Slashdot Mirror
Identity Theft Skeptic Ends Up As Fraud Victim
An anonymous reader writes "British TV host Jeremy Clarkson recently wrote a newspaper editorial ridiculing the uproar that had occurred after the British government admitted to losing two compact discs containing the personal information on 25 million people. To support his claim about the overhyped risks of identity theft, he published his bank account information in the article. Proving that some identity thieves have a sense of humor, a week later, he found out that someone had set up an automatic bank transfer for $1000 to a diabetes charity from his account. This comes less than a year after the CEO of LifeLock, an identity theft protection company which publishes the CEO's social security number on its website, himself was a victim of financial fraud. Back in July of 2007, a man in Texas was able to secure a $500 loan from a payday loan company using the CEO's widely publicized SSN. Will this latest incident finally prove that identity theft is real, and that publishing your own financial info is an invitation for fraud?"
Plain and simple.
Vescere bracis meis.
Clarkson, you ponce!
And learn what a pickup truck is designed for, would ya?
"History doesn't repeat itself, but it does rhyme." Mark Twain
In the immortal words of Bugs Bunny: "What a maroon!"
The world's burning. Moped Jesus spotted on I50. Details at 11.
If you give personal information away freely, is it really accurate to call taking it theft?
Of course, what defrauders do with it might constitute stealing. But that's less "identity theft" and more "money theft" if you ask me.
...but is it art?
That was a pretty arrogant move, even for his standards, and I'm sure he's be humbled (somewhat) after being taken down a peg. I guess that's the price you pay for overconfidence.
The US Constitution needs a Privacy Amendment specifying that people's right to privacy in our personal data shall be protected, that no one has the right to copy any such data except as necessary to complete the immediate transaction for which it was transmitted by that person, except under explicit permission from that person.
The 4th Amendment already makes explicit the right to such privacy, but it clearly isn't enough anymore - not for a long time. But since the 4th Amendment itself was merely an emphasis of a right already implicit in the Constitution, but worth repeating explicitly to ensure government protection of it (like the rest of the Bill of Rights), it's perfectly appropriate to reiterate it in terms easily enforceable in the current era, like copyright terms.
--
make install -not war
How in hell is this possible?
Isn't your bank the only institution able to transfer money out of your account? Don't you have to show your ID? Don't you have to sign some documents???
My opinion is ID theft is only possible because the clerks in the banks are too lazy to check for an ID or a signature. Whenever you go to a bar in the US, they will look at your ID before they serve booze, but if you set up a $xxxx account/load no one will ever check it. This is just how ridiculous the system is. Account number without proof of identity should be as useless as a car without gas.
It seems like making people paranoid about protecting their personal data is the wrong way to attack the problem, especially given the significant chance that whatever they do, some 3rd party will release that data and put them at risk.
Instead, we should remove the incentive for identity theft and make it MUCH more onerous and difficult to get anything worthwhile out of stolen financial data.
Plus, it'd be nice to not get those 10-15 credit card offers a week in the mail.
Comment removed based on user account deletion
During the news segment this season. He somehow blamed it on using his credit card at the gas pump, whether or not it was while filling up his Lamborghini he didn't say. James May did not say "oh cock" to this.
I wonder if he poked sticks into his own eyes ... after all, he did exactly the same thing, the only exception being that he did it to himself, rather than to others.
I can only hope he continues to contribute to the charity so he can stay humble.
.. paranoid crackpot leftover from the days of Amiga.
To be fair what happened was someone set up a Direct Debit in his name, where a company or organisation can deduct money directly from your bank account. These are _very_ common in the UK, much more so than direct bill payment in the US.
One of the reasons they are so common is that every transaction under them is covered by the Direct Debit Guarantee. Under this, he can get an immediate refund from his bank just by asking.
The process of being approved to collect direct debits is pretty arduous, as the banks bear a lot of the costs if something goes wrong. At the same time, the consumer has a level of protection light years beyond that offered in the US for similar transactions.
It's not that uncommon for friends exchanging money in the UK (say someone borrowed some cash for a night out) to simply hand over their bank details and get the money from their friend as an electronic transfer using online banking. In general it'd be pretty difficult for someone to take money from an individual's bank account, even knowing their details for their own benefit. I'm not even sure most online banking in the US lets you deposit money directly into another person's account?
