Slashdot Mirror
Too Easy For Bank Accounts To Spring a Leak
The NYTimes has a cautionary tale of automated clearing house fraud. Parties unknown siphoned money from an individual's bank account. Nothing too unusual there, except that it was an elite private banking account at JPMorgan Chase, and the account holder is out $250K — the bank will only cover $50K of his loss. The $300K came out of the account in small transactions over 15 months. The bank offered no recourse except to open a new account, a large hassle given that the account is more than 20 years old and its holder writes a thousand checks a month. The article details how the spread of electronic settlements between banks has given rise to growing automated clearing house fraud — if anyone gets hold of the magic combination of account number and bank routing number, and once has permission to withdraw funds, all bets are off. Banks are unlikely to question future withdrawal orders. Moral of the story: go over your bank statements line-by-line every month, and question anything that looks funny.
Why are not banks responsible for fraud?
Is it not the bank's responsibility to maintain security and keep secure transactions?
Then... Why the limitation of 50k$ when FDIC covers 100$k ?
If I can get ahold of enough information to withdraw funds in the first place, getting a copy of your transaction history and planning out transactions that blend in so well not even you will notice them isn't going to be any harder.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
Ummm, you do realize that's on the bottom of every check that you write (in MICR). That's how your check gets matched up to your account for processing....
Does this mean that your account number is enough to make a withdrawal from it ? No secret code necessary ?????? no card required ?
Yes, I'm left. You have a problem with that?
What's to keep the bank themselves from taking $100k out sometimes and then saying they only cover $50k of it? They have access to all of that information and I wouldn't put it above one of them to do so.
If I were the company that lost $200k+ mentioned in the article, I would make the bank spend at LEAST $200k+ in legal fees to defend against my many lawsuits I'd file. Run them into the fucking ground if they won't insure your money and investigate problems on their own dollar.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
My bank sends you alerts any time there is a transaction larger than a limit you set.
Set your limit to $1 and you see almost everything. It's like getting a bank statement every day.
Of course, you can also do real-time checking any time you want.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
go over your bank statements line-by-line every month, and question anything that looks funny
Or you could just compare expected balances. You know, I started with X, authorized Y debits and now should have Z. If balance ~ equals Z, no need to go line by line.
Sure, it royally sucks if someone made off with your money. But the account holder has some responsibility, wouldn't you agree? If someone is siphoning money out of my account for 15 months, I'd definitely notice and report it in the first month.
Of course, other people might not watch their finances as closely but what's reasonable? I think after 15 months of not noticing an amount that slowly grew to $300k missing, then your bank is not the only one at fault.
I'm a big tall mofo.
I use Quicken to take care of my finances. Every day, I enter in every check or debit transaction I made that day. Then, I download transactions from my bank online, usually every morning. If there's a transaction that doesn't match up to something I've already entered, I can see it immediately. This allows me to not only easily spot fraudulent transactions, but also allows me to keep an eye on how much money I really have available, regardless of what the bank says.
Now granted, I only have a couple of accounts and I'm not writing thousands of checks a month, but it seems like this method is easily doable for most people. It's a lot easier to spot fraud if you have a good handle on what's supposed to be there and what isn't.
Also, I'm not really shilling for Quicken or anything...there are plenty of other products that will allow you to manage your money in basically the same way, including the online update component (which is the big key for me).
I dont have mod rights, so i can't plus 1 you informative.
i wish my bank had that service!
i'm with a UK bank, what company does this?
A bank account is a loan to the bank in exchange for money or services. If the bank is defrauded out of some money, why is it the account holder who loses out?
If someone claims to be my bank and tricks me into giving them $200, can I deduct that amount from my next car payment?
Really think about what has happened here. Person A loans Person B $100. Person C tells Person B that Person A owes them $100, so if Person B pays Person C $100 everyone will be square. Person B obliges not realizing Person C is lying. Is Person A the one out $100?! He had no control over the actions of Person C or Person B!
That's their own fault, putting up access via the intertubes and all.
You left the important part out (the part that should have put most of the responsibility on the bank)...
If you want news from today, you have to come back tomorrow.
