No-Fail Identity Theft – Live and In Person

ancientribe writes "A researcher performing social-engineering exploits on behalf of several US banks and other firms in the past year has 'stolen' thousands of identities with a 100 percent success rate. He and his team have posed as investigators for the FDIC (among other things), and numerous times have literally been able to walk out the door with pilfered identities. The reason: organizations are typically so focused on online ID theft that they've forgotten how easy it is for a criminal to socially engineer his way into a bank branch or office and physically hack it."

Re:The biggest exploit for any system

[inKubus]

Mr. Potato Head, risk management is not a secret. There are plenty of people out there making big money gaming the system because they know how it works. Banks themselves are some of the biggest crooks in history. The manage the risk that the general public actually begins to understand what they do (count money, basically, and then collect a little off the top, and take some of your risk from you). There are well-versed criminals who will never be caught.

On the flip side, you have other people managing risk in order to make money legally. A good example would be any bank that makes a loan. They assess risk, usually using a specific formula that a person verifies. A credit card company just gives you money, and doesn't really care if you eventually default. They just charge a high enough interest on the remaining good borrowers to make up the loss. Oh, and that money they lent you? They BORROWED IT.

The fact of the matter is people need to be more aware of their data, and I think banks should be REQUIRED to carry a large bond or other insurance to pay off people who have their credit scores (or worse) ruined by ID theft. I remember a story of some loan officer or another leaving a box of files in his car overnight. When he came out, his window--and the box--were gone. The police or FBI later found them in a storage unit with THOUSANDS of other files. ID Theft is big business, especially in the illegal immigrant market. And the value of a good credit report can be very very high.

However, I don't see the credit bureaus lasting through the current and continuing crisis. For one thing, they are not secure enough for the consumers. Their risk models are flawed, as was proven. A+ does not guarantee you're getting your principal back, even if you take the house. The automated scoring models are flawed. Countrywide was basically a software company that "did loans"; they had their own scoring application (which took in credit score as an input, along with a lot of other data, such as income, asset, rental history, etc etc). Most other banks used the Fannie Mae desktop underwriter system. The only way you can have a flawless system is if your underwriter (and servicer) has all seeing eyes; real income, real assets, real everything. Such a system would be even more vulnerable to ID theft than the credit system. Who would run such a system? The government?!? HAHA, the IRS can barely collect 90% and they have 10 year prison sentences for that stuff.

Hell, I'm already hearing about banks coming up with alternate programs where the borrower actually goes to their utility bills, and their lenders and gets letters of credit. The credit report is on it's way out, and that's the bread and butter of ID theft. Hey, guess what Jose, I can get you a social security card so you can work in the U.S. Oh! Bien! Then once they get here they realize they can use that same number to get free money they never have to pay back! You see where I'm going with this. And thus the current crisis.

I suffer from OTD, by the way... Off-Topic Disorder