Your Identity Is Worth Less Than $15

I Don't Believe in Imaginary Property writes "One of the more interesting tidbits in Symantec's Global Internet Threat Report (PDF, 105 pages) is the price sheet, which suggests that someone's 'full identity' is worth in the range of $1-$15. Your email password goes for $4-$30 and your bank account might fetch $10-$1000. With those prices, I wonder how often they pay more for the bank account than is actually in it? There's also an executive summary (PDF, 36 pages)."

No way!

[moezaly]

Of course this article is wrong. Just look at how much all these politicians care about us.

Re:No way!

[smittyoneeach]

Apples and oranges.
These data are about what you saved in the past, and have in the present.
WRT entitlements at least, politicians are

• all about what can be siphoned from you in the future
• skimming a percentage from across all of society (modulo those rich enough to put their cash elsewhere, mind you) and not just wrecking individuals
• telling you "we're taking this from you for your own good, because it's Teh Right Thing To Do"

If only the 10th Amendment still had any teeth.

Re:No way!

[Perf]

The real ID thieves don't need your ID or bank info to steal your money. You don't even need a bank account or credit card. They just pass a law promising your future earnings to their constituents.

British ID card system

[adpsimpson]

So when the British government introduce their fantastic, shiney, new, biometric, uhackable ID card system, can we get them to buy our ID off us?

Re:British ID card system

[Nursie]

That got me thinking - fingerprint checks, what if you fail and then say "but I cut my finger, it's still healing"?

And that got me thinking further, if they're needed for medical care, what happens to people who do cut their fingers?

Hmmm.

Re:British ID card system

[BadAnalogyGuy]

You'd have to seriously hurt yourself to disable this biometric:
http://www.fujitsu.com/global/casestudies/WWW2_casestudy_BTM.html

Re:British ID card system

[IBBoard]

Either that or once they get as close to their "unhackable" pipe dream as possible we'll all be forced to pay hundreds of GB£ to ensure that it's protected properly specifically so that our identity isn't sold for $15 or less.

Re:British ID card system

[Missing_dc]

NA-NA---- NA-NA NEO-----NEOSPORIN!

(it's from an 80s Neosporin commercial -- and this message is here to circumvent the caps filter)

Re:British ID card system

[Smallpond]

Forget the British government. I printed my name and address on slips of paper so that when store clerks ask me for my phone number or address I can just offer to sell it to them for $2 taken off the cost of my purchase. I figure that they can get it anyway off the credit card companies, but $2 is probably cheaper. I never got anything but strange looks and "I can't do that" as a response. They don't seem to see the irony.

-- PS. Don't forget to check out the new season of the Sarah Connor Chronicles this fall on Fox.

Re:British ID card system

Plus you can always combine it with other metrics, like voice recognition, and maybe even an old-fashioned password/PGP handshake/whatever other stuff you want to throw on. Maybe it can be a point system like the DMV, so that as long as a certain percent of your stuff checks out you're OK.

Re:British ID card system

[Yokaze]

Or you make a backup.

Re:British ID card system

[THESuperShawn]

Not to doubt this study, but I think it must depend heavily on the technology of the reader itself. As a diabetic that pricks their finger often, I can tell you that the "dots" that appear on the fingerprint image (more on the electronic ones than the ink ones) have messed up my acces at more than one client. This includes a good deal of banking and Federal clients. My FBI background check has been rejected electronically at multiple clients and they requested ink prints because of the "dots" left by my finger "pricks". There's a new one for anyone thinking of a life of crime...don't painfully shave off your fingerprints (doesn't always work anyway), just get a job with an expense account, travel frequently, and gain 50 lbs in a year. Sure, you risk blindness, but you get new fingerprints every day :P (sure, or you could just wear gloves)

Re:British ID card system

[speculatrix]

they treat you but don't let you go until your finger has healed or you can pay, if you can't pay they take a kidney on deposit against a loan to pay it back!

Re:British ID card system

[complete+loony]

You'd have to seriously hurt yourself to disable this biometric I don't know about you, but I find that the people who have seriously hurt themselves need medical care the most. It seems kind of silly to have an identification system that doesn't work in cases where it could be the most use.

Re:British ID card system

[Sporkinum]

I just give them bogus information. Love throwing a little trash in their database.

Re:British ID card system

[calebt3]

Ya know, you could register more than one fingerprint.

Re:British ID card system

[Torvaun]

I'm sure that'll help the folks who tried unclogging their running snowblower. Unless they registered from both hands...

Re:British ID card system

Only terrorists cut their fingers.

Re:British ID card system

[socz]

Having played guitar for like 15 years, I know that you can get some pretty bad ass callouses on your finger tips. They are smooth and impervious to most sharp things for a short amount of time with applied pressure.

My question has always been, would this affect your finger prints? When I worked for a bank before, the FBI took my prints 3 times because they wouldn't come out. I think the guy just gave up after the 3rd attempt.

Some people have really hard jobs that destroy their hands, like some welders I know. I am pretty sure that would effect the palm vein scan.

I am thinking face/hand/feet would be the combo to go with since odds are you won't have all 3 destroyed. What do you guys think?

Re:British ID card system

[Hucko]

Pressing your face into an ink pad would be rather disconcerting for a reasonable period of time.

But then, that just my opinion. What ever floats your boat.

Re:British ID card system

[kcbnac]

http://xkcd.com/327/

'Nuff said :D

Who would trust Symantec

[allcar]

Whilst I am sure identity theft is a very real problem, I'm not sure I want Symantec to be my source of information about it. They have done more to reduce internet security than most, with bloated, unusable virus checkers that people end up simply disabling. Furthermore, there is a pretty obvious marketing angle to all of this.

Re:Who would trust Symantec

[AndGodSed]

Yes. You said what I wanted - why should I trust the people who gave us Norton with my internet safety?

Re:Who would trust Symantec

[AndGodSed]

Hey... waidaminute... that wasn't me!

Re:Who would trust Symantec

[jank1887]

you believe they gave you Norton? wow, have some more Kool-aid.

Re:Who would trust Symantec

[AndGodSed]

Eep - was I wrong? I always thought Norton Antivirus was a Symantec product... or are you pulling my leg?

Re:Who would trust Symantec

[DMather735]

No, your right, Norton is a Symantec product

http://en.wikipedia.org/wiki/Norton_antivirus

Re:Who would trust Symantec

[AndGodSed]

Phew...! Great Kool-Aid though...

Re:Who would trust Symantec

[jeffmeden]

Could that have been, o i dunno, PETER NORTON??? Symantec is just exploiting the crap.

Re:Who would trust Symantec

[jank1887]

Peter Norton gave us Norton. Symantec bought out his company in 1990, and has been slapping the brand name on everything they've put out since. Bloat and decline in quality followed.

from http://en.wikipedia.org/wiki/Norton_Utilities
"The Norton Utilities releases were collections of software utilities. Peter Norton published the first version for DOS, The Norton Utilities, Release 1, ca 1981. Release 2 came out several years later, subsequent to the first hard drives for the IBM PC line. Peter Norton's company was sold to Symantec in 1990. However his name remains as a "brand" for Symantec's range of utility and security software for home users."

Re:Who would trust Symantec

[Ceseuron]

I concur with allcar on this. While I don't discount the importance of identity theft and security awareness, this whitepaper seems to be little more than 105 pages of FUD designed to push Symantec's bloatware products. It's probably a clever marketing strategy if your target demographic is the suckers who handed out their bank account information to rescue millions of dollars for a foreign nobility. Anyone who exercises a little common sense while traversing the net won't find it hard to read between the lines, though.