I still hear the LifeLock commercials on the radio as I drive to work all the time. I don't see how they can prevent someone from stealing your identity, especially if you're dumb enough to give out the information to people who will use it for nefarious purposes. If all there offering is a service to undo the damage, that might be useful given how time-consuming it is, but then can they necessarily represent you to organizations where you need the information changed or charges nullified?
GetOuttaMySpace - The Anti-Social Network
The information he gave out was the same information a person gives out when they hand over a check. It's analogous to a pundit loudly proclaiming that it is perfectly safe to walk around outside. This is then demonstrated by walking through a large crowd of people. Somebody decides to prove otherwise & stabs them in a non-lethal manner solely to illustrate the point.
Insert Foot.
Seven Days with Ubuntu Unity
A lot of people are very naive about the security provided by credit cards and checking accounts.
I used to run credit cards and EFT as part of a previous job, and I was responsible for setting up the system. The only thing I need for an electronic funds transfer is your bank routing and account numbers. All that information is available on a voided check.
The only security you have, is that it's difficult to complete these kinds of transactions anonymously. Bank fraud is a big deal if you are caught.
The same is true of credit cards. Your signature is a contract promising to pay. It protects the business against customers reversing charges on purchased goods. It is not used for authentication of any form.
Actually, it doesn't say that he was a victim of "identity theft". It says that he is an "Identity Theft Skeptic" and that he is a "Fraud Victim". The article called the crime "identity fraud" which seems accurate. Somebody said "These is my account information, please accept my money." - Perfectly describable as "identity fraud" and nearly enough for the article submitter to assume that the fraudsters were "identity thieves" as he described them.
He's getting rather old, but he's a good mouse.
He was wrong and went on to say so
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
In the UK you can only set up a direct debit to certain registered things, one of them being charities.
The pranksters couldn't have set up direct debit to their own account, for example.
No sig today...
In America the big one is the Automated Clearing House. That's how you do thing like automatic bill pay or such if you want. The company you are paying tells the bank "The customer for this account said I could have this much money," and the bank transfers it. Now the balance on this is that you don't just hop on the network. I can't just go and do an ACH debit from your account. Those that are part of the network are subject to strict regulations, once of which being you have to say it is ok for them to take money from your account. If they just do it without permission, they are in trouble.
However, you would be right in thinking that this isn't perfectly secure. We live in a world of imperfection, however, and usability is balanced against security all the time.
If a crime bas been committed the police have good reason to seek to have privacy doors opened - perhaps with the oversight/approval of a judge. Recent UK legislation is giving civil servants wide investigation powers - without judicial oversight.
This smacks of an excuse.
Can this topic come up and not a single person asks ANY of the following questions:
1. I get someone elses ssn, and I'm off to the bank. (or whatever) Why is the process that associates a unique identifier (U.S. = SSN) with financial activity so simple?
2. Why does "sucks to be you" suffice every single time this issue comes up?
3. While individual financial data is available to the financial institutions, it's totally opaque to the consumer. Ex. how is my credit score calculated? How come consumers have practically no control over it?
4. The risks of an easy credit system far outweigh the benefits and yet no one seems to acknowledge this. An indirect example of this is the bad packaged loans that are driving the current "credit crunch."
Transparency is the keystone to a healthy economy and yet there's less and less with each passing year.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
The report here should not be that some person had their identity stolen.
The report should be that some dumb bank transferred funds without checking identity.
The sooner we put the right focus on this problem, the better. It shouldn't be called identity theft. It should be called bank malfeasance.
When somebody walks into Citi bank and tells the teller my name, the teller shouldn't hand all my cash over to that person. That isn't identity theft; it is complete incompitence, or worse, collusion.
Don't report the name of the person whose account was abused. Report the name of the bank, and the name of the employee that allowed it. Put the focus where it belongs on these crimes. And in the case of this high profile personality, at least report that he has decided that Bank XYZ is completely incompetent and has moved his account to Bank ABC (complete with new bank account #).
If someone steals money from my account it is totally up to bank to deal with it, I usually don't care and in only one occasion when something happened I got my money back in hours. Law should put all responsibility in these cases on thieves and companies who failed to verify identity. If companies and financial institutions would be held responsible for not validating customer's identities properly I guess identity fraud cases will drop dramatically. If they afraid to make few extra checks in fear of losing few customers why would others suffer? My grandmother used to say "Trusting people is just a romantic stupidity".
