Identity Theft Skeptic Ends Up As Fraud Victim

An anonymous reader writes "British TV host Jeremy Clarkson recently wrote a newspaper editorial ridiculing the uproar that had occurred after the British government admitted to losing two compact discs containing the personal information on 25 million people. To support his claim about the overhyped risks of identity theft, he published his bank account information in the article. Proving that some identity thieves have a sense of humor, a week later, he found out that someone had set up an automatic bank transfer for $1000 to a diabetes charity from his account. This comes less than a year after the CEO of LifeLock, an identity theft protection company which publishes the CEO's social security number on its website, himself was a victim of financial fraud. Back in July of 2007, a man in Texas was able to secure a $500 loan from a payday loan company using the CEO's widely publicized SSN. Will this latest incident finally prove that identity theft is real, and that publishing your own financial info is an invitation for fraud?"

Poetic justice

[nullCRC]

Plain and simple.

Re:Poetic justice

[Naughty+Bob]

I like the scam they pulled, but to be truly poetic, the bank transfer should have gone to Friends of the Earth. Anyone who knows of Clarkson will understand.

Re:Poetic justice

[blorg]

Any explanation for those of us across the Atlantic from all things Limey?

Clarkson presents Top Gear, a very popular BBC motoring show, and is well known for his skepticism of all things hippie or environmental.

You may appreciate his views on America (choice quote 'when being chased by a gang of rednecks': "I honestly believe that in certain parts of America now, people have started to mate with vegetables.")

Re:Poetic justice

[cHiphead]

That sumbitch bettar stay outta our Amer'ca or we'll kick his r'mainin good teeth owt!

I bet he's a terrist too!

Re:Poetic justice

[blorg]

Thanks, and what might explain why they picked a charity for diabetes?

I don't know why they picked diabetes; I was explaining the comment about why they should have chosen Friends of the Earth. Clarkson is a notorious anti-environmentalist. A lot of what he says and does is posturing - he's deliberately offensive to goad a reaction out of people, but there is a certain segment of the British public that laps up anything the man says as gospel (a segment not unlike the rednecks mentioned above ;-)

On the flip side, a recent episode of Top Gear featured the presenters in a race across London- by car, bicycle, public transport, and speedboat on the Thames. Of course the bike won...

Re:Poetic justice

[mcpkaaos]

his r'mainin good teeth

He's British.

Re:Poetic justice

[LordP]

Of course the bike won... Not only that, but the car lost by a significant margin. Having Captain Slow driving it probably didn't help though.

Schadenfreude

[Dr+Caleb]

Clarkson, you ponce!

And learn what a pickup truck is designed for, would ya?

Re:Schadenfreude

They were DESIGNED to carry a small bag of £11 firelighters in little metal pots so you don't get the paraffin smell on your hands, ya maroon! (F-series)
Or to be put on top of a building being demolished (hilux)
Or to have an incredibly large outboard motor attached to the back and get capsize on a reservoir (another hilux, which he broke!)
Or to be driven to the north pole. (modified hilux)

What did you think they were designed for?

Bwahahahahaha!

[MightyMartian]

In the immortal words of Bugs Bunny: "What a maroon!"

Re:Bwahahahahaha!

[VGPowerlord]

From the other guy's perspective:
In the immortal words of Bugs Bunny: "Ain't I a stinker?"

If you give it away

[Bongo+Bill]

If you give personal information away freely, is it really accurate to call taking it theft?

Of course, what defrauders do with it might constitute stealing. But that's less "identity theft" and more "money theft" if you ask me.

Re:If you give it away

[Billosaur]

Well, giving away the information for free doesn't make it a crime for you to possess the information. If you then use it, claiming you are a person you are not, that's fraud and illegal in most jurisdictions.

Re:If you give it away

[Jhon]

When I freely publish my business name and address in the phonebook, is it really accurate to call it theft when someone breaks in to my store and steals my stuff? Granted, it's not the same thing, but to publish your personal information does not give someone the right or permission to use that information for fraud any more than publishing my business address gives someone the right or permission to commit B&E.

With regards to "identity theft" vs "money theft", the end result is usually the theft of money. The label of "identity theft" basically describes HOW the theft took place...

Re:If you give it away

[Hognoxious]

If you then use it, claiming you are a person you are not, that's fraud and illegal in most jurisdictions.

And any bank and its imbecile staff that allows you to pretend to be someone you aren't because they can't be arsed to properly check[1] should be liable for the loss themselves.