300k over 15 months. $26 per hour or $645 per day or $20k per month
1) Why didn't this guy's accountant spot $20k go walk-abouts after month 1?
2) Can I get that job?
3) ????
4) Profit!
Perhaps this is the reason I haven't seen a check around here this side the turn of the millennium. And people complain about credit card security...
We just had a story on automatic bill pay where I voiced my support for credit cards over writing checks. This story supports that:
First, if someone defrauds your credit card, you're not liable. Dispute the charge and you're done, the onus is then on the merchant to prove the validity of the transaction. With cash accounts, once the money is gone, it's gone.
Second, checking accounts are difficult to reconcile as can be seen from the linked story. The person in question despite being financially sophisticated, was not able to be SURE about what his balance should be. Because the checks settle out of your account at the timing discretion of the recipient of the funds, it's not possible to say what your balance on any given day should be, which makes it hard to spot problems as they occur.
While the Guy (hah) in the article probably cannot avoid writing many checks due to his business, the fewer checks an individual writes the easier it is to keep track of one's balances. As long as you have the discipline to not abuse your credit card, it's the way to go.
-Ed
http://ed.markovich.googlepages.com
My accounts have been compromised three times. I check the ones that are exposed tot he outside world more than once a monht - the rest every month.
There are transaction ordering games that can be played by banks, but that doesn't change the basic cash flow over time.
Something seems fishy here. For god sake, that's $20K *per* *month*. That's far more than most people's entire incomes. You get two full months to report fraud. If you don't notice an extra $40K gone by then, well... sucks to be you.
Does the bank even have any way to tell a fraudulent transaction from a legal one, if both have the right account info? I don't know why it should be the bank's problem. It isn't like they were the ones who let his account info fall into the wrong hands. If the bank gave the account info away without his permission, then yeah, they should be 100% at fault and pay back the entire amount. But it doesn't sound like that is what happened. He wrote 1000 checks a month (WTF?? who even uses checks any more, let alone 1000 a month?) and proceeded to not notice $20K/mo disappearing from his account (yet more WTF??). I think the bank paying him back $50K is more than they should be obligated to do, unless they were the ones who leaked his data to begin with, which seems highly doubtful here.
To your second point, I agree. Someone who has so much money that they don't notice an average of $20,000 per month missing from what is apparently a very active account should probably hire an accountant. For that much money you can get a very good one and apparently still have enough money left over that you will come out ahead.
*IF* you happen to be stolen from. If you're not unlucky enough to be stolen from, then the accountant to watch your account is a waste of money.
Since the odds you become a victim are probably in the single-digit percentile (or less), paying for the accountant would be a bad investment. It would be cheaper to buy some sort of insurance.
It's a classic case of where paying for the losses is less expensive than preventing the losses, especially when the cost of the loss is spread around everyone at risk of loss.
paintball
or you could lose everything you worked so hard for.
I'm very surprised that anyone with that kind of money doesn't operate two accounts, one that someone (certainly not the PA or secretary, the usual suspects) reconciles and one is slow enough to check themselves.
Banks have a significant role to play but it's not reasonable to assume your bank knows what and from whom you're not buying.
It could be worse than theft. Someone could transfer money into (or out of) a known account of organised crime.
i'm with a UK bank, what company does this?
I think Lloyds TSB and some others who allow internet banking will send you weekly text messages (though they may randomly change your password just for a laugh ;) ).
I don't know of any that provides anything more than this.
"Three eyes are better than one" -- Lieutenant Columbo
I enter in every check or debit transaction I made that day.
I feel compelled to chime in with a 'me too'.
It seems very basic. Keep track of every transaction in detail. There is no other way to know.
Do you hand a cashier a $20 and shove the change in your pocket without counting it? If so then you have no room to complain if you come up short later.
Complaining that is takes too long or is too hard is not an answer. It is your money and it is your responsibility. This goes for incoming bills also, don't accept the amount blindly: compare every line item to what is contracted. If you don't already do this then you will likely be suprised at how often a mistake is made (always in favor of the biller).
Socrates once said, "I know you won't believe me, but the highest form of Human Excellence is to question oneself and others."