Re:Who would trust Symantec

[Kazrath]

Anytime I read a post like this where a person "Hates" Symantec because of optional software they received on their DELL/HP etc it makes me quickly realize you probably do not belong on /. You are indicating your only experiance with a vendor is their consumer grade software which is designed to be bloated because stupid end users like bells & whistles. What ever happened to building your own PC and putting what you want on it? Are you lazy or incapable?

The majority of Symantecs software and revenue is on the corporate side and it is "Not" branded Norton. Some of their corporate software is bloated and is crap. However a good majority of it is top notch. If it wasnt Symantec would not be holding the lion's share of the software security market. Don't get me wrong.. the consumer stuff is crap and in no way is it anything remotely close to what a advanced user or greater wishes for. This is why I personally use enterprise level software which is generally focuses on effect and not bloat.

Re:Who would trust Symantec

[AndGodSed]

Ah, now I get your post...

Re:Who would trust Symantec

[Fulcrum+of+Evil]

Maybe Symantec should take heed, then. If the majority of the people who see symantec software see buggy crap, what does that say about their reputation as a whole? I also dispute your claims about consumer level vs. corporate stuff - the only real gradient I've found on features vs. quality is consumer vs. pro (that being CAD/Design/DV editing). Corporate stuff can be just as ugly and fad driven as Dell shovelware.

Re:Who would trust Symantec

[jotok]

Yes, the majority of people who see Symantec products do see bloated crap.
However, the majority of people who MAKE DECISIONS ABOUT SOFTWARE do not see bloated crap.
Since they are generally better educated and more experienced than the helpdesk jockeys who complain about how their new Dell laptop came with Norton, their opinions weigh a bit more.

You're kidding, right?

[BadAnalogyGuy]

a bank account might fetch $10-$1000. With those prices, I wonder how often they pay more for the bank account than is actually in it?

How much do you assume the average person has in their bank accounts? I realize that living at home with your parents and not having to pay for rent, utilities, food, and clothes may allow you to skate by with a very low monthly balance, but the vast majority of people who work for a living have to have the cash on hand (in their checking account, anyway) to pay for all these necessities.

But I don't suppose someone whose name is "I don't believe in imaginary property" would have a very solid grasp of the real world.

Re:You're kidding, right?

[IBBoard]

It depends which account. I'm 18 months out of University, have finally got on to the housing ladder (which isn't easy in the UK with stupidly inflated house prices), and am supporting myself, my wife, and soon a baby as well. We've got more than that in one of our bank accounts. Granted, it isn't our Current Account (which I assume is what the Americans call their Checking Account because they write their cheques from it), but it's still an account with more money than that in.

But as someone else mentioned, they probably want them for laundering rather than emptying.

Re:You're kidding, right?

[WiglyWorm]

Do you know how many people in America live paycheck to paycheck?

Quite a few people have bank balances that hover between the grand total of their most recent paycheck and $0. Or don't they count?

Re:You're kidding, right?

[MMC+Monster]

Should be an interesting poll:
How much money do you have in your (checking+savings) bank accounts?
1. 12 paychecks

Re:You're kidding, right?

[MMC+Monster]

Interesting. The new form has problems with &gt ; and &lt ; in text only submissions...

Re:You're kidding, right?

[MMC+Monster]

I meant to have the poll as:

How much money do you have in your (checking+savings) bank accounts?
1. Less than 1 paychecks
2. 1-2 paychecks
3. 3-5 paychecks
4. 6-12 paychecks
5. more than 12 paychecks
6. I'm an edge case, you insensitive clod.

Re:You're kidding, right?

[unlametheweak]

...but the vast majority of people who work for a living have to have the cash on hand Ever look at discarded bank slips from ATM's? I have on occasion, and if it is any indication, most people rarely have more than $1000 dollars in their bank accounts. Or are you assuming the average person is a (relatively) high paid professional that doesn't have a mortgage, car, kids, etc? And people who do have any amount of money probably don't keep it in a bank account but in stocks, bonds, mutual funds, treasury bills, etc.

Re:You're kidding, right?

Actually, I suspect that a large fraction of chequing accounts in Canada and the US have average balances of less than $1000. First, a lot of people live from pay cheque to pay cheque. Savings rates are very low, and most of the savings that do exist are concentrated in the hands of a small fraction of the population. Secondly, chequing accounts are poor places to keep money. They rarely pay any interest, and even if they do the rate is so low that it may as well be zero. There is a wide range of investments vehicles out there that offer far better returns than chequing accounts do, and are easy to get money out of. I have nearly one year's expenses in readily available form, and almost none of it is in my chequing account. Third, many, if not most, people use credit cards for sudden unexpected expenses, not cheques.
http://mrswuid.blogspot.com/

Re:You're kidding, right?

[morgan_greywolf]

Which one? I suspect that most middle-class Americans have at least four: checking, savings, health savings account (HSA), and individual retirement account (IRA). Not to mention extra accounts that may be setup to receive child support payments.

I have one account setup just to pay off a debt collector so they don't get my 'real' checking account info.

Re:You're kidding, right?

[Alpha830RulZ]

That may well be because people with more money have are less likely to discard their slips, and to withdraw more money. I'm not inclined to leave pieces of paper around that indicate I have a large sum of money easily available. I also withdraw the full available amount, as opposed to $20-40 at a time, which is what I tend to see on those discarded slips.

Point being that the sample is likely misrepresentative.

Re:You're kidding, right?

[billcopc]

The current state of the economy has many people living paycheck to paycheck. Why do you think all these scammy payday-loan sharks keep multiplying like tribbles ? Do you really think people enjoy getting screwed with 60% interest ?

Wages are low, inflation is ridiculous, and overcrowding is VERY VERY REAL. The concept of "working poor" has become the new norm for college and university educated folks in various careers. This has pushed crime rates up because honest people can't make ends meet anymore, while fly-by-night crooks grace the covers of various trade magazines. The game of greed is killing everything and the rate of wealth concentration is accelerating with each passing day.

The system is failing, and quite a few people have started to believe that U.S. money is at risk of becoming worthless in the next 15 years, unless some very dramatic changes are implemented nationwide to reverse this crash course. People question ever-increasing military and space research budgets while basic infrastructure and public services fall into abandonment.

I don't know how you define "the real world", but for me it certainly isn't a piece of paper holding an imaginary and unbounded value.

Re:You're kidding, right?

[unlametheweak]

I agree with all your points. The point about the sample possibly being "misrepresentative" is a matter for debate, and by that I mean we don't really know how representative it is (to an average bank account user). I have already taken for granted that my point is not scientific (but more philosophical in nature). I do wonder how representative this anecdotal evidence is however. It is just a thought that I wanted to pass on to other readers.

Best regards,

UTW

Re:You're kidding, right?

Add to that the maxed out credit cards, and it'll paint a whole different picture.

Re:You're kidding, right?

(1) for me... Kind of pathetic for a $90k employee...

Re:You're kidding, right?

[RadioElectric]

That's because you're looking at the slips from people who don't give enough of a shit to keep them.

Re:You're kidding, right?

[xZgf6xHx2uhoAj9D]

It would be (4) for me. I'm quite pleased with myself since I'm just a lowly grad student (making about 20000 CAD per year). But, I have a dream. I only have to save up another 50 or 60 paycheques and I'll have enough for a down payment on a house! I wish I were kidding :( (for some reason the banks aren't too keen on giving huge mortgages at low interest rates to people with grad student incomes, bah!)

Re:You're kidding, right?

[xZgf6xHx2uhoAj9D]

Addendum: by saying I have 6-12 paycheques saved up, I'm counting the money I have in a 1-year GIC plus the money in a high-interest savings account. I'd have to be crazy to keep it all in chequing :P

Re:You're kidding, right?

[dloseke]

Or often the balance is below $0.

Re:You're kidding, right?

Your action smells like dumpster-diver looking for CC information

Re:You're kidding, right?

