Fraud Threat Halts Knuth's Hexadecimal-Dollar Checks

Barence writes "You may be aware of Donald Knuth, the creator of TeX and author of The Art of Computer Programming, who used to post checks to anyone who spotted an error in one of his books — one hexadecimal dollar, or $2.56. No one cashed them though. This blogger has two of them proudly on his wall, but the sad news is that modern day bank fraud has put a stop to Knuth's much-loved way of keeping his books free of errors." (Here's Knuth's own post about the sad change.)

Forgive me

But wouldn't one "hexadecimal dollar" be... wait for it... exactly one "regular dollar?"

0x1 == 1

Re:Forgive me

[Enki+X]

Not if you define a dollar as a hundred pennies...

Re:Forgive me

[Flying+Scotsman]

Think of a dollar as "100" cents. 0x100 cents = 256 (decimal) cents.

Re:Forgive me

[Enki+X]

Although technically it'd be F00 pennies for a hexadecimal dollar...

Re:Forgive me

[gnick]

A hundred pennies is still $1. 0x100 pennies == $2.56. I'm not sure that 'hundred' is really defined in the hex world. It's like the old "There are 10 kinds of people in the world - Those who understand binary and those that don't" gag falling apart outside print because the word 'ten' blows it.

IANA mathemagician - Feel free to correct me if I'm full of shit.

Re:Forgive me

[Minwee]

Because there are 900 pennies in a base ten dollar?

Re:Forgive me

[binarylarry]

You may want to double check the math on that one. ;)

Re:Forgive me

[Enki+X]

I am ashamed

Re:Forgive me

So is Minwee. He meant 1500.

Re:Forgive me

I work full-time and gross $19,200/year and I'm a Democrat. What's your excuse?

Does that mean you just want free stuff from people who have decent jobs?

--
I work full-time and gross $28,000/year and I'm a Libertarian.

Re:Forgive me

[Kjella]

Think of a dollar as "100" cents. 0x100 cents = 256 (decimal) cents.

It's still wrong though, "cent" is the same "cent" as in "centimeter" or "percent" and means 1/100. The unit is the dollar, so 0x1 dollar = one dollar. Msybe a hex kilogram can mean 0x1000 grams, but in this case it makes no sense. Not that this is of any consequence whatsoever, since it's an arbritrarily chosen value anyway...

Re:Forgive me

[adonoman]

Also not a math pro, but the problem comes in that we have two things that are defined by the word "ten" - the abstract point on the number line that is eqivalent is also represented by the symbols: '0x0A' in hex; '012' in octal; '10' in dec; and '1010' in binary.
But it's also a name for the symbol '10' itself, just as one hundred is a name for the symbol '100', as well as a name for the abstract value represented by the symbol '100'.

Re:Forgive me

AAAAAAAAAAAAAH!!!!!
It's a joke dollar and Knuth gets to designate what a hexidecimal dollar is since HE's writing the checks!!!

Leave it alone already!!!

Re:Forgive me

[SBacks]

I've always believed that "ten" means "10" in any base, and its just that some bases you skip numbers in counting and others you add them.

Example (Base Three):
Zero, One, Two, Ten, Eleven, Twelve, Twenty, Twenty-one, Twenty-two, One hundred...

Re:Forgive me

But cent means 1/100th. You know, like a centimeter is 1/100th of a meter?

So are you saying that if I define a dollar as 100/100ths of a dollar, I can say that in hex it's 256/100ths?

Re:Forgive me

[maxume]

Has being wrong made things difficult for you?

Re:Forgive me

[Ed+Avis]

Think of a dollar as "100" cents. 0x100 cents = 256 (decimal) cents.

Yes, finally someone is taking a stand against the crappy metric-system-obsessed definition of a dollar. Everyone knows a dollar is 256 cents, this whole decimal crap is just a conspiracy by big business in cahoots with the Federal Reserve to rip us off, just like they did with hard disk sizes. I'm voting for Ron Paul.

Re:Forgive me

[binarylarry]

Well, I work full-time and gross $28,000/year and I'm a Republican.