Oh wait, you said UK, they have traditions. :)
Just call them what is needed for download of the transactions, if not possible change to a more contemporary bank.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
Banks, as a semi-preemptive attempt to protect your funds will use information gathered about your previous transactions and if some transaction is extremely anomalous, they will put a block on the card. This happened to my brother when he went to Hong Kong. HSBC stopped his card because it was unusual for cash withdrawals to be made from his card in Hong Kong. I've heard stories of other false positives but I've also spoken to people who've had their bank call them to check whether a transaction is legitimate which has turned out to be fraudulent...
My bank allows downloading of CSV files containing transaction data for my accounts, so stuffing it in a database is trivial. Does anyone know of a project that does something like this, learning what's normal over a period of time, then flagging transactions that may be suspect?
Everybody uses electronic transfers
That is what ACH does. Paper is no longer transfered between banks. If you pay bills online in the U.S. and the recipient has an ACH enabled account, it is all done electronicly. If not, an actual paper check is printed and sent. When a person takes a paper check to the bank, it is scanned and an ACH transaction is created. The paper check is then destroyed.
Upside of using electronic transfers is that they are very traceable,
What has happened in the credit card industry is happening in the check world. Either you have merchants scamming or you have people using your account information. Unlike the credit card, the money is taken immediately.
Slashdot - The great and glorious cluster fuck of Internet wisdom.
First Millennium Bank, banking the same way for over 1000 years!
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Lawsuit time. That bank needs to get sued.
And a retail bank statement is kindergarten arithmetic compared with the monthly statement for a private banking client.
I used to have a Credit Suisse account, and they did, indeed, have incomprehensible statements, even for a simple situation. They had a "current account" and a "time account". The current account didn't pay interest, but the "time account" did. Interest from the time account went into the current account, and when it exceeded US$1000, it was moved to the time account in multiples of $1000. Separate statements were provided for each account, on different schedules, didn't mention what was happening in the other account, and were difficult to match up. Lots of weird fees, too, including charging commissions on their own time deposits. It all seemed to be about fee maximization.
And this was without doing much in the way of transactions on the account. If you did lots of transactions against accounts like that, it would be really tough to track what was happening. The combination of inter-account transactions and differing statement cycles confuses the issue.
This allows me to not only easily spot fraudulent transactions, but also allows me to keep an eye on how much money I really have available, regardless of what the bank says.
Great. So, like this guy did, you go to your bank with your QuickBooks or whatever, showing that you should have substantially more money than you do, and the bank tells you to go soak your head, they're the bank goddammit, and there's no way in hell that your accounting could be more accurate than theirs.
You know, like they told this guy. Then what the hell do you do? Apparently you can go fuck yourself, since according to the laws the banks purchased, they can hand out your money to anyone that presents trivially falsifiable certifications, and there's not a damn thing you can expect them to do about it.
This guy went every month to the bank with evidence of funny business, and they told him that he must be running the numbers wrong, and then handed him balance statements that obfuscated the transactions.
Sure, it's prudent to keep track of your own money. But what about when you've kept such good track of it that you realize some is missing? What the hell are you supposed to do then? I don't think Quicken has a form for that.
I never have frustrations, the reason is, to wit:
If at first I don't succeed, I quit!
Someday, some 14-year-old is going to write an automatic program to scramble all bank accounts in the US "just for fun" - everyone gets an random amount left in their accounts.
The mightiest country on Earth ever... taken down by a 14-year-old.
Moral of the story: go over your bank statements line-by-line every month, and question anything that looks funny.
I check my bank account for unusual charges daily. I've only got one bill that can pull from our account and that's the local utility. They submit something like a bank draft every month. At least twice in three years I've gotten a call from my credit union when our water bill was unusually high and they wanted to confirm the amount. One of those turned out the utility misread our water meter.
The real moral of the story is monitor your accounts yourself regularly and stick with a small bank or credit union that knows you. JP Morgan Chase doesn't notice any but the top 1%-2% of their customers.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
The FDIC insurance of $100K has nothing to do with fraud. That's insurance against your bank going insolvent. When you deposit $100k in your bank account, and that bank loans the money to Billy Bob down the street in a subprime mortgage, and Billy Bob defaults, the FDIC insurance says your $100k is safe. The bank may not have your $100k anymore, but you'll still get it.