[SanityInAnarchy]

Well, first, an account is probably still useful if there's less in the account -- and in the real world, people apparently do often have less than $1k in the account.

And second, it's probably a lot less risky to sell information about a bank account -- even to obtain such information -- than to actually clean the money out. We can do all sorts of tricks on the Internet to make ourselves hard to trace, and with a sufficiently large, sufficiently decentralized botnet, it could pretty much be impossible. But as soon as you actually take the money out of the account, there's a money trail for the law to follow. Selling the information means you're only involved in one legitimate-looking transaction, and you probably have a bit more time to move that money somewhere safe -- and there's not really much incentive for the guy who gets caught to give you up, nor really much of a way to prove that it was payment for the account.

That is also probably why "stock tip" scams are so popular -- they're about the only way to make the money harder to trace than the spam; even if you catch someone who made a ton of money off that tip, they could always be some sucker who followed the tip and got lucky -- or even someone who guessed it was a spam, but figured they'd be faster than everyone else, and still manage to make some money. The best you can do is hope that the imaginary company that everyone bought has some tie to some real-life person -- but it's still likely that they'd be just another dupe.

And even if the above is irrelevant, and it's perfectly possible to track everyone involved, the guy who actually accesses the account is going to be the one doing the laundering to avoid getting caught. Laundering itself is a service, so I can see an account harvester wanting to pay someone else to do it.

Re:You're kidding, right?

I have a fair amount of money in my bank account, but I keep it in a money market (or savings) account. When I go to the ATM, I get money from my checking account. The checking account gets a much lower interest rate, so I only keep a little there -- like $1000.

If you're trying to judge how much money people have by looking at ATM receipts, your results are going to suffer from serious selection bias. Even people with a lot of cash available aren't going to show it on their ATM receipts.

Re:You're kidding, right?

[ultranova]

I don't know how you define "the real world", but for me it certainly isn't a piece of paper holding an imaginary and unbounded value.

True. That piece of paper belongs to the wider world of complex values.

Re:You're kidding, right?

[Fulcrum+of+Evil]

I get paid monthly, and anything over one month's salary really belongs in ING or an investment account. Should I convert to 2 week checks for the purposes of this poll?

Re:You're kidding, right?

[socz]

Having worked as a teller for the 3rd largest bank in the world at the time, it's pretty surprising to see how little money people have.

I then moved up to merchant teller and saw that businesses weren't really that much better. People will usually brag about how much money they have, but what you really need to get out of them is the last 3 month average or the account average, and then you'll get to the meat of the problem.

Most people have very little, i would say $500 average is HIGH.

But if you sign up for my financial course, I can help you save thousands! :P

Re:You're kidding, right?

Bank accounts are worth money for the purpose of transfering and withdrawing stolen money. Their contents are of secondary interest to identity theives.

Re:You're kidding, right?

[MMC+Monster]

Well, of course to don't leave it all in checking. The point is that you can get the cash in a minimal amount of time.

I fall into category 4 right now, but usually in category 3. I'm planning on either quitting or being fired in a couple months and filling up a war chest. And, yes, it's in a high-interest internet savings account (HSBC direct).

to get you hooked, the first post is free.

[LiquidCoooled]

to get you hooked, the first post is free.

Though now I am setting myself up to fail this one..

Where did the data come from?

[dave1791]

From TFA - "Bank accounts were the most commonly advertised item for sale on underground economy servers known to Symantec"

I'm curious as to where this data came from. Is it public record from court cases? Or does Symantec know more than the cops?

Re:Where did the data come from?

[will_die]

From what I have heard, news reports, the numbers came from various sites and chat channels where the items are for sale.

Re:Where did the data come from?

Frankly, I think Symantec is RESPONSIBLE for at LEAST half of the crap that they claim to want to "protect" us from in order to guarantee a market for their so-called "products" and "services." Frankly, if they DO know about these servers but haven't tipped off the cops because they want to sell software to suckers, then that seems like its screaming class action lawsuit. If spilling a cup of coffee on yourself is worth multi-millions from McDonald's, then aiding and abetting criminal activity by failure to report it for friggin' marketing purposes is worth, imho, at least the majority of Symantec's market cap, if not some serious jail time for some induhviduals.

what this really speaks for

[v1]

is not so much what the identity is "worth", but rather how easy it is to steal. If your identity is going for say, $6 "retail", then it must have been very easy to steal for them to sell it and turn a buck at that price, especially considering the additional business risk. Hey that's lunch at McDonalds.

The reality is probably placing greater value on the actual identity and the money that can be scammed from it, it's just that there are so many identity thieves out there and it's so easy to do, that the market for stolen IDs is saturated.

Re:what this really speaks for

what this really speaks for is not so much what the identity is "worth", but rather how easy it is to steal.

Worth or value is entirely defined by how much someone would pay for it. However, you bring out the point I came here to make. When I heard this story on the radio, it was very clear that the reason the value of personal information was so low was because there's a huge amount of this information already out there. That's a pretty sad story.

Security is so bad, that thieves already have all the CC numbers, bank numbers, etc, they want.

Re:what this really speaks for

[Alpha830RulZ]

Or that demand is relatively low for the stolen IDs. The financial institutions are getting quite savvy about detecting and preventing fraudulent transactions. My CC number got stolen two weeks ago. The bank detected the bad transactions within 4 hours and shut the card down. I didn't lose a dime. That's Bank Of America, for anyone who cares.

Re:what this really speaks for

[JasterBobaMereel]

From TFA
Full identities: Full identities may consist of name, address, date of birth, phone number, and Social Security number. It may also include extras such as driverâ(TM)s license number, motherâ(TM)s maiden name,email address, or âoesecretâ questions/answers.

i.e. The kind of information a lot of people freely give away all the time that's why it's worth so little ....

Re:what this really speaks for

[v1]

This has been awhile ago, but my grandmother wanted to get a credit card. This was her first. The application asked her to write down her SSN. In the generation she was brought up in, they hammered into you that you should only give this number to three people: your bank, the IRS, and your employer.

They went round and round for well over an hour. (this was a local store's card) Finally they determined that she was correct and they could not demand her ssn. So they had to dig into their books and call their manager's manger etc and find out the way to make the card with a special generated unique number that was not her ssn.

I have no idea how that process works now, that's been about 15 yrs ago, but I assume the same laws are still in place, but I'd wonder in cases like that if you refuse to give your ssn, if they can just refuse to do business with you, or if they are legally required to offer an alternative to turning over your ssn?

Are there more than just those three now? I thought for awhile your ssn was also on your driver's license, tho mine is not now.

Re:what this really speaks for

[Fulcrum+of+Evil]

I have no idea how that process works now, that's been about 15 yrs ago, but I assume the same laws are still in place, but I'd wonder in cases like that if you refuse to give your ssn, if they can just refuse to do business with you, or if they are legally required to offer an alternative to turning over your ssn?

Are there more than just those three now? I thought for awhile your ssn was also on your driver's license, tho mine is not now.

They are never obligated to do business with you, although utilities may have different rules.

Work from Home...

[rodney+dill]

1. Open lots of bank accounts
2. Sell them
3. Profit

(It'd be funnier if it didn't sound so plausible)

Re:Work from Home...

Is this even illegal?

Re:Work from Home...

[rodney+dill]

Selling your own bank account number to someone else illegal? That's an interesting thought.
Could be fraud against those wanting to steal from it... but IANAL.

Re:Work from Home...

[th1nk]

Selling your own bank account number to someone else illegal? That's an interesting thought. Could be fraud against those wanting to steal from it... but IANAL.

It has to be more than selling your bank account number...that's printed on every check you write, along with your full name and address.

What is it that they are buying? That info with SSN? Online bank login info?

