Stealing From Banks One Cent at a Time

JRHelgeson writes "In a story strangely reminiscent of Superman 3, a 'hacker' allegedly stole over $50,000 from PayPal, Google Checkout as well as several unnamed online brokerage firms. When opening an online brokering account it is common practice for companies such as E-trade and Schwab to send a tiny payment — ranging from only a few cents to a couple of dollars — to verify that the user has access to the bank account listed. According to the story, the attacker wrote a script that opened thousands of accounts at dozens of these providers. He was arrested not for taking the money, but for using false names in order to get it."

Superman 3?

[jandrese]

How is this like Superman 3? I thought the point in that movie was to shave off the remainders in interest calculations. This is just a simple case of seeing someone transfer a few cents to your account when you open it and trying to abuse the system. The problem of course is that it's extremely obvious and you'll get caught, just like this guy did.

Re:Superman 3?

[lesinator]

This kind of attack hardly an invention of the movies. The salami attack has been around for a long time.

Re:Superman 3?

[Otter]

I believe that the reference to Superman 3 is actually a meta-reference to Office Space. (Or maybe the reference being referenced is the meta-reference -- I'm not a philosopher.) As Office Space itself noted, the method long precedes either movie.

Re:Superman 3?

[Blakey+Rat]

The point isn't that Superman 3 invented it, the point is that most people first heard of it from watching Superman 3 and so when you're trying to explain to people what you're doing, you can say "you know, like Superman 3" and they know what you mean. Thus the joke in Office Space:

A:
B: "Huh?"
A: "You know, like in Superman 3."
B: "Oooh, now I get it."

It's funny, damnit. Made funnier than Superman 3 is actually a pretty awful movie. (But it's an awful movie that most everybody's seen.)

Re:Superman 3?

[Dachannien]

It's been happening in meatspace for thousands of years (though not so much anymore). People would shave bits off of coins made of precious metals and then smelt and sell the shavings to wind up with more money than they started with. Wikipedia notes that some British silver coins would routinely be milled down to half their original weight as nearly everyone took a little bit off the edge.

Eventually, coins could be made with milled edges, which largely curbed the practice, and today, of course, most coins are made from metals that are worth very little compared to the value of the coin itself.

Re:Superman 3?

[rrkap]

Actually, it's not just the penny anymore due to high commodities prices.

Coin                Melt Value
Penny (current)     $0.005
Penny (pre 1982)    $0.024
Nickel (current)    $0.059
Dime                $0.021
Quarter             $0.053
Golden dollar coin  $0.065

So, the mint is only loosing money on nickels right now, and the pre-1982 pennies are worth melting down.

Re:Superman 3?

[statemachine]

Those are the "Melt Values" not the cost of manufacturing.

Today, a penny costs $0.026, and a nickel costs $0.077 to make.

Submitter gets it wrong

[nurightshu]

As far as I can tell, the article doesn't actually mention that Largent managed to rip off PayPal, only that PayPal, Google Checkout, et al. use the small deposit method for verification. Seriously, reading for comprehension isn't hard, people. Hell, it even mentions the scope right in the lede.

Re:Submitter gets it wrong

[Wister285]

The third and fourth paragraphs read:

"According to court documents, Californian Michael Largent used an automated script to open 58,000 such accounts, collecting many thousands of these small payments into a few personal bank accounts.

Largent also performed the same trick with Google's Checkout service, cashing more than $8,000 alone from the service. " [emphasis added]

Am I (and the submitter) missing something?

Re:How did he do it?

[Mark+J+Tilford]

By closing the accounts before Paypal / Google Checkout could remove the money.

Re:Let's

[tha_mink]

Sign up for a gazillion Paypal accounts, use ONE bank account, and after Paypal deposits the money, withdraw the money and close the account. Tried it. Paypal doesn't allow multiple accounts with the same bank account information.

Re:What were the crimes again?

[willyhill]

No, they're not. That's why PayPal can get away with the shit they do. It's a common misconception that most people fall into, that because PayPal handles money, they must be a bank and subject to the same set of regulations you trust to put the stops on your bank if they get fresh with your money (including insurance. PayPal is not FDIC insured if you use their "high yield" holding option).

The problem here is that the transactions involved banks. The fact that PayPal was the conduit is irrelevant in this case, I think.

Re:How did he do it?

[CheeseTroll]

in the US, NOBODY cant take the money out of your bank account without your authorization

(Assuming you aren't being sly with the double-negative...)

Then you have some learnin' to do about how ACH transactions work. Authorization for withdrawals is required, but it is certainly not passed along with the transaction itself. The system relies heavily on trust. If someone challenges a transaction, and their bank demands proof of authorization, then yes, you'd better have it. But if the transaction is not challenged or rejected, then it stands.

Re:oh wait....

[The-Ixian]

http://www.snopes.com/business/money/pennies.asp