The 50k that JPM is reimbursing the guy in the article is actually date-based, not dollar-based. The round number confused you. When there is an unauthorized transaction on your account, you have 60 days from the time you receive the statement to alert the bank. If you wait 61 days, it's your problem.
That's what happened to the guy in TFA. He got credited for the last 60-90 days (depending on when in his statement cycle he caught it) worth of fraudulent transactions.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
And I don't understand how a statement can be "complicated". For each transaction, there is a line. There is an amount, and a name of some kind that tells you what it was for.
That is because you are a retail banking customer.
Private banking statements are incredibly complex. I should post one of mine just so you can see. I can see how if you did a lot of transactions (I don't), it would be impossible to have clue #1 what the hell was going on. Truly. And I am an economist.
Personally, I have a manged portfolio at a private bank, but my day-to-day transactions are in a retail bank account for precisely this reason. My banker once asked me why I didn't take advantage of their transactional accounts and I told him because it would make my life too complicated.
The guy in the article, frankly, should have had a bookkeeper, and that bookkeeper should have known what was up.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
if anyone gets hold of the magic combination of account number and bank routing number,
Both of those numbers are written on every single check.
Not reassuring.
If the bank officials had any common sense, they'd have quietly refunded this old codger every penny. He's worth hundreds of millions of dollars and the bank should have just paid up and shut up to keep him as a satisfied customer.
Actually, in the US, it would be very easy to automatically shift money through several accounts with the same technique. Anybody in the chain that doesn't check the transactions gets left holding the bag.
It is pretty scary how easy it has become now. There needs to be some significant reform in this area.
> I still can't believe that people in so-called "first world" countries still rely on cheques for financial transactions
FWIW, I live in the USA, and I don't know anyone who uses checks for any normal transactions any more. People still do use them for unusual things such as car down payments, often in the form of a "bank check" which is guaranteed by the bank.
I might have written two checks over the past 5 years.
... that or just paying somebody monthly to keep track of it all.
A while ago I started working at a small factory(better a big fish in a small pond, etc) and everybody there uses checks, people write each other checks when someone goes for lunches, and the accountant will even cash small checks out of petty cash or run down to the bank for larger ones.
I never noticed it until I was to busy to grab lunch or go to the ATM and somebody said to just cash a check with the accountant. When I said I never carry a checkbook and wrote about 4 checks/year, they all looked like I was from space.
It's really damn wierd.
OMG!! I'm stuffing everything in the bed mattress.
I'm here for the experience, not the Hyperbole.
from the article But once someone has certain routing numbers for a customer's account, fraudulent transfers become possible unless the customer carefully scrutinizes all of the transactions on the monthly account statement.
those 'certain' numbers are printed on EVERY CHECK for that account.. WTF?
every day http://en.wikipedia.org/wiki/Special:Random
I tried recently to arrange something like this with my bank. Unless you're an ACH ____ or something like that you can only set up transfers between accounts that have the same names on them. The impression I got from the customer service rep at the bank was that this is anti-terrorism related. He didn't say as much, but he did agree when I asked him. Who knows.
People don't do this already? Keep track of their bank account balance on paper (or in a text file on their computer)?
that depends on computer
cannot be trusted
thus
no trusted computing
no trusted banks
hahahahhaa.....
get ur money back....NOW
All I need is your routing number and checking acct number. Even the routing number can be obtained by calling the bank and asking for it. It's nearly public knowledge.
That's too much trouble.
Bank of America.
Wells Fargo Bank.
Search by name. See Wikipedia.
No... the point is not to "overlook" the loss of $300K for 15 bloody months.
Saying, "hmm, why is my acct in the red... oh? Well then, everything must be OK." is NOT the same as reporting fraud in a reasonable time-span (defined as 60 days by law).
He lost his money for being an idiot, not because he had the wrong bank.
There's no reason why a bank can't be held liable for falsely approving a transaction that occurred over 3 months ago.