Re:Work from Home...

[mrogers]

It's not only plausible, it's real - haven't you ever had spam from money launderers who want you to act as their "overseas business agent" or whatever, moving money through your account for a small commission? I guess an identity thief could make money by selling bank accounts to money launderers even if the accounts are empty.

Re:Work from Home...

[apt142]

IANAL, but if the account was used for money laundering or other nefarious actions *and* you willingly sold it, then being charged with accessory to those crimes might be possible.

honeypot identities

[FudRucker]

what should be done is for banks to work together with law enforcement and create a bunch of fake identities with flags on them that when used it automatically notifies the police and sends all information to the police (photos, fingerprints & whatever else)...

Re:honeypot identities

[Nullav]

But wouldn't the banks also require fake stupid people to fall for 419 scams and the like?

Re:honeypot identities

[tacos40]

Ideas like this one are already deployed in some banks to fight phishing, at least. 'Honeypot or fake bank accounts' to LOG. The main purpose: to protect 'non-fake' accounts, the real clients.

Empty, neglected bank accounts are worth a lot

[antifoidulus]

to money launderers. If someone has an empty, neglected bank account they will probably be much less likely to report suspicious activity on it. A fraudster could use the account to have various payments for spam, cracking etc. put into the bank account, then he could make an ATM card linked to that account and draw the money without ever having to use his own name or even go through the trouble of creating a fake identity.

Re:Empty, neglected bank accounts are worth a lot

[gstoddart]

to money launderers. If someone has an empty, neglected bank account they will probably be much less likely to report suspicious activity on it.

But, the bank is also more likely to flag it for suspicious activity simply because it has been sitting empty and idle and now is suddenly doing all sorts of things.

I just bought a new camera on-line a few weeks ago. To the best of my credit card issuer's knowledge, I've not really made a habit of buying things on-line (which I haven't), let alone spendy cameras. This was a very unusual transaction to them.

The next time I tried to use my credit card, it was declined. I immediately knew that I'd need to contact them and confirm that I did, in fact, initiate that purchase and get my card unlocked. It took a fair amount of going through their validation process to confirm I'm me (I was quite surprised at what all was involved), but I was actually glad that the bank flagged it as a suspicious purchase.

I don't know any of the details, but some sudden transactions out of character or historical activity in an otherwise inert account might cause the bank to take their own steps. I guess it probably depends on the financial institution involved as well.

I would definitely think a sudden upswell in transactions, adding a new ATM card, and all of the stuff you propose might be the exact kinds of things that would set off some alarm bells and cause them to inspect it a little closer.

Cheers

Re:Empty, neglected bank accounts are worth a lot

[tacos40]

Exactly. Moving money through different neglected bank accounts -> More difficult to track fraudulent activities. This is an clue to the question "I wonder how often they pay more for the bank account than is actually in it?" The beauty is... that people moving money through these accounts are other victims (mules). Scam fraud, for example. I don't know why you are scored only 3. This has been documented in some book...

Re:Empty, neglected bank accounts are worth a lot

[tacos40]

Hacker thought: Some banks (type A) look out accounts and detect unusual transactions, protecting the legitimate owner. Other banks (type C) don't. Type B banks stand somewhere in the mid-range. Ok, were I be a criminal in money laundering (hey!, it's not the case ;) ), I would be interested in getting account details belonging to Type C banks. Type B would mean jeopardize the criminal business; Type A is a suicide. Congratulations :) . Your bank seems to be of Type A. ;)

Pretty accurate...

[TripMaster+Monkey]

Your Identity Is Worth Less Than $15

(checks bank balance...)

Yeah, that's about right...*sigh*...

Re:Pretty accurate...

[hlt32]

*checks*

£2000 overdrawn.

They're welcome to steal it and take over my debt. ^_________^

Re:Pretty accurate...

[flyingfsck]

Hmm, though in many really sad parts of the world your *life* is worth less than 50c, so you are still doing fine. At least you have both a bank account and your life.

Re:Pretty accurate...

[3waygeek]

You're half right -- no one who posts on Slashdot has a life.

Re:Pretty accurate...

[apt142]

Congratulations, your account is worth more to somebody than the rest of ours.

Re:Pretty accurate...

[socz]

... at least I have a job!

Well...

[jnutt]

I don't know why it took y'all so long to figure that out. I've known for years that my identity is worth roughly $1.50

The missing link!

1) Create bank account with $1 in it.

2) Sell account number for $10-$1000

3) Profit!

IE vs. Firefox statistics

[MongooseCN]

Check out page 3 of the executive summary. In Jan-Jun of 07, they found that 89% of web vulnerabilities were in ActiveX plugins in IE. 1% of vulnerabilities were in Mozilla extensions.

I think we have a clear winner here...

Re:IE vs. Firefox statistics

Opera?

Re:IE vs. Firefox statistics

[sapphire+wyvern]

Well, I would say Safari, but I remember that Pwn To Own competition's result...

Re:IE vs. Firefox statistics

[pipingguy]

Interesting. Recently I had some trouble logging in to my bank account using Firefox, so I called the help hotline. The help person assumed I was using IE; I explained that I was using FF and had tried re-setting the password to no avail.

Then he mentions, out of the blue, that Safari is recommended for Mac users. I've used both my Mac and my PC to access this account, how did he know I have a Mac?

My identitiy is priceless

[unlametheweak]

From the title:

Your Identity Is Worth Less Than $15 Wrong! My identity is priceless. And try telling some-one that (their identity is worth $15.00) who can't get a security clearance, a car loan, a job, etc. because their "identity" has been abused by some asshat junkie.

My bank account, however, is another matter; nothing gained nothing lost :P

Re:My identitiy is priceless

[The+One+and+Only]

To you, your identity may be priceless. To me, your identity is worth less than $15 because that's how much I'm willing to pay for it and how much I can get it for.

Some people's identities are worth more...

[192939495969798999]

If your bank account can clear a 6-figure check, then the ability to access that money must be worth more than 1k, right?

Othello, 2008

[idontgno]

Who steals my purse, steals trash; 'tis something,
nothing;
'Twas mine, 'tis his, and has been slave to
thousands:
But he that filches from me my good name
Robs me of about 15 bucks.

Re:Othello, 2008

[jeiler]

Your post needs to be modded up. On-topic Shakespeare filk is always worth a smile. :D

I smell profit !

[Ihlosi]

1. Open bank account.

2. Sell account information.

3. Close bank account.

Repeat.

Re:I smell profit !

[mgblst]

Buy cheap bank accounts

cash a lot of dodgey cheques/ use for money laundering/ donate to republicans

withdraw money

profit

Re:I smell profit !

[inviolet]

1. Open bank account.
2. Sell account information.
3. Close bank account.
Repeat.

4. Receive calls from police re: fraudulent activity linked to your bank accounts.
5. Receive visit from FBI re: money laundering in your bank accounts.
6. Receive audit from SEC re: stock purchases linked your accounts in a stock-pumping scam.
7. Receive long sentence from federal judge.
8. Receive anniversary gift from your prison boyfriend Bubba.
Repeat.

Re:I smell profit !

[DeadCatX2]

I think you missed step 3. How can your account have fraudulent activity...if it's closed?

Re:I smell profit !

[socz]

In all seriousness, if you do that with checking accounts you'll go into the check system, which will be because of unpaid checks through your accounts. Then you won't be able to open checking accounts with any bank associated with the check system.

Re:I smell profit !

[dunno]

What they don't mention is how many of those black market things they're selling are valid.
Like if you get a list of emails to spam, alot of them are not valid or go nowhere, likewise with black market identities. ...and how many of them lead to a cop's phoney identity.

It's actually worth a lot more

to me, anyway. It would be worth risking jail on murder charges, if I ever somehow met the person who stole my identity, wrecked my credit score, etc.