At least that's what Uncle Sam gets told!

*rimshot*

Re:Forgive me

[corsec67]

You use base 3 and miss the best version, balanced ternary?

Although, I don't know how you would say it:
zero, one, one minus one, ten, eleven, one minus one minus one?

Re:Forgive me

[A440Hz]

Maybe it's not really correct, but at work, I frequently use terms like "hex eight thousand" and such like that. It's just easier than saying "hex eight oh oh oh."

Re:Forgive me

[Hawke666]

Would it help if the word "pennies" were used instead of "cents"? As far as I can tell, it has no connotation of "hundredth".

Re:Forgive me

[0xABADC0DA]

It's still wrong though, "cent" is the same "cent" as in "centimeter" or "percent" and means 1/100. The unit is the dollar, so 0x1 dollar = one dollar.

So if you point out this error to Knuth... do you get a check for $0x1 or $2.56?

Re:Forgive me

[pleappleappleap]

"hex eight oh oh" isn't correct either.

Re:Forgive me

[Theoboley]

Okay then we'll start our own currency and call it hexs rather than cents... I have 100 hexs. Google Currency converter will do the conversion math for us. 100 Hexs = 256 cents.

Solves that problem...

Re:Forgive me

[HTH+NE1]

I give you a pass as it let you make a "foo" reference.

Re:Forgive me

[GringoCroco]

So is Anonymous Coward:
0xF00 = 3840.
0x5dc = 1500
0x384 = 900

Re:Forgive me

Actually, the 'cent' in 'percent' is short for century, which is 100, not 1/100.

Hence why 1 percent is 1 per 100, it is 1 per century.

Re:Forgive me

[Peter+Cooper]

I'm not sure that 'hundred' is really defined in the hex world.

Are you assuming there's some semantic difference between the word "hundred" and the decimal value 100? I don't think there is. "Hundred" means the decimal value 100 or 64 in hexadecimal. 0x100 is not "one hundred." It's "two hundred and fifty six." Our language is base 10 for ordinals.

Re:Forgive me

[Sique]

And 100 means in base (8+8)? Tada! 100000000 binary! Which is... another Tada!

oooo oooo oooo oooo
oooo oooo oooo oooo
oooo oooo oooo oooo
oooo oooo oooo oooo

oooo oooo oooo oooo
oooo oooo oooo oooo
oooo oooo oooo oooo
oooo oooo oooo oooo

oooo oooo oooo oooo
oooo oooo oooo oooo
oooo oooo oooo oooo
oooo oooo oooo oooo

oooo oooo oooo oooo
oooo oooo oooo oooo
oooo oooo oooo oooo
oooo oooo oooo oooo

or 256, if you count in the (9+1)-base.

Re:Forgive me

I'm currently unemployed. As far as I'm concerned, you're both making unfair "windfall" profits. Obviously, I deserve some of it, so I'm voting Democrat.

Re:Forgive me

[amRadioHed]

Of course not, you're off by an order of magnitude. What's your point?

Re:Forgive me

[Bobb+Sledd]

I'm voting for RuPaul.

Re:Forgive me

Does being an asshole give you an erection?

Re:Forgive me

[master5o1]

100 cents to a dollar. 0x100 = 256 [cents] = $2.56.

Re:Forgive me

[master5o1]

oh crap i should have checked my calculator XD

Re:Forgive me

Neither! RTFA, n00b!

Re:Forgive me

[maxume]

This post isn't a troll. English uses the decimal number system; "twenty-three" stands for the decimal number 23, not the string of digits 2,3.

Re:Forgive me

[Bloke+down+the+pub]

Would it help if the word "pennies" were used

Bringing base 240 in will just confuse the issue.

Re:Forgive me

[Hognoxious]

Do you work in the billing department at a mobile phone company, by any chance?

Re:Forgive me

[ioshhdflwuegfh]

Anonymous Coward has made a correct point, no matter how crudely has he put it to the hex dude.

Re:Forgive me

[compro01]

Are those US, Canadian, or European cents?