Btw, don't ever sign up for freecreditreport.com, even after you cancel, they will find a bank account you own and start withdrawing money monthly from it as "CVTR3" or something like that. After you told them you canceled they will refuse. If you don't get your bank to block them within a timely manner, they WONT give that money back.
Credit cards can help a lot. You don't use your bank account to make purchases, you use your credit cards to make purchases, and your bank account to pay your creditors. This does a couple things:
1) It reduces the amount of transactions to and from your bank account to just a few, rather than everything you do. Things like your mortgage payment(s), car payment(s), and of course payments come from your bank account. Just about everything else is on a credit card. Thus fraudulent bank transactions are much easier to notice.
2) It allows you to group transactions, if you wish. You can have multiple cards and use them for only certain things. For example you could have a "bills" credit card that is only used for paying recurring monthly bills. Again, can help make tracking fraudulent charges easier since you know what kind of activity to expect on the cards.
3) Credit cards change the problem of possession in the case of fraud. With a bank account, you have had the money taken away from you, and are asking the bank to give it back. If they don't, your only recourse is to haul them to court. With a credit card, nothing has been taking from you. The bank is saying you owe a certain amount, and you are contesting that. If you refuse pay, they have to take you to court.
Seriously with a bit of work it shouldn't be hard to keep track of your financials these days, especially with instant access via the Internet. Now I can understand that some people do a whole lot of stuff and thus have more complex financials but that's fine. As you say, if they've gotten to the point where you can't handle them yourself, you need to hire a professional to do so. Just as corporations have accountants to do that, so do individuals with complex financials. However for 99.99% of people, that's not necessary. If you use the tools available to you (such as online access to your statements) it shouldn't be a problem to manage your money.
What's stopping him is that he will have to PRODUCE the authorization or be liable for the transaction. Someone can't just claim to have it. Regulation E makes very specific what has to be captured in an authorization and how it must be produced if requested by the bank.
The rest of your post is correct, you're just drawing alarmist conclusions from it. The way the system works is that the authorization resides between the merchant and you, the customer. The bank is not a party to it. That's per government regulation. Don't like it? Call your congressman/congresswoman. Make sure you take all of your money out of the bank first and stuff it in your mattress ("No officer, I did NOT give the robber permission to withdraw my money from my matterss!").
I personally have had accounting errors happen in my simple retail account. Even if the private banks are more careful(which isn't given) their odd accounting practices make this more likely.
If you supply someone with your bank account and routing information it is by default assumed you meant to permit withdrawals by that party. Your defense against a case where you give this info. for one purpose and they use it to steal (or wrongly share or carelessly lose it) is that you can contest the transactions. Same as with a credit card. You give out the account and expiration date and someone charges you. You have a finite amount of time to dispute or else you live with it.
Seriously with a bit of work it shouldn't be hard to keep track of your financials these days, especially with instant access via the Internet.
You've obviously never seen a private banking statement. For fun, I pulled out my July statement. There were 3 actual transactions on it (not dividend/reinvestment), and the statement was 40 pages long.
These statements really scream "DO NOT READ ME". I'm just sayin'. (Yes, I read and understand my statement, but I can fully sympathize with those who cannot. I needed my banker to go through the first one with me page by page just to understand the thing, and I do not consider myself to be an idiotic or financially illiterate person.)
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
According to banking laws (atleast European), if a customer disputes a banking debit and claims it as unauthorised by him, then the onus is on the bank to prove the customer really did it. And the laws state the bank MUST refund the money to the customer if the transaction was not authorised by the customer. The law of limitation does NOT apply in such cases.
The banking contract says the money is held by the bank on behalf of the customer which the bank cannot pay to someone else without the customer's written word. Origination of checks/cheques.
A fradulent debit is no debit according to law. meaning the customer did not authorise such debit, and the bank helped itself to his money. According to law this is theft: The customer can really file a case of theft/robbery and if the lawyers are highly ingenious they can get the manager/CEO arrested for that crime.
EU laws are pretty stricy on this count: Banks are trustees of our money, and even one whiff of scandal is enough to destroy all of them.