$1.50

I wouldn't pay more than a buck and half for my identity.

Why would you?

[brunes69]

No one with a financial brain keeps any substantial amount of money in bank accounts.

Any emergency savings you have should be held in money market accounts or short / medium term GICs.

Smart people let their money work for them.

I have an OK job, few debits, and no kids - and I *NEVER* have more than $100 cash in my bank account at any time. I pay for everything with credit card to accumulate points and/or cash back, and pay it in full every month, and the surplus goes into retirement funds and money market accounts.

Keeping money in bank accounts is foolishness.

Re:Why would you?

[hostyle]

How do you pay your credit card off if you have no money in a bank account? I can only pay off my credit card using a bank account (no, they won't accept cash). You could be using your paycheck I suppose, but what if you use your credit card for a substantial purchase - something more than your monthly pay? I'm not disagreeing with you, just curious.

Re:Why would you?

[JustinOpinion]

You set up a sweep account, or manually perform the same action. Basically you take the funds that you want to keep available (for bills, etc.) and invest them in something that is easy to quickly buy/sell without penalty (e.g. money market). Whenever you need cash in your checking account, you transfer it from that investment account. Whenever you have a surplus in your checking, you move it into the investment account immediately, so that it can get a higher interest rate than it would in you checking account.

You can have sweep accounts set up to automatically move money back-and-forth to maintain a reasonable balance in your checking, so that you always have enough to pay bills. Of course a money market (or similar) will get a better return than a bank account, but won't perform as well as longer-term investments (e.g. GIC), so funds not needed on a short-term basis should still be invested elsewhere.

As the grandparent post said, however, keeping substantial sums in a standard bank account amounts to wasting money.

Re:Why would you?

[Beardo+the+Bearded]

Don't you remember just 8 years ago? Stocks are a gamble, nothing more. Like any other casino, you will eventually lose your cash.

My extra money goes into a 4% savings account. I can get it any time with 24 hours notice. Yeah, yeah, I can get 10% on the stock market. Sounds great, until it crashes - again or you get caught in a bad trade.

I tend to keep about a thousand in my chequing account. (Which works out to ... calculating ... a "loss" of about 50 cents a month compared to the parent putting his on the stock market.) My savings account generates about half the interest it would in the stock market (call it money market if you think it sounds better) but my money will never fail to generate. End of story. He can lose all of his money in a crash, scandal, bad report, low earnings, etc. Mine is insured against loss - even if the bank goes bankrupt, I get my money.

Now, the regular chequing account has basically no interest. That's typical, and you shouldn't have just that kind of account, because that's just silly.

I also pay $0 yearly in bank fees. $0. That's right, no monthly fees, no brokerage fees, no debit card fees, no interac fees, etc.

In the meantime, I put extra money onto my mortgage. That's the only place I owe money to. No student loans, no credit card debt, etc. I put 25% down on my house. I owe about 48% of the value of the house on a fixed rate mortgage.

I use some credit cards, but those are only for specific reasons, like 4.5% off gasoline or for tracking costs on vacation. Those are paid off monthly.

GPG keys for everything

Why aren't we using several gpg keys for everything?

Gpg to sign into email
Gpg to log into computer

etc? beats the shit out of many of the alternatives...

And shit like Pidgin plain text passwords piss me off to no end, you just know something is going to harvest those..

Re:GPG keys for everything

[SanityInAnarchy]

Why aren't we using several gpg keys for everything?

Mostly because users won't put up with it. They'd much rather be comforted by everything their bank is doing (or claims to be doing) to protect them from identity theft, and by the fact that the bank assumes responsibility for fraud.

That, and there are easier ways to do this -- those RSA random-number-generator keys, for one, which generate a predictable number every 30 seconds -- you enter that number, and if it matches what the server generates, you're authorized. Bonus of that method is that it's much, much more difficult to defeat with simple spyware -- any software on your computer can rip off your private key, with the assistance of a keylogger if you've bothered with a password. (And consider that a password is unrecoverable, meaning normal users will write them on post-it notes.)

I still dearly wish that such measures were at least an option.

Gpg to sign into email
Gpg to log into computer

Ok, never mind, apparently you don't understand how GPG works?

GPG is to sign individual emails. The point is that if enough people are checking your signatures, and sending encrypted email to you, it doesn't particularly matter where it's actually hosted, or what kind of security it takes to get into the account.

And GPG to log into the computer? ...How, exactly, were you proposing to do this?

And shit like Pidgin plain text passwords piss me off to no end, you just know something is going to harvest those..

Just about all services which you use Pidgin with are sending your password in plaintext over the wire. But if it really bothers you that much, use Kopete; you can encrypt all your passwords with KDEWallet. Or just encrypt your entire hard drive.

Of course, the real solution there is, again, use real crypto for your IMs, at which point, the authentication itself isn't particularly useful.

Re:GPG keys for everything

[Beardo+the+Bearded]

I've thought that the banks are the ones who are primarily responsible. Here's an easy fix:

1. Add a photo to your credit report.
2. Add a phone number that is always called when your credit report is accessed. "Hello. This is equifax. Please call 1-800-eqi-faxx to confirm your application for a mortgage."
3. Replace the magnetic bank cards with proximity cards that have a random number generator built into them. You have to enter your RN and your PIN into the machine to buy something / use the ATM.
4. Have the POS machines and the ATM use encrpyted communication to reduce wireless snooping. Generate noise on the channel when not in use, so you can't tell when it's broadcasting or not.

That's it. That's all there is.

Am I missing something?

[mopower70]

Isn't the whole problem of "identity theft" that it gives the thief access to your e-mail passwords and bank account information? If not, what's the point of identity theft?

"Hi, I'm Mark."
"No you're not."
"Damn. That was a wasted dollar..."

Re:Am I missing something?

[twotommylong]

you're too much in the electronic mode of identity theft. The critical item is getting your SSN, address and real name... At that point, I can start 'becoming' you. Your online credentials are nice (I can just impersonate you).... however, being able to leverage your credit to buy a car, open a stock account, or a worst case scenario... buy life insurance on you, with me (in a faux identity again) as the beneficiary.... See how a fraudster can cash out in that scenario!

online credentials are nice, but for the most part, the key true identity theft is to get enough information about you from the online side, to imitate you in 'real' life. I don't want to buy a TV set.... I want live on your credit for a long time, then disappear when the bill collectors and credit police come calling.

Bank Account?

[kellyb9]

your bank account might fetch $10-$1000 Well its good to know those trying to steal my bank account won't make a profit!

One - Two - Three - Four - Five

I wonder what to combination on my luggage is worth.

- President "Anonymous Coward" Skroob

Simple business model

[Futurepower(R)]

[Symantec has] " done more to reduce internet security than most, with bloated, unusable virus checkers..."

Whenever I encounter a computer with Symantec software installed, I uninstall it before doing anything else. My experience with Symantec is that the company's software is VERY buggy.

"Furthermore, there is a pretty obvious marketing angle to all of this."

Having insecurity is profitable for Microsoft, anti-malware software companies, and weapons investors like Cheney and Bush. It's a simple business model:

1) Do evil.

2) Profit!

Re:Simple business model

[PReDiToR]

Can you tell me the secret to getting Norton off a Windows computer?
Live Updater, AV, FW and all the other bits seem to have their own dependency hell that won't let you uninstall in any order, and when you do finally get out the Knoppix CD and registry editor you're left with a system that looks like it has just had the worst virus of them all run rampant through it.

I long ago started recommending a reinstall if someone had Norton slowing their computer down.

Re:Simple business model

[ColdWetDog]

Can you tell me the secret to getting Norton off a Windows computer?

Any Linux distro install disk???