Re:Forgive me

[Theoboley]

All of the Above. It's gonna be like the Euro and encompass the world for currency. And the train to the land of make believe leaves in 10 minutes.

Re:Forgive me

[KGIII]

They might be thinking "zero" instead of the letter "O."

Re:Forgive me

[knothead99]

Forget that, I'm voting for Tron Paul.

Re:Forgive me

You know, I was looking at his page, and farther down, he was asking for any videos borrowed from him to be returned. A few years back, I borrowed "All anal 0x12-year-olds, 0xA'th anniversary edition." I keep leaving him messages asking him where I need to ship it to, but he never returns my calls!

Re:Forgive me

[duyn]

Knuth has created his own currency (as evidenced by amounts being written as 0x$1.00, rather than $0x1.00—see, the 0x is part of the unit, not part of the amount). So, given it's a new unit, he can define it to be whatever he wants.

He's also defined it so 0x$0.01 happens to coincide with a normal cent. Or at least, it does at first. Wait until people spotting his errors decide he's giving 0x$ out too easily and start dumping them in favour of real $. Then, the Bank of San Serriffe may burn through its reserves of real $ trying to prop up the 0x$, forcing it to re-base or float the 0x$. Pretty soon, Thorsten Dahlheimer's 0x$405.80 won't be enough to buy a vowel and he'll be forced to go back to combing Knuth's books for errors in hope of another 0x$ payout to feed his family.

Re:Forgive me

They're Australian cents, you insensitive clod.

Re:Forgive me

[empaler]

Nothing personal, but I hope that your party loses the upcoming election.

Also, my even greater hope is that both major parties lose, but that doesn't really seem feasible.

Apart from that I make US$40'000/year, plus the loose change I rack up. If I really believed that the government knew how to make the quality of life better for anyone*, I wouldn't mind 50% tax - but the idea of giving away my money to clueless bureaucrats have far since gotten stale.

Error

[onebuttonmouse]

"only 9 of the first 275 checks that I've sent out since the beginning of 2006 have actually been cashed."

Can I have my cheque now?

This is getting old.

[SatanicPuppy]

Checks and credit cards are absurdly easy to fake in the modern world. Banks need to get off their asses and roll out a new system...With the billion dollar bonuses that they keep giving themselves, I'm not too sympathetic of the cost.

Re:This is getting old.

[Itninja]

Regarding checks, with their watermarks, UV-readable text,and what not, I don't think they would fall under the category of 'absurdly easy to fake'. However, people are absurdly easy to fool. So the result is the same. And with credit cards, are you talking about making physical fake cards? Because that's not exactly something one can whip up with supplies from the local hardware store. Generating valid numbers however, along with a little social engineering, the same results can be had with little effort.

Re:This is getting old.

This is close to being true, the check safety features are certainly nice.
The problem is that a "check" requires none of those things... Banks will take pieces of paper with an account number, routing number, an amount, and signature as a check.

Re:This is getting old.

[Applekid]

Which is enough evidence that these sorts of things aren't costing the banking industry a whole lot.

This suggests one or more of the following three things are true:
1) There ISN'T ACTUALLY an epidemic of checking/credit fraud aside from a few high profile high press cases (see also: terrorism, pedophilia, and other "woo, the world is SCARY!" kinds of stories
2) When fraud happens, banks are reasonably well equipped to recover the losses (some other bank has to exist on the other end of the wire, naturally)
3) The government doesn't have sufficient laws to protect the victims of these sorts of things where banks are held responsible, so banks have no motivation to fix what amounts to broken financial operations

Re:This is getting old.

[hesiod]

A little bit of #1 and #2, and a whole lot of #3.

Re:This is getting old.

[Z00L00K]

Even worse - the security features on these items aren't even verified by the people receiving the card or check.

And most transactions are legitimate, which means that if every transaction was to be inspected thoroughly then the amount of work in shops etc. would increase considerably.

It's all about money - it costs to check and verify transactions.

Re:This is getting old.

[rubycodez]

any piece of stationary with mag ink at the bottom with bank a.b.a., account number, check number, will be accepted as check

Re:This is getting old.