I had an issue with my bank: They paid a post-dated check early to their corporate client: by seven days. The manager cunningly said, that since i was intending to pay the party anyways so what does it matter if i paid it one wek early!!!
Well, my lawyer studied it deeply (for hardest ways to nail him), and we ended up filing a case of simple theft and criminal fraud against the bank's manager. It quickly became a criminal case since the courts here thought fraud amounts to embezzlement, which equals criminal charges, and hence asked me for proof: which i had. The manager was nailed on those charges and just before the judge signed the arrest warrant, the bank ponied up the money PLUS interest @ 33.36% P.A. (my credit card's rate). Until i was able to successfully withdraw all the money as cash, i kept the warrant in abeyance.
I ended trashing the manager as criminal and continued with the warrant once i got the money: The bank was maaadddd!
Fortunately my lawyer intervened, and the case was dismissed (not settled) when the bank proved i had my money.
They closed my account next day.
"Doing what i can, with what i have." ~ Burt Gummer
There's no longer any reason why paper cheques should be transferred between individuals either, or between individuals and banks. Why have that unnecessary and easy to forge step in between?
Someone who steals your credit card, or just your credit card information, can run up charges at third party businesses. This is not possible using account transfers. There's nothing you can do with just my bank account number (except add money to it). It will only tell you what bank my account is in, and possibly which branch, but there is no way in which you can use it to access my funds.
Plus I've never heard of anybody successfully breaching bank security here in Finland, as I said in my original message, it really is very difficult.
Is someone forcing you to use a bank with statements that complex? Seems to me there's a lot of choice in banks out there. If you bank has statements that are too complicated, get a different bank. Now supposing that you have an extremely large amount of assets and for whatever reason necessitates the use of such a bank (as a note I know a couple of multi-millionaires, all use regular banks) then maybe you need an accountant. When things get complicated, you hire a professional. My parents own a small business, and though it doesn't do a whole lot of sales (less than a million dollars a year) it is extremely complex, as business tends to be. So, they have a book keeper. Her job is to deal with all the money and make sure things all add up.
It is like with any sufficiently complex system: If you can't deal with it yourself, hire someone who can. I feel particularly little sympathy given that the whole reason for being with a "private" bank in my understanding is because you have a lot of money. Ok, great, if you have a lot of money, you can:
1) Spend the time and effort to learn what you need to to manage it yourself. Yes, this is complicated. Nobody ever said making lots of money was supposed to be easy.
2) Hire someone to manage it. After all, you have money. Spend some of it to help you make more.
3) Go for simple investments. Nobody says you have to invest in complex things. Have a certain amount of operational overhead in a checking account, some more reserve overhead in a high interest savings and/or CD, and the rest in an index fund. No, you aren't going to make the massive returns that some of the creative schemes out there can. However the tradeoff is that it will be extremely easy to manage yourself.
I just don't feel much sympathy for people with lots of money that won't do what is required to deal with their money. With the kind of money this guy has, he should have a personal accountant who's job it is to keep track of it all and make sure everything is on the up and up. I know people like this, they live, breath and dream numbers. They are extremely good at dealing with things like this. Hire one of them.
To me it sounds like he just kinda got lazy. Not a lot of sympathy in that case, especially since he should have known better.
If you want to do business, having a merchant account is important. If you mess up and have your account suspended or revoked, it is very hard to get another one later. There are a lot of rules, and the industry really does try to keep things under control. They do watch for unusual patterns, and they ask a lot of questions , when you apply.
But the linking of demand draft instruments to ACH. Demand draft and it's closely related cousin Share draft were never meant to be linked electronically.
It worked fine when just the banks were allowed to submit demand draft to the automated clearing house (ACH) but when you let merchants play in the ACH sphere all bets were off.
I'm not sure what the solution is that will restore integrity to the monetary transfer system. But it's broken now and needs to be examined and fixed.
It should also be common knowledge that banks primary security model means firewalls and intrusion detection, but it never really looks at the draft process and ACH transfers because as far as the bank is concerned, those are all legitimate transactions from 'trusted' sources.
Umm.. the first month, week or eve day (I also track my transactions through Quicken like poster above) I notice that my balance is lower than expected I start going through every transaction to determine the discrepancy.