Oh, sorry. I guess you meant to have, to such an extent as is possible, a working copy of Windows after you're finished.

Re:Simple business model

[Aram+Fingal]

[Symantec has] " done more to reduce internet security than most, with bloated, unusable virus checkers..."

I suppose there is some grain of truth to this but it's a bit extreme to go that far. Symantec does have competitors and those competitors would have taken over if Symantec was really that bad. There are commercial offerings like MacAfee and Sophos (for institutional use) and there is at least one open source offering - ClamAV. I recently participated in a review of antivirus software at my employer which is a large institution. We looked at all the possibilities, including not using antivirus (more of an option for Mac than Windows) and we looked at all the problems with bugs, central management glitches and software conflicts. To make a long story short, we ended up deciding to stick with Symantec, at least for now. It's not perfect but the benefits do outweigh the problems. It is unfortunate that there is so much emphasis on reactive security like antivirus when we should be, at least, looking for proactive measures as much as possible. Still, you have to use what's available to combat the threats that are known.

Re:Simple business model

[Corwn+of+Amber]

MacOSX Kalyway Edition?

So that you never need to worry about malware ever again...

Re:Simple business model

[Corwn+of+Amber]

No, no, no. Synmatec Internet Security usually happens as a pre-installed "90-days trial" after which you can reinstall Windows to get rid of it. Or when you buy an "Internet Security" option from your ISP, which will happily send you Norton install CDs every year.

ClamAV is never updated and DEAD.

It is unfortunate that there is so much emphasis on reactive security like antivirus when we should be, at least, looking for proactive measures as much as possible. Still, you have to use what's available to combat the threats that are known.

Proactive security? That's called a firewall for you. Filter unrequested packets first, to protect from the really dangerous malware, that which installs itself using real vulnerabilities. Then, save all your documents in an OpenBSD-based server with a CMS. Back it up twice a day.
Connect to it with Windows clients that re-install themselves clean at every boot-up, with FireFox and Adblock, until you've replaced them all with Macs. There, solved.

Re:Simple business model

[Aram+Fingal]

No, no, no. Synmatec Internet Security usually happens as a pre-installed "90-days trial" after which you can reinstall Windows to get rid of it. Or when you buy an "Internet Security" option from your ISP, which will happily send you Norton install CDs every year.

I see. You're talking about the consumer version and I'm talking about the Enterprise Edition. In hindsight, it may have been interesting to question the Symantec people about why we, as an institution, should trust them when they treat consumers so badly.

It is also interesting to note that, when a representative from Sophos told us that their product was incompatible with Symantec AV and we had to use one or the other, not both, one of our sysadmins mentioned the difficulty we had in removing Symantec AV. The Sophos guy said that their installer could completely and safely remove Symantec AV and that they couldn't call themselves much of an AV company if they couldn't remove their competitor's product.

Re:Simple business model

[Kymermosst]

Can you tell me the secret to getting Norton off a Windows computer?

Maybe use the Norton Removal Tool?

Shockingly enough, if you type "Norton Uninstall" into Google and click "I feel lucky" this is what you get.

Re:Simple business model

[PReDiToR]

I'm a proponent of Linux, whenever I can I slam a copy of gOS onto machines that I feel I'll have to come back to several times.
A lot less hassle if MSN and IE Just Won't Work =)

At the moment one of my my SO's family members lets their friend's kids come round and use the computer. They live in France. I have sent a Kubuntu LiveCD and instructions for setting up SSH. Should be a breeze doing admin over the 'net with screen and NX.

As for my own machine, I ghosted clean XP back to partition, shrunk it, installed Comodo and AVG, then used the other 25GB for openSUSE 10.3. With the latest kernel I can even use my ATA/133 drives at full speed again after the VIA 80/40 cable detection broke in the recent SuSE kernels. If only my ATI graffix card would work with Compiz *sigh*

Re:Simple business model

[jotok]

If you had Symantec come to secure your enterprise network, and you wound up with Internet Security, either you are incredibly cheap or you got handed the worst sales engineers ever.

Sophos is being really aggressive of late but they're not making a whole lot of headway over here. Because Symantec and Mcafee generally can coexist (with some notable exceptions), large corporate customers get more options, which they like...whereas Sophos insists you remove EVERYTHING from a competitor, including areas where they don't have a product. This is why they will continue to have a hard time breaking into the American market.

Re:Simple business model

[Aram+Fingal]

My point, exactly, was that the previous poster was basing his statement about Symantec on the consumer version of Symantec Internet Security while I was talking about my experience with Symantec and the Enterprise Edition of Symantec AV. We were talking about two completely different products. I guess that wasn't as clear as I intended.

We actually do use both Sophos and SymantecAV already (on different machines). Sophos supports many more platforms than Symantec and Mcafee do so we use Shophos where we can't use Symantec. In practice, this is mostly special cases like mail servers which run a commercial version of UNIX.

What'd be the source for the price list?

[VincenzoRomano]

What'd be the source for the price list?
Are those guys into this market?

Doesn't matter how much is in your bank account..

..because banks will let you overdraw by ridiculous amounts as long as they expect that you'll pay them back in full, plus overdraft fees. I've had someone get ahold of my check card number and charge a $1600 trip to Peru on it with $600 in the account, and the bank didn't bat an eye.

Why buy bamk account information....

[Jason+Levine]

When apparently you can just dumpster dive behind your local bank to get all the bank accounts you would ever need?

Re:Why buy bamk account information....

[mozkill]

what kind of bank doesn't lock up their garbage? personally I have never heard of a bank that isn't careful with their trash. that article is hard to believe. if it is true, its probably the last bank in the country to do so.

Re:Why buy bamk account information....

[The+One+and+Only]

Why dumpster dive if you can pay some guy $30 per account information to dumpster dive for you? Do you think the criminal mastermind himself is going to get his dumb ass caught in the bank dumpster?

Re:Why buy bamk account information....

[socz]

Why dumpster dive when you can just go work in a bank for a few days, steal loads of confidential files and get rich? Why go for pennies when you can go big time?

I've always told my buddies I want to write a movie about robbing a bank, but don't actually do it because dumb bastards would actually use what I wrote and pull it off.

Security is a joke in most banks, including the company I contract for at the moment. It's really sad and surprising what goes on. Glad it's not my bank!

Re:Why buy bamk account information....

[Jason+Levine]

Given that the guy filmed himself pulling the records out of the trash, the fact that the police confiscated boxes of the records from him, and the fact that he didn't work in a bank (or have other access to the records), I think that the dumped in the trash explanation is true. It makes me wonder how many other banks give lip service to keeping customer records secure and then dump sensitive papers in the trash figuring no one would find out. It was probably a "cost saving" measure by some idiot middle manager. He probably figured that it was cheaper to dump the records than to shred them.

the value is...

[Yaur]

That your identity can be used to open new accounts (e.g. credit cards) in your name.

Bank accounts provide bandwidth, not cash.

[twotommylong]

"With those prices, I wonder how often they pay more for the bank account than is actually in it? "

It's not just the funds the fraudsters are after... They are after 3 things:

1) Once you have a bank account, you capacity in the laundering pipeline. With the $10,000 detection threshholds, and the other AML (anti-money laundering) requirements, it takes a lot more bank Xfers to multiple parallel accounts to move money between the point of fraud, to the point of safe harbor. ACH-IN.... ACH-OUT. These are often 'mule' accounts to allow a network of smaller transfers that allow a larger aggregate money movement. Since I have 30-90 days before you notice all these $1-9000 xfers going in and out of your account... I need to constantly get new bank accounts to keep my laundering pipeline at full 'bandwidth.' If I'm lucky, I can pull a change of (email) address on you, so I can completely control the account for a small period of time (NOTE: address change just got 'red flagged' by the US FACT act of 2003... so in addition to Patriot Act reviews at account opening... address changes will (mandatory by all financial institutions by Nov 2008) be audited by regulators to verify the organization did due diligence to check for fraudulent activity).