[petermgreen]

And with credit cards, are you talking about making physical fake cards? Because that's not exactly something one can whip up with supplies from the local hardware store
Afaict plastic card printers and magstripe writers are easy enough to get, Not a job for your local hardware store but plenty of places use ID cards that are very similar to credit cards so the printers are availible. You would probablly have to rig something up to do the embossing but that can't be terriblly difficult.

It's not a hardware store job but it's not out of reach of a reasonablly organised criminal with a few thousand pounds to spend and a location to get stuff delivered to.

Chip and pin cards are probablly much harder to fake but at least here in the UK most places will still put a transaction through with a swipe and sign if chip and pin fails or the card does not have a chip.

Re:This is getting old.

[rcw-home]

Regarding checks, with their watermarks, UV-readable text,and what not, I don't think they would fall under the category of 'absurdly easy to fake'.

Considering that you don't need to pass off a watermarked check to someone in real life to drain money from someone's account (you only need the account number and routing number off the check), yes, they absolutely are absurdly easy to fake.

Also, there's no guarantee that when someone writes you a check that they have the funds to cover it, because it isn't processed right then and there. These two factors put together have led the vast majority of merchants to simply refuse checks today.

There's absolutely no excuse for banks to not have rolled out a checking system that uses much larger one-time-use account numbers and allows merchants to verify that the check won't bounce. They've been twiddling their thumbs.

Re:This is getting old.

[Detritus]

All of those security features in paper checks are becoming worthless. I was standing in line at the grocery store, and the customer ahead of me wrote a check. The clerk fed the check into a document scanner built into the cash register, and returned the original check to the customer. Besides, banks are so automated that it's a rare occasion that a human ever looks at a check.

Re:This is getting old.

The problem is that none of those watermarks or anything actually mean anything. All that matters are the numbers along the bottom, and the amount in the box. The rest is ignored.

You can print the numbers and the box from any printer, and it'll still work. So, yes, they are easy to fake, because they don't actually have an authentication system.

Re:This is getting old.

You're obviously not very familiar with the sad state of current check/credit fraud.

You can order boxes of blank credit cards, embossers, holograms, uv inkjet inks, etc, from many vendors on the web and elsewhere. You can buy thousands of paypal accounts/bank accounts/credit card accounts/etc from same. All for relatively cheap.

Pretty scary stuff.

Re:This is getting old.

[NormalVisual]

No, they do have an authentication system - it's called a signature. Granted, signatures can be forged, but banks don't check them against the signature that's supposed to be on file for the account. Apparently any degree of diligence is just too much of an imposition when it comes to safeguarding their customers' accounts.

Re:This is getting old.

[nsayer]

In principle, it doesn't even need the magnetic ink. I can write "pay to the order of rubycodez the amount of nine dollars and fifty cents ($9.50)" on a wet kleenex and sign it and you can take it to my bank and cash it. Legally speaking, the numbers at the bottom are merely an optimization.

Re:This is getting old.

Regarding checks, with their watermarks, UV-readable text,and what not, I don't think they would fall under the category of 'absurdly easy to fake'. However, people are absurdly easy to fool. So the result is the same. And with credit cards, are you talking about making physical fake cards? Because that's not exactly something one can whip up with supplies from the local hardware store. Generating valid numbers however, along with a little social engineering, the same results can be had with little effort.

In short..wrong.

Checks aren't required to have water marks. In fact they're not even required to have mag ink though that's easy enough and standard. If they don't have mag ink the machine spits them out and a teller enters the ACH and account numbers by hand.

Oh and I can make a credit card with for machine reading with a about $20-$50 in supplies using magnetic tape and scotch tape stuck on the back of an existing card. If you want to fool a human it's harder but you're not required to show the card for most purchases and places now let you swipe your own so often you could do some real damage with the $20-$50 version.

The current tools are horrible and will remain so for a while because the risk doesn't outweigh the cost yet.

Re:This is getting old.

It's called a credit card

Re:This is getting old.