Before anyone claims that giving his bank account number out was irresponsible - it's printed on the bottom of your cheques.

[1] Even if more than one person can have the same name, it should be easier than normal in this case.

Re:If you give it away

[russ1337]

Yeah, I just can't believe someone could be that stupid.

Signed

Sam B. Carswell
4994 Pin Oak Drive
Whittier, CA 90603

Email Address: SamBCarswell@fontdrift.com


Phone: 562-943-0713
Mother's maiden name: Grondin
Birthday: January 27, 1955

Visa: 4532 7971 3753 8401
Expires: 12/2009

SSN: 550-80-1765

UPS Tracking Number for my Plasma TV: 1Z 195 055 46 3018 447 5

Re:If you give it away

[ArsonSmith]

Copying music online isn't stealing because it's copyright violation.
Obtaining and using a persons identity isn't theft because it's impersonation fraud.

Please let's use the correct terms.

Re:If you give it away

[KublaiKhan]

Yes, but what's your /. password?

Re:If you give it away

[chooks]

It's a six digit ID. Who cares? :)

Re:If you give it away

[WK2]

It's a six digit ID. Who cares? :)

I do.

He had it coming...

[Red+Samurai]

That was a pretty arrogant move, even for his standards, and I'm sure he's be humbled (somewhat) after being taken down a peg. I guess that's the price you pay for overconfidence.

Re:He had it coming...

[imipak]

Humbled?? Is this some sort of secret clone Clarkson that's roaming the earth? Doesn't sound much like the tosser we know and loathe so much. Viz ran a Roger Mellie (The Man on the Telly) strip taking the piss out of him, it has him doing a piece to camera - "this is the all-new Ferarri Testosterone, and it's 500 BHP of snorting, snarling bitch. If this car was a woman I'd drop my kecks right now and give it one right up the exhaust pipe. IN fact I think I will!" (next frame) "Ugh! Ugh! Ugh! Yeah, bitch, you like it like that don't you?!" "sproing, sproing sproing" (car springs) "Cut!"

How??

[jackjeff]

How in hell is this possible?

Isn't your bank the only institution able to transfer money out of your account? Don't you have to show your ID? Don't you have to sign some documents???

My opinion is ID theft is only possible because the clerks in the banks are too lazy to check for an ID or a signature. Whenever you go to a bar in the US, they will look at your ID before they serve booze, but if you set up a $xxxx account/load no one will ever check it. This is just how ridiculous the system is. Account number without proof of identity should be as useless as a car without gas.

Re:How??

[stranger_to_himself]

Isn't your bank the only institution able to transfer money out of your account? Don't you have to show your ID? Don't you have to sign some documents???

Not at all. I've just set up direct debits to pay my bills just by sending my bank account number to the electricity company. They do the rest. Presumably they just take my word for it that it's my money, and then the bank sets up the debit without asking any questions.

Oh actually I think there was a 'this is not a fraud' tickybox.

Re:How??

[jackjeff]

I don't know the UK system very well, but I have lived in Germany and France for some time.

Direct debit can only be set up for large institutions like major phone company, electricity company etc... These are either tight to a particular location or your ID is checked (for instance for mobile phones). It's pretty hard to do anything nasty with that.

Wire transfer over the internet requires a one time pad in Germany. You receive a list of codes via secure mail (the same as the one used to send you credit card PIN). In France it sucks, but basically it is not so different from the US, you have to sign up for the service and various password / identification schemes are put in place (although they suck compared to the German OTP).

In France one of my banks even required me to go to a branch to register the bank number before I could make a transfer.

Will it lead to stricter regulation of credit?

[Reality+Master+201]

It seems like making people paranoid about protecting their personal data is the wrong way to attack the problem, especially given the significant chance that whatever they do, some 3rd party will release that data and put them at risk.

Instead, we should remove the incentive for identity theft and make it MUCH more onerous and difficult to get anything worthwhile out of stolen financial data.

Plus, it'd be nice to not get those 10-15 credit card offers a week in the mail.

Re:Will it lead to stricter regulation of credit?

"Plus, it'd be nice to not get those 10-15 credit card offers a week in the mail."

No, no, no! You're looking at this all wrong!

I LOVE getting those free offers in the mail - but only the ones with the return-postage-paid envelopes.

Did you know that you can tape that envelope to ANYTHING (almost...) that weighs less than 70 lbs.? And it will be delivered?

