)
What did you think they were designed for?
Comment removed based on user account deletion
To be fair what happened was someone set up a Direct Debit in his name, where a company or organisation can deduct money directly from your bank account. These are _very_ common in the UK, much more so than direct bill payment in the US.
One of the reasons they are so common is that every transaction under them is covered by the Direct Debit Guarantee. Under this, he can get an immediate refund from his bank just by asking.
The process of being approved to collect direct debits is pretty arduous, as the banks bear a lot of the costs if something goes wrong. At the same time, the consumer has a level of protection light years beyond that offered in the US for similar transactions.
It's not that uncommon for friends exchanging money in the UK (say someone borrowed some cash for a night out) to simply hand over their bank details and get the money from their friend as an electronic transfer using online banking. In general it'd be pretty difficult for someone to take money from an individual's bank account, even knowing their details for their own benefit. I'm not even sure most online banking in the US lets you deposit money directly into another person's account?
If I give my information to the bank teller, and that bank teller goes and uses that information to fradulently create accounts in my name, is that still not identify theft?
Not at all. I've just set up direct debits to pay my bills just by sending my bank account number to the electricity company. They do the rest. Presumably they just take my word for it that it's my money, and then the bank sets up the debit without asking any questions.
Oh actually I think there was a 'this is not a fraud' tickybox.
A lot of people are very naive about the security provided by credit cards and checking accounts.
I used to run credit cards and EFT as part of a previous job, and I was responsible for setting up the system. The only thing I need for an electronic funds transfer is your bank routing and account numbers. All that information is available on a voided check.
The only security you have, is that it's difficult to complete these kinds of transactions anonymously. Bank fraud is a big deal if you are caught.
The same is true of credit cards. Your signature is a contract promising to pay. It protects the business against customers reversing charges on purchased goods. It is not used for authentication of any form.
Actually, it doesn't say that he was a victim of "identity theft". It says that he is an "Identity Theft Skeptic" and that he is a "Fraud Victim". The article called the crime "identity fraud" which seems accurate. Somebody said "These is my account information, please accept my money." - Perfectly describable as "identity fraud" and nearly enough for the article submitter to assume that the fraudsters were "identity thieves" as he described them.
He's getting rather old, but he's a good mouse.
I don't know the UK system very well, but I have lived in Germany and France for some time.
Direct debit can only be set up for large institutions like major phone company, electricity company etc... These are either tight to a particular location or your ID is checked (for instance for mobile phones). It's pretty hard to do anything nasty with that.
Wire transfer over the internet requires a one time pad in Germany. You receive a list of codes via secure mail (the same as the one used to send you credit card PIN). In France it sucks, but basically it is not so different from the US, you have to sign up for the service and various password / identification schemes are put in place (although they suck compared to the German OTP).
In France one of my banks even required me to go to a branch to register the bank number before I could make a transfer.
He was wrong and went on to say so
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
You may appreciate his views on America (choice quote 'when being chased by a gang of rednecks': "I honestly believe that in certain parts of America now, people have started to mate with vegetables.")
In the UK you can only set up a direct debit to certain registered things, one of them being charities.
The pranksters couldn't have set up direct debit to their own account, for example.
No sig today...
In America the big one is the Automated Clearing House. That's how you do thing like automatic bill pay or such if you want. The company you are paying tells the bank "The customer for this account said I could have this much money," and the bank transfers it. Now the balance on this is that you don't just hop on the network. I can't just go and do an ACH debit from your account. Those that are part of the network are subject to strict regulations, once of which being you have to say it is ok for them to take money from your account. If they just do it without permission, they are in trouble.
However, you would be right in thinking that this isn't perfectly secure. We live in a world of imperfection, however, and usability is balanced against security all the time.
The UK Direct Debit is allowed to be set up by certain 'trusted organisations' (eg utility companies, local councils) - it is widely used - if any query is made the bank refunds the money then sorts out the problem as all transfers should require a 10days notice sent to the registered address of the account
We have a right to privacy, as the 4th Amendment says. The government exists to protect it
Wrong. That's not what the 4th amendment says. The 4th amendment puts a limit on the government's ability to invade your privacy:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
It does not establish a right to privacy; that right, since it is not expressly surrendered to the government in the Constitution, is reserved to the states and the people via the 10th amendment.
It is up to your state and local government to define the limits of other individuals' ability to encroach on your privacy and property. (Similarly, it is up to those governments to specify how they protect individual's lives from the threat of other individuals.) If they fail to sufficiently protect those rights, well, there's always the 2nd amendment...
Did I say overlords? I meant protectors.
On the flip side, a recent episode of Top Gear featured the presenters in a race across London- by car, bicycle, public transport, and speedboat on the Thames. Of course the bike won...
> Thanks, and what might explain why they picked a charity for diabetes?
According to Computing magazine, it's because "Diabetes UK ... did not require a signature to set up a standing order."
And nor did his bank. That is the frightening bit. I give my bank details out to people such as letting agencies for credit checks, employers.
If my bank is just like his then they'll be happy to give my money out to all comers. If the account details are all that is supposed to be required to withdraw money, why do I need separate codes for internet and telephone banking?
Nothing is so smiple that it can't be screwed up.
They changed the postal regs on that one a long time ago, at least here in the United States (I think it goes back to the Nixon presidential campaign during the 1970s when people were using his postage paid campaign fund raising envelopes to mail bricks and other heavy objects by taping the envelope to the object in question). Anyway, if it doesn't fit inside the standard envelope or weighs more than a certain low amount, less that 3.5 ounces and 0.25 inches thick are the maximum limits for standard envelope, it gets classified as "junk" and the post office discards it without actually sending it through. So while you are madly cackling with glee stuffing that postage paid envelope with "ballast" just remember to keep it under the 3.5 ounce limit so that it will actually get there and not get discarded as junk (i.e. they never get it and they don't have to pay for the cost of mailing) at your local post office before it is sent on through the system.
Just as a point of relevance here, Clarkson was victim to a fraudulent direct debit, not a standing order. While both are useful for similar things, the mechanics in the two cases are quite different.
A standing order is normally some sort of regular payment you set up yourself for a constant amount, such as a monthly rent payment to a landlord. A direct debit is set up by the recipient and can vary in amount and date it is collected, and is typically used for paying things like utility bills, where the money owed varies a bit from month to month.
The key difference, for the purposes of debunking the hype here, is that because of the obvious danger in letting a third party instruct your bank on your behalf and then withdraw your money remotely, all direct debits are covered by the Direct Debit Guarantee. Among other things, this says that if something goes wrong, your bank must refund your missing money first and ask questions later. A corollary of the latter is that Clarkson is unlikely to have any trouble getting his missing money back here, ironic and amusing as the incident is.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
The pitted a standard Mustang against a standard Lotus Elise, both of which can easily be bought in the UK. Moreover, the Mustang costs more.
#include "disclaimer.h"
They transferred £500, not $1000.
It was done in the UK using Stirling, not in the US using US$