[Thundersnatch]

any piece of stationary with mag ink at the bottom with bank a.b.a., account number, check number, will be accepted as check

No, it most likely won't. What you say may have been true 10 or even 5 years ago, but is generally not true with modern check imaging systems. The "Check 21" legislation basically enabled all banks to move to electronic check image storage. Of course, they had to upgrade all of their imaging systems to recognize that cost savings, and these new systems are quite discerning, especially for higher-value checks. Manual inspection is required for most high-value checks, and even things like a changed paper stock or layout can be flagged for manual review.

Also, nearly every company of reasonable size is required to implement positive pay, meaning they send a list of check numbers, dollar amounts, and payees to the bank before the checks are actually cut. So when you go to cash a fake check, the bank knows it is fake immediately. There are of course ways to get around this, especially with personal accounts (which usually do not offer positive pay), but check fraud is no longer as simple as portrayed in Catch me if you Can.

That said, check still fraud remains a major cost for banks, and believe it or not they are working hard to make it less possible. But there is as yet no "magic bullet" technology to replace paper checks. Chip-and-PIN, smartcards, etc. all suffer from different security and operational issues. They also cost a lot to implement worldwide, even after including the costs of paper check fraud. A paper check is fairly easily validated, can be sent through the mail, and requires no "secure" hardware terminals at every merchant.

Re:This is getting old.

[Steve+Newall]

The "new" system is the EMVCo Smart Card (CHIP and PIN), and most of the western world already has this in place since 1999.

For some reason, the US believes that check (cheque) and credit card fraud is still manageable.

See EMVCo FAQ and Wikipedia CHIP and PIN

Re:This is getting old.

[AvitarX]

We had a problem with this where I work,

And the bank ate the cost.

Apparently safeguarding their own funds is too expensive.

Re:This is getting old.

Which is enough evidence that these sorts of things aren't costing the banking industry a whole lot.

This suggests one or more of the following three things are true:
1) There ISN'T ACTUALLY an epidemic of checking/credit fraud aside from a few high profile high press cases (see also: terrorism, pedophilia, and other "woo, the world is SCARY!" kinds of stories
2) When fraud happens, banks are reasonably well equipped to recover the losses (some other bank has to exist on the other end of the wire, naturally)
3) The government doesn't have sufficient laws to protect the victims of these sorts of things where banks are held responsible, so banks have no motivation to fix what amounts to broken financial operations

I appologize for posting this anonymously, but as someone who is employed in the field of credit/debit security and fraud systems, I strongly disagree with point 1), credit card fraud is rampant and for obvious reasons, banks don't publicize their credit fraud loses. I generally agree with point 2), and fully agree with point 3).

Re:This is getting old.

[Tmack]

There's absolutely no excuse for banks to not have rolled out a checking system that uses much larger one-time-use account numbers and allows merchants to verify that the check won't bounce. They've been twiddling their thumbs.

... and raking in the $$. They wont change their ways because each bounced check is an opportunity for them to collect lots of fees. At least $20 from the person trying to pass off the bad check, and another $20-30 from the account that got overdrawn. To top it off, once that account is overdrawn, they get those fees on Every withdrawal until they stop coming in. For fake checks, they will still charge your account for trying to pass off the bad check. To them, its not broken, its a source of revenue.

tm

Re:This is getting old.

[afidel]

Actually banks no longer transfer physical checks, they ship around images of the checks. The banks did this to reduce costs, but it obviously comes at the cost of security. Since it isn't their money they are protecting they just don't care, if they can reduce their costs and only risk the few small accounts that get hacked then it's definitely a net win for them.

The flipside of this is that Knuth is wrong when he says "Before long, companies will find it impossible to give out paychecks without exposing themselves to unacceptable risk." Corporate accounts are protected by double entry protection. In order for a corporate check to be considered valid the company has to upload a file to their bank with the check number and the amount, if the bank hasn't received a matching upload then they reject the check is invalid when it comes through the clearing house.

Re:This is getting old.

[afidel]

Not ANYprinter, any printer with magnetic MICR ink, at least if the merchant/bank is using even the most rudimentary of anti-fraud protections.