That's how I get rid of my old 486, 386, etc computers. And I don't fill up MY landfill! (And they have to dispose of them correctly!)

Sweeeet!!

Direct Debit Guarantee

[Albanach]

To be fair what happened was someone set up a Direct Debit in his name, where a company or organisation can deduct money directly from your bank account. These are _very_ common in the UK, much more so than direct bill payment in the US.

One of the reasons they are so common is that every transaction under them is covered by the Direct Debit Guarantee. Under this, he can get an immediate refund from his bank just by asking.

The process of being approved to collect direct debits is pretty arduous, as the banks bear a lot of the costs if something goes wrong. At the same time, the consumer has a level of protection light years beyond that offered in the US for similar transactions.

It's not that uncommon for friends exchanging money in the UK (say someone borrowed some cash for a night out) to simply hand over their bank details and get the money from their friend as an electronic transfer using online banking. In general it'd be pretty difficult for someone to take money from an individual's bank account, even knowing their details for their own benefit. I'm not even sure most online banking in the US lets you deposit money directly into another person's account?

available information vs. foot in mouth

[MyNymWasTaken]

The information he gave out was the same information a person gives out when they hand over a check. It's analogous to a pundit loudly proclaiming that it is perfectly safe to walk around outside. This is then demonstrated by walking through a large crowd of people. Somebody decides to prove otherwise & stabs them in a non-lethal manner solely to illustrate the point.

Re:Privacy Amendment

[Doc+Ruby]

I hear this all the time, usually from Anonymous Cowards too scared to say something so anti-American in public. So I always rebut it, because I understand America, rights and government.

America is built on the simple, but radical (for the 1780s, anyway) realization that people have rights, create governments to protect those rights, so when we create them, we must create them with powers to protect them, but not to abuse them. We have a right to privacy, as the 4th Amendment says. The government exists to protect it,

Or are you going to tell me that, say, the 13th Amendment banning slavery limits only the government from owning slaves? No, freedom is a right. Rights are inalienable, not just "inalienable by the government".

Naiveate`

[Burning1]

A lot of people are very naive about the security provided by credit cards and checking accounts.

I used to run credit cards and EFT as part of a previous job, and I was responsible for setting up the system. The only thing I need for an electronic funds transfer is your bank routing and account numbers. All that information is available on a voided check.

The only security you have, is that it's difficult to complete these kinds of transactions anonymously. Bank fraud is a big deal if you are caught.

The same is true of credit cards. Your signature is a contract promising to pay. It protects the business against customers reversing charges on purchased goods. It is not used for authentication of any form.

Re:To answer the question

[gnick]

Actually, it doesn't say that he was a victim of "identity theft". It says that he is an "Identity Theft Skeptic" and that he is a "Fraud Victim". The article called the crime "identity fraud" which seems accurate. Somebody said "These is my account information, please accept my money." - Perfectly describable as "identity fraud" and nearly enough for the article submitter to assume that the fraudsters were "identity thieves" as he described them.

Re:To answer the question

[raftpeople]

When it becomes "theft" is when someone steals an identifying document, such as a passport, social/national security card, or a driv[er's|ing] licen[c|s]e.

So, if they steal a document then it's identity theft, but if they create a false document using accurate information, then it's not identity theft?

skeptic is right

[petes_PoV]

The article called him a skeptic because he was skeptical that there was any danger in giving out his name, bank account details and hints of his address. This was a result of the furore about the 25 million NHS details that were lost last year - he didn't think there was anything to worry about.

He was wrong and went on to say so

They didn't have a lot of choices...

[Joce640k]

In the UK you can only set up a direct debit to certain registered things, one of them being charities.

The pranksters couldn't have set up direct debit to their own account, for example.

Re:They didn't have a lot of choices...

[ShieldW0lf]

This guy is a jackass.

"I opened my bank statement this morning to find out that someone has set up a direct debit which automatically takes £500 from my account," he said. "The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again.

Admitting the error of his previous article dismissing identity theft concerns, he wrote that, "I was wrong and I have been punished for my mistake." The incident seems to have changed his opinion about the risks to which the 25 million Brits have been exposed. "Contrary to what I said at the time, we must go after the idiots who lost the discs and stick cocktail sticks in their eyes until they beg for mercy."

So, does that mean that every charity and bank out there who has to deal with administrative headaches because he gave his information away should get to poke sticks in his eyes?