2) Having a Bank Account makes opening a PayPal, a credit card, a stock trading or another bank account all the easier. All of these are much more lucrative, and they can leverage funds (margin, credit) , and if I open them, there is much less chance of detection by you (since I completely control the contact information). This is classic identity theft ("Officer, I don't have a bank account in the Outer Antilles!")

3) if we get lucky, you got cash... which we'll use in a leverage scam (open a stock account, and seed a pumpNdump).

Re:Bank accounts provide bandwidth, not cash.

[Firethorn]

At least with my bank account, you'd likely be noticed same day unless you somehow manage to yank my login for it as well. And that would generate a call to my bank to restore access, and a visit to the local branch if that didn't work.

$1-$15 for a full identity?

[z80kid]

$1-$15 for a full identity?

At those prices maybe I can finally afford to upgrade mine!

I want to sell mine

[tritonman]

how do you find sellers? I want to sell my bank account info fro $1000.

Re:I want to sell mine

[LordEd]

Just post your account info here and we'll deposit the $1000.

Re:I want to sell mine

I know you are modded funny, but other people do this. They are basically used as money launderers to transfer funds through. Because of this, the price of your account is more than what you actually have in it. A few minutes with google is all it takes to find places to sell...

Re:I want to sell mine

[utopianfiat]

With those prices, I wonder how often they pay more for the bank account than is actually in it?

how do you find sellers? I want to sell my bank account info fro $1000.

1) Never
2) GFL

The price is directly related to how much money is in the account. Big accounts are $1000 (you can't just sell the money because it needs to be laundered and obfuscated- you need to have a trick to get the money out of the account, basically).
People who sell bank accounts aren't dumb- they've just dumbed down the process; and if someone dumb enough to get caught buys one of their accounts, well... sucks to be them.

Usage?

[Rydia]

I imagine the accounts very rarely have a higher balance than the cost of obtaining them. Their value as a mechanism for money laundering, however, far outweighs the loss due to the actual account balance.

This is great news, where do I sign up?

[petes_PoV]

So my email address is worth between $4 and $30. Excellent - I can afford to retire now.

If you know someone (hell, anyone) who pays this kinda ca$h, please let me know. With my own domain I can create email addresses indefintely, and at $30 each it's literally printing money.

Now, of course if the reality was that spammers pay a tiny fraction of a cent per address then it's less worth my while (but could still be worth knocking together a script for).

Which option strikes you as most likely? Yes, thought so.

In similar news, my password is worth money too? Really? My password is "chocolate" - that'll be another couple of $$ please (feel free to sell it on yourself, too).

Now, I'll just sit back and wait for all the SPAM^H^H^H^Hmoney to start rolling in. Hmmmm, I think I just burned out my irony circuits.

Re:This is great news, where do I sign up?

I would guess the price of email addresses is inflated because spammers can get suckers to pay top dollar for your email address to use to get rich quick selling v1agra.

Re:This is great news, where do I sign up?

[MaxEmerika]

Not for your address: your password. For addresses, they charge by the MB. If they have your password, the nefarious factor goes up, and so does the cost.

Re:This is great news, where do I sign up?

literally

Metaphorically.

Sending policae all the information, hmm...

[celtic_hackr]

These are identity thieves, we're talking about right? They're stealing money from accounts electronically, right? Or being used to buy things in stores? How many of these identity thieves are going into banks and withdrawing money? How many banks and stores are going to want to let these people walk in and "buy/withdraw" something to get the pictures of these people in the hopes of the police someday catching them? What fingerprints? When is the last time you used your fingerprints to access your bank account or buy something? What you're most likely to get is an ip address for some pwned PC in either the US or China. Yeah, that's going to be helpful in catching these guys.

Although, you'll likely be able to catch the bottom feeding crooks this way, you know the ones we like to watch on "World's Dumbest Criminals". Which of course the rest of the criminal world will be very thankful to you for your suggestion, there should be some healthy profit in it: 1) no money stream, 2) less dumb criminals on the street - saving the real criminals from having to take them out and waste good money on a bullet.

Re:Sending policae all the information, hmm...

[FudRucker]

many identity thieves use the stolen identities to apply for credit cards that are used at ATMs and brick & mortar stores...

If your identity is worth 1/10 your bank a/c

[m50d]

Maybe, just maybe, identity theft isn't the huge problem it's cracked up to be?

Re:If your identity is worth 1/10 your bank a/c

[ahabswhale]

Everything I've read says it costs over $50b per year. That's not chump-change. That doesn't include the cost of time it takes for someone to fix their identity either, which can be extremely time consuming.

Re:If your identity is worth 1/10 your bank a/c

[shentino]

I'll guess that the real reason ID theft costs so much more than just the lost money is that greedy corporations who have a vested interest in profiting from your misfortune.

Credit reporting bureaus make a killing on charging you for the very much needed service of clearing up your credit rating. They don't give a shit about you. In fact, the worse your credit rating, the more profitable it is for them, because every rejection means one more report requested by your next attempt at getting credit.

Merchants profit because often times they get to sell the thief high end merchandise with your card.

Credit card companies profit because with all the stonewalling they do against customers, often times they will get to collect on fraudulent charges. And, for cases which are reported, all they do is yank the money out of the merchant's account.

The scammer wins because he gets free stuff.

The only loser in ID theft is the victim. Everyone else is making a killing off of your misfortune.

And let's not forget...

Lawyers who "help" you fix your credit rating and collect liberal fees

Judges and courts who collect fines from ID thieves

ID theft is a lucrative industry for everyone who really matters in corporate america, so it's not going away anytime soon.

Fraud against the bank.

[reiisi]

(Sorry to be sensible.)

statistically speaking

[reiisi]

I'm guessing that a single identity really is not that easy to profit from.

One issue is culling the identities that are potentially profitable from a large catch of identities of people with no money and low credit limits and high levels of paranoia.

Another is possibly using several identities to enhance the profitability of attacking one, think sock puppet.

Cheap New Identity? Great!

[Simonetta]

Now that the US government as gone amok, it is not such a bad condition to be able to buy a new identity for $20. Say that you have signed a petition or participated in an anti-war action. You get arrested in a sweep and fined $100 for whatever the charge is that your local police use against demonstrators.

But it doesn't end there. Chances are that some flagwaving dickhead fascist in 'Homeland Security' puts your name on a terrorist-do-not-fly list. It will stay there forever along with a million other people who have absolutely nothing to do with terrorism. You can't ever get your name off the list. And for the next fifty years, every traffic ticket, overdue library book, or downloaded song that might put you into the focus of the local dickhead squad pretending to be police will get you thrown into prison until your loyality to the corporate establishment can be reaffirmed. Which entails a $200 processing fee paid in cash to people who are doing the determination of the level of your threat to society. It gets old, and very expensive, very quickly.

So the ability to purchase a new 'clean' identity inexpensively becomes attractive since it allows you to get on with your daily life with the least amount of extortion from the authorities. Whether or not the new identity actually refers to a real person is irrelevant if you are not using this identity for financial fraudulent criminal activity.

  Now as a Slashdot technogeek, you have come to believe that none of this applies to you. But since the people who are doing these shakedowns are primarily in it for the money, and, since, as technologists, YOU will be the ones in the future with the 'disposable income', then you will be finding that, yes, it does apply to you. Even though you didn't sign any petitions or go to any anti-war demonstrations in college.

  This is the way that the world works once you venture outside your MUD. Perhaps you should incorporate some of these principles into your MUDs so that they won't come as such a shock when you exit them.

Thank you

So...