If I find something unauthorized I call the bank and tell them to freeze my account, change my account number, etc.
I don't understand why it's hard to keep track of your own money. If you have too much money, too many accounts or not enough brains then you should certainly afford to hire a professional to do it for you. Bank statements are not even high-school math.
Banks have a lot of "broad" experience in dealing with financial matters, but that doesn't mean that they have a lot of experience in dealing with *your* financial matters, unless you've got a rep assigned specifically to your account.
Think of it as the difference between "managed" web hosting or renting space in a rack (for your own servers). Sure, the NOC might be able to identify certain patterns unusual bandwidth consumption to identify spam/virus issues, but they're not going to be able to catch that backdoor script running on your custom-configured server.
My credit-card has a certain amount of automated monitoring/protection, and I've heard of some with bank accounts that have the same. They can catch fraud-related patterns like a small-withdrawal+big-withdrawal+spending spree which is common to thieves testing then abusing a stolen card (heck, the CC company called me on this the other day as I'd bought a few small things then had some major car repairs done). What they likely won't catch is patterns that fit within your normal business. If you're writing $1000 eCheques regularly, and a few extra are slipped in over time, how are they to know which ones are legit or not?
Hell, if the customer himself couldn't easily figure it out, I wouldn't expect anyone short of a dedicated financial representative to be able to do so.
Someone stole my mail, then charged their utility bill on one of my checks. The utility (MLGW in memphis) offered to pay me, but I want someone in jail. I will take this further. Moral, find a passbook-type account for savings, not one with checking attached. The checks are where they steal!
There's no longer any reason why paper cheques should be transferred between individuals either,
Sure there is. How do you pay a non-merchant? How would you pay a landlord?
This is not possible using account transfers.
In Finland, it sounds like account transfers use the push method. In the U.S., under ACH, it is both push and pull. If using a checking account to pay bills through the merchant website, the merchant pulls the money. You can of course get a paper bill and use online bill paying through ACH, where the money is pushed.
There's nothing you can do with just my bank account number (except add money to it).
In the U.S. you would also need the routing number. This is how direct deposit works through employers.
I've never heard of anybody successfully breaching bank security here in Finland, as I said in my original message, it really is very difficult.
Does not mean it has not happened.
Slashdot - The great and glorious cluster fuck of Internet wisdom.
There's no longer any reason why paper cheques should be transferred between individuals either,
Sure there is. How do you pay a non-merchant? How would you pay a landlord?
Using a bank transfer or good old cash.
I've never heard of anybody successfully breaching bank security here in Finland, as I said in my original message, it really is very difficult.
Does not mean it has not happened.
I didn't mean that it wouldn't have happened, but the fact that I haven't seen a single news article about a breach in bank security (and I follow the news quite closely) speaks volumes about how likely it is.
I used to use Quicken too. Previous statements balanced, this one did not balance. Beginning balance matched between Quicken and Statement.
Carefully matched each item on the statement 5 times. I had a quicken item that matched each statement item exactly. ending balance $30 off exactly each time.
I even added all the statement items manually to see if they added up to what they said..yes they did.
NO help from quicken.
Doing my checkbook in excel now.
hehe the captcha was "Varying"
Great. So, like this guy did, you go to your bank with your QuickBooks or whatever, showing that you should have substantially more money than you do, and the bank tells you to go soak your head, they're the bank goddammit, and there's no way in hell that your accounting could be more accurate than theirs.
That's what they should do. They shoudln't go and balance your checkbook for you. If he'd gone in and said "I dispute this charge," then things would have happened. Walking in and saying "I think there's a discrepency, but I can't find where" isn't going to get them to do anything for you other than say "well find it and get back to us." He didn't notifty them of "suspicious activity" He notified them that he was unable to get his checkbook to match his statement. If that's cause for a bank to drop everything and break out the accountants, then there are millions of people that can bring the banking industry to its knees.