This is your 3rd comment on /. - and your second one entitled "obligatory", containing an obvious joke.
It's nice to see you've found a role within the community.
Not revealing your social security number isn't "security through obscurity" any more than not leaving the combination of the safe on a post-it note stuck to the safe door is.
An example of "security through obscurity" would be "nobody knows about this money I have hidden in my sock drawer, so it must be safe."
Gee, did I just fall for a troll?
I don't care why you're posting AC
I think this is possible only because people confuse information about an identity with that identity, and therefore believe that knowledge of that information proves that the person is who they say they are.
I think there's way too many people and organizations with legitimate access to all kinds of information about me for me to consider that my SSN (or an account number that's printed on every statement that goes through the mail, or 16+4+3 digits on a credit card) is a good shared secret between me and my bank (or employer, or anyone.) Then, there's all the people who have illegitimate access.
We still use this because... it works "well enough." Banks make enough that they can cover the loss from a few fraudulent loans. And a person having to clean up a credit record is a PITA, but it's doable. And it's an externality from the bank's perspective.
Thinking about this, I don't have a real solution. It's advisable to guard your psudo-secrets, when you can. A law or two to help this might help, but not get rid of the problem. Until someone comes up with a good identifier[1], we're stuck with it.
[1] For values of "good identifier" that include a way that one person can prove they are the same person who established the good credit / made the bank deposit / whatever, including letting someone act as a limited agent of another (so the power company can take my electricity bill out of my account, but not let a rogue employee take all my money and buy Enron stock) and also doesn't let someone establish multiple identities with which to keep ripping off banks and others.
He published is information, and the only thing that happened was an automatic withdraw?
If it was as rampant as people are bing led to believe, his account wold have been empty.
Yes, it exists, but I don't think it's worth the panic people tend to go into.
Of the millions and millions of people whose information has been stolen or lost or were copied froma computer system, only a very tiny fraction have been the victims of identity theft.
The Kruger Dunning explains most post on
I mean, 60%-90% CPU cycles while doing nothing would be normal then, right?
Peter predicted that you would "deliberately forget" creation 2000 years ago...
Just as a point of relevance here, Clarkson was victim to a fraudulent direct debit, not a standing order. While both are useful for similar things, the mechanics in the two cases are quite different.
A standing order is normally some sort of regular payment you set up yourself for a constant amount, such as a monthly rent payment to a landlord. A direct debit is set up by the recipient and can vary in amount and date it is collected, and is typically used for paying things like utility bills, where the money owed varies a bit from month to month.
The key difference, for the purposes of debunking the hype here, is that because of the obvious danger in letting a third party instruct your bank on your behalf and then withdraw your money remotely, all direct debits are covered by the Direct Debit Guarantee. Among other things, this says that if something goes wrong, your bank must refund your missing money first and ask questions later. A corollary of the latter is that Clarkson is unlikely to have any trouble getting his missing money back here, ironic and amusing as the incident is.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Okay this article mentions:
/. comment moderation is badly broken. Burn Karma! Burn!
1) Identity theft
2) A celebrity who holds extreme views on a wide range of topics of interest to nerds, from the environment to computers and identiity theft.
3) The celebrity has changed his mind on the topic after being proven wrong by a very cheeky identity thief.
4) That celebrity presents a show that does interest nerds. (Not just the cars either. One episode showed a car being blown off the tarmac by a 747's engine thrust).
How is this not news? How is this not interesting?
Yet a comment like yours gets modded as insightful instead of -1:troll. More proof that
These posts express my own personal views, not those of my employer
I hate Clarkson. I think he's a complete twat, but having a said that he does have the guts to admit he made a complete prick of himself in public. Some other public figures might do well to follow that lead if nothing else.
Windows guys please stop pissing on everyone and the Linux guys stop pissing in the wind, hoping to hit Windows guys!
Not everyone likes the guy. Some folks realise he's intentionally an ass to get great reactions from folks. He does make great TV, but it's contrived. It's presented as non-scripted, but that couldn't be further from the truth. I like a lot of what he does, but I wouldn't trust him with anything important.
They transferred £500, not $1000.
It was done in the UK using Stirling, not in the US using US$