[imyy4u1]

How does Symantec know how much bank account information is worth, and how much identities are worth, unless they are actively buying/selling them, or at least know people who are?

And if they know people that are, why the HELL aren't they arresting these people?!

Symantec: We estimate your bank account is worth $50.
You: How do you know this?
Symantec: Uhhh...a guy we know told us.
You: And have you arrested this guy?
Symantec: Uhhh...

short thinking

[Tom]

your bank account might fetch $10-$1000. With those prices, I wonder how often they pay more for the bank account than is actually in it? You assume the sole purpose is to empty the bank account. It most probably isn't. There are more interesting scams that you can play with a bank account that's not traceable to you, that are worth more than the contents of most accounts. Even if it's "just" stealing the money in the account, you assume it's all done in a hit-and-run manner. Why assume that? Would you notice if, say, $20 were taken from your account every month? If someone spends 5 minutes looking at your typical account movements, he should be able to cover them up in a way that's not immediately obvious. So unless you check every item, you're fucked. Most people don't check every item.

Re:Cheap New Identity? Great!

[stewbacca]

Chances are that some flagwaving dickhead fascist in 'Homeland Security' puts your name on a terrorist-do-not-fly list. It will stay there forever along with a million other people who have absolutely nothing to do with terrorism. You can't ever get your name off the list. Sounds scary and all, but I don't see it happening, nor do the people who post this stuff ever cite real examples of it happening. My Father-in-Law has a very common name, that also happens to be on some TSA watch list. He gets questioned for about an extra five seconds compared to everyone else.

Credit Freeze

[Cancel-Or-Allow]

All the more reason to put a freeze on all of 3B reporting agencies. Since Nov 1 2007, everyone is entitled to it.
It cost $10 for each credit reporting agency and well worth it. Unlike LifeLock which only puts a fraud alert on your credit reports every 90 days (you could do this yourself for free), a freeze is exactly that. No accounts can be opened without a pin number given to you by the one of the 3 Bs. Each agency is different, some require 3 days to thaw your report, while others allow you to specify which creditors you want to allow and for how long.
One benefit is when car shopping you don't have the pressure from the sales people, it is very easy to walk out the dealership once they try to look up your credit score. They know they will not be selling you a car tonight, that you will have to come back later with a pin.

Apu overpaid

[HTH+NE1]

So the ability to purchase a new 'clean' identity inexpensively becomes attractive since it allows you to get on with your daily life with the least amount of extortion from the authorities. This passport is a cheap forgery! A cheap $2,000 forgery!
-- Apu Nahassapeemapetilan, "Much Apu About Nothing"

Who cares?

[mi]

If only the 10th Amendment still had any teeth.

Who cares? It is all imaginary property anyway. Even the article's submitter does not believe in it...

Re:Who cares?

[smittyoneeach]

I, for one, derive a morbid amusement from watching the meaning of liberty shift from "freedom of action" to "freedom from fear".

Hand to mouth living

[Blkdeath]

The current state of the economy has many people living paycheck to paycheck.

Sorry, but I'm going to have to disagree with you on the crux of your argument. Yes, a lot of people are living pay cheque to pay cheque, but that's because in most cases they're attempting to live beyond their means and they're ignorant of the state of their own financial affairs.

I've spoken with hundreds of people in financial crisis and the number of people who understand how to save and/or understand how their credit score is calculated and how their actions affect it is appallingly low.

For what it's worth, my means include automatic savings vessels that come off of each and every pay cheque before I even get a chance to touch it. The money I have to pay my bills and for entertainment comes after. No exceptions. I never use my credit cards for luxury purchases unless I have the money on hand in a liquid form to pay for them immediately. I only do it this way to collect reward points and use my credit card company's money interest free for a couple weeks. My credit cards are short term, daily expense tools only and are paid in full every two weeks on pay day. Period, again, no exceptions.

I don't use credit cards or lines of credit for solutions to short term problems, preferring instead to use my savings and/or investments when the need arises. Also, I've never in the past, nor will I ever in the future use one of those short term credit / cheque cashing establishments. I will not pay a penalty on my hard-earned money just for the privilege of holding it my hands. For the sake of this discussion, we'll just call that "Stupid Tax".

Why do you think all these scammy payday-loan sharks keep multiplying like tribbles ? Do you really think people enjoy getting screwed with 60% interest ?

People don't know any better and use these sources because they don't understand that there are better ways. How many people are living in homes they can't afford? Why? Why can't they rent an apartment or even a room? My grandparents raised my father and uncle in a one room (bachelor) apartment for years. They paid off their home in 5. They've bought every single car they've ever owned with cash. Why do people need 2-3 bedroom houses for themselves nowadays? Why do people need brand-new cars? High-end consumer electronics? How many people do you know living hand to mouth who have PlayStation 3's connected to flat panel televisions and surround sound systems? How many of these people have a savings plan in place? RRSPs/IRAs? I have quite a few friends and family members in these situations and I can find several ways they could easily reduce their spending and start saving but they're too proud or stubborn to do so. "I have equity in my home! Why would I give it up?" My standard answer to that is "So you have the pride of selling it before the bank takes it away from you."

But, where does the $15 come from?

[equivocal]

When I read about this, particularly the $200 for a bank account, I thought about how they pay and realized they probably stole the money for the payment too. It becomes a self-sustaining criminal enterprise. If you're paying a criminal that specializes in ID fraud do you write them a personal cheque or have then charge your credit card?

What counts as a full identity

Just out of curiosity, what counts as a full identity, cause with the right details a potential fraudster could use an onlin line bank(paperless billing bank) and the details to take out a loan or something, then just launder that money away.

also questions to anyone with actual knowledge of the way the market:-

where do they buy and sell them (sites) to check the prices for ourselves
how do they transfer money between each other
and how do they launder they money the take from accounts

finally, would it be possible to launder money with SL, basiclly, cause i hear that when you buy or sell money it shows up as a transfer with linden labs. it wouldnt be hard to make an account linked to a RL bank, then buy L$, transfer ingame and sell for real $.

Pricey...

[darthdavid]

Checks account balance... Sounds a bit pricey for what's in my accounts :).

Make Money And Catch Phishers At The Same Time?

[Dean+Edmonds]

This suggests that banks could make some money on the side by creating thousands of dummy accounts and selling them to phishers. Whenever someone tries to access one of the accounts, trace 'em.

Negative Value

[PPH]

Go ahead, Steal my identity. After numerous ex-wives and girlfriends latch on to you for alimony and child support, you'll pay me to take it back.

Transfer automation is not without fault

[vinn01]

And if that money transfer automation messes up just one, even if it's no fault of your own, the fees that you will be charged by the bank will wipe out a lot of your investment gains.

I beleive that bills that are returned for NSF (non-sufficient funds) are charged about $34 for each. Let's see ... five transactions monthly bills declined at $34 each, that's $170 of investment income wiped out.

No thanks, I'll pass on the sweep account. I'll just over-fund my checking account and give up some investment income.

Know whereof you speak

> I realize that living at home with your parents and not having to pay for rent, utilities, food, and clothes may allow you to skate by with a very low monthly balance, but the vast majority of people who work for a living have to have the cash on hand (in their checking account, anyway) to pay for all these necessities.

Actually, much of my money does, in fact, go to paying for such things. While my balance isn't particularly low, either, that's because I have a job. A good job that I'm good at, giving me tons of free time to post to Slashdot from work. It's not a good thing when a systems administrator has too much work, after all.

There are more than a few who live off their paycheck. It just happens that I'm not one of them.

> But I don't suppose someone whose name is "I don't believe in imaginary property" would have a very solid grasp of the real world.

Perhaps, but doubtless more than someone named BadAnalogyGuy :)

- I Don't Believe in Imaginary Property