He knew the numbers didn't match. He couldn't find the error. Either you think that the banks are responsible for keeping customer's checkbooks for them and auditing them for free any time someone has a discrepency, or you side with the bank. Once told "there is a problem and here is what I didn't authorize" they stopped the unauthorized payments and credited back the recent ones. What more do you think they should have done?
But what about when you've kept such good track of it that you realize some is missing? What the hell are you supposed to do then?
If you can't understand your bank statement, hire someone. Obviously there was money for that since he managed to lose so much and not know where. And, if one of your requirements is understanding your bank statement, get them to explain it to you or change banks.
Learn to love Alaska
I start going through every transaction to determine the discrepancy.
Apparently the bank refused to give this guy his transaction history in a usable form. It's great that they don't do that to you, but they did it to him, apparently, and when a bank responds to a notification of error by deliberately obfuscating transaction history, that's fraud.
But when your bank defrauds you, what the hell are you going to do? You've already given them your money.
I never have frustrations, the reason is, to wit:
If at first I don't succeed, I quit!
That's what they should do. They shoudln't go and balance your checkbook for you.
No, but once you've complained about a discrepancy, it does become the bank's problem to demonstrate that they've posted no unauthorized charges to your account.
And what they definitely shouldn't do is what they did to this guy, which was deliberately obfuscate his transaction history so that he couldn't track down the error.
That makes them complicit in the fraud, in my opinion.
What more do you think they should have done?
Presented his transaction history in a usable form, instead of obfuscating it to hide their errors.
I never have frustrations, the reason is, to wit:
If at first I don't succeed, I quit!
No, but once you've complained about a discrepancy, it does become the bank's problem to demonstrate that they've posted no unauthorized charges to your account.
But the charges were from an authorized person. They verified that every transaction, when posted, was authorized (meaning the person taking the money was authorized to do so), and they are correct. They had authorization with the bank and from the person to do what they did. The bank can't know the difference between someone authorized to make one withdrawl of $50, a monthly withdrawl of $50 or a withdrawl of $500. To tell them that there seems to be some error and they verify that all persons that took money from the account were authorized to have access, then it falls back on the person who owns the account to identify which of the authorized persons accessing their account did so in a manner contrary to what they should have. The bank doesn't know what you gave permission for people to do, they can just check to see if they accessed it properly, and they did verify that. The bank should not be responsible for calling up every person related to the 1000+ charges against the account and somehow re-verifying that they are allowed to access it, and even if they did, they would have come to the same answer. Every penny that left the account was taken by someone authorized to access that account. It is impossible for them to go further, and the only person capable of identifying which properly authenticated access from a person or organization with explicit permission to access the account was done in a manner against his wishes is the owner of the account.
Presented his transaction history in a usable form, instead of obfuscating it to hide their errors.
They made no error. They didn't obfuscate it to hide any errors. They do have an obfuscated statement, but if you can't read your own statement and you know you are losing $20k per month, don't you think you'd hire someone to find out where it was going? Or perhaps learn to read it? For $20k per month, I'll learn to read a statement. Why wouldn't you?
Learn to love Alaska
Every penny that left the account was taken by someone authorized to access that account.
I'm sorry, but in what sense is that true? If I pay you to help move my stuff in, but then you come back a week later to rob me in the middle of the night, in what sense are you "authorized" to be in my house?
Just because I let you in, one time? Absurd. I hope you're never hired as a security guard.
For $20k per month, I'll learn to read a statement. Why wouldn't you?
Why do you think this guy couldn't? Because that's what the bank said? Again, absurd.
I never have frustrations, the reason is, to wit:
If at first I don't succeed, I quit!
I'm sorry, but in what sense is that true? If I pay you to help move my stuff in, but then you come back a week later to rob me in the middle of the night, in what sense are you "authorized" to be in my house?
If you gave me a key and never took it back, then the lock will still think that I'm authorized. If it were an electronic lock and you looked in the logs, it would show no attempt at a picking not an unauthorized access. That you never revoked the permission given to some system that let him in doesn't mean that he can't still be found to be properly authoized to some intermediate system.
Why do you think this guy couldn't? Because that's what the bank said? Again, absurd.
Because if he had been able to read it, he would have found it within the first year of the fraud. He didn't.
Learn to love Alaska