Re:They didn't have a lot of choices...

[ultranova]

I believe the GP was pointing out that he was just as careless with his information as were "the idiots who lost the discs".

The key word being "his", as opposed to "25 million peoples".

There is a certain difference between being careless in a way which will cause you trouble, and being careless in a way which will cause other people trouble.

Re:Privacy Amendment

[wombert]

We have a right to privacy, as the 4th Amendment says. The government exists to protect it

Wrong. That's not what the 4th amendment says. The 4th amendment puts a limit on the government's ability to invade your privacy:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

It does not establish a right to privacy; that right, since it is not expressly surrendered to the government in the Constitution, is reserved to the states and the people via the 10th amendment.

It is up to your state and local government to define the limits of other individuals' ability to encroach on your privacy and property. (Similarly, it is up to those governments to specify how they protect individual's lives from the threat of other individuals.) If they fail to sufficiently protect those rights, well, there's always the 2nd amendment...

Data protection act ?

[Alain+Williams]

Why the F should the data protection act stop the bank investigating fraud ? What questions are the bank prohibited from asking ? In the UK the data protection act is often used by organisations as an excuse to not do something - quite often because the are too lazy to do a proper job.

If a crime bas been committed the police have good reason to seek to have privacy doors opened - perhaps with the oversight/approval of a judge. Recent UK legislation is giving civil servants wide investigation powers - without judicial oversight.

This smacks of an excuse.

Information != ID

[davburns]

I think this is possible only because people confuse information about an identity with that identity, and therefore believe that knowledge of that information proves that the person is who they say they are.

I think there's way too many people and organizations with legitimate access to all kinds of information about me for me to consider that my SSN (or an account number that's printed on every statement that goes through the mail, or 16+4+3 digits on a credit card) is a good shared secret between me and my bank (or employer, or anyone.) Then, there's all the people who have illegitimate access.

We still use this because... it works "well enough." Banks make enough that they can cover the loss from a few fraudulent loans. And a person having to clean up a credit record is a PITA, but it's doable. And it's an externality from the bank's perspective.

Thinking about this, I don't have a real solution. It's advisable to guard your psudo-secrets, when you can. A law or two to help this might help, but not get rid of the problem. Until someone comes up with a good identifier[1], we're stuck with it.

[1] For values of "good identifier" that include a way that one person can prove they are the same person who established the good credit / made the bank deposit / whatever, including letting someone act as a limited agent of another (so the power company can take my electricity bill out of my account, but not let a rogue employee take all my money and buy Enron stock) and also doesn't let someone establish multiple identities with which to keep ripping off banks and others.

It kind of proved his point

[geekoid]

He published is information, and the only thing that happened was an automatic withdraw?

If it was as rampant as people are bing led to believe, his account wold have been empty.

Yes, it exists, but I don't think it's worth the panic people tend to go into.

Of the millions and millions of people whose information has been stolen or lost or were copied froma computer system, only a very tiny fraction have been the victims of identity theft.

Not quite

[Anonymous+Brave+Guy]

Just as a point of relevance here, Clarkson was victim to a fraudulent direct debit, not a standing order. While both are useful for similar things, the mechanics in the two cases are quite different.

A standing order is normally some sort of regular payment you set up yourself for a constant amount, such as a monthly rent payment to a landlord. A direct debit is set up by the recipient and can vary in amount and date it is collected, and is typically used for paying things like utility bills, where the money owed varies a bit from month to month.

The key difference, for the purposes of debunking the hype here, is that because of the obvious danger in letting a third party instruct your bank on your behalf and then withdraw your money remotely, all direct debits are covered by the Direct Debit Guarantee. Among other things, this says that if something goes wrong, your bank must refund your missing money first and ask questions later. A corollary of the latter is that Clarkson is unlikely to have any trouble getting his missing money back here, ironic and amusing as the incident is.

Re:News?

[syousef]

Okay this article mentions:
1) Identity theft
2) A celebrity who holds extreme views on a wide range of topics of interest to nerds, from the environment to computers and identiity theft.
3) The celebrity has changed his mind on the topic after being proven wrong by a very cheeky identity thief.
4) That celebrity presents a show that does interest nerds. (Not just the cars either. One episode showed a car being blown off the tarmac by a 747's engine thrust).

How is this not news? How is this not interesting?

Yet a comment like yours gets modded as insightful instead of -1:troll. More proof that /. comment moderation is badly broken. Burn Karma! Burn!