Re:This is getting old.

[afidel]

It doesn't HAVE to cost time and money to verify a transaction, we've had smartchips for well over a decade now and they are widely used in Europe. However, here in the US I had a smartcard in my credit card for 6 years and had a total of THREE places use the chip in that entire period. At two of those it took extra time because the cashier had never used the smartcard reader and so didn't understand the message the credit card reader was giving them.

Re:This is getting old.

Also, there's no guarantee that when someone writes you a check that they have the funds to cover it, because it isn't processed right then and there. These two factors put together have led the vast majority of merchants to simply refuse checks today.

Many merchants who receive a lot of checks on a regular basis (and thus cannot afford to turn those customers away) are switching to instant check processing systems. We implemented one of these at an old job of mine. Basically, a scanning device reads the check, gets online, turns the check into a direct withdrawal (EFT) from the account instead, slaps a big VOID on the check, and the voided check is handed back to the customer, usually to their great surprise.

Essentially, the check itself becomes useless, merely a carrier of account information. The scanned check image is stored, for verification purposes if it happens to be needed later. Initially, the system didn't do "instant" account checking, but that was added later, so that a bad check could be instantly spotted as such.

On a side note, a year after we rolled these systems out at all locations, the number of check we processed dropped by almost 75%, with a corresponding increase in credit/debit transactions. Once people figured out that writing the checks was essentially useless and that if they lacked the funds they would get an instant rejection while they were standing there basically holding a voided bad check in their hands, then they stopped trying.

Turns out a surprising lot of our customers were basically relying on the float period, where they could write the check and not have it get into the system for a few days, giving them time to come up with the money. When that no longer worked, they stopped trying it. There was no decrease in sales, but since our bad check problems disappeared almost overnight, we had a major increase in profits.

Re:This is getting old.

[kisrael]

And yet it seems like most banks are pretty good at covering this stuff? Or not. My friend had someone take and use his Debit (w/ CC feature, letting it be used w/ no PIN) and didn't have to pay any of the resulting $1300 spending spree.

(nice asshole tactic is you make small purchases at 7-11 in between each major expenditure, so you know when the jig is up)

Re:This is getting old.

That said, check still fraud remains a major cost for banks

I know all too well. A small credit union in my town bought a check still for making some check moonshine, but it turned out to be fake and they went out of business. :)

Re:This is getting old.

[u38cg]

I just did a little bit of Googling; it's so easy it's embarrassing. The printers are in the hundreds of pounds range, the holograms can be run off for pennies in a large run, the embossing can be done with easily purchased tools. Magstripe readers and writers are a couple of hundred quid.

Re:This is getting old.

[Dare+nMc]

correct me if I am wrong, but what you say is only true for banks and decent sized business. IE my checks, and every personal check ever handed to me, still have the account number printed on them, and my banks ABA number, and my name. Therefore anyone I have ever given a check to (or received a check from), can cause me great havoc by passing that info to a Nigerian scammer. I have never been given the option of a positive pay option from any bank (and I have checked into accounts with 3 different banks in the last month.) I also have the account number and ABA number of every person I have written a check to as well...
And I know a guy who was given a forged bank check 3 months ago, that his bank wasn't able to detect as fraudulent when scanned, but a day later they withdrew the funds back out of his account, because of the catch then.
So while what you say may be true of a few checks from a few accounts, but I disagree with the "most likely" unless the check is over $1000, so we can still get lots of $500 checks through.

Re:This is getting old.

You know... I can't even recall seeing checks outside America since the 80ths. The rest of the world uses cash, bank transfers and credit/debit cards. And we survive, without the costs and problems associated with a ridiculously broken check system.

The question is not the cost of implementing chip-and-pin or smartcards worldwide, the question is the cost of getting America to upgrade from a payment system that was modern around 1800.

Re:This is getting old.

[gmack]

This is why I have a seperate account where my checks go to that only has enough money in it to cover the outstanding.

Has the added benefit of not accidentally bouncing checks because I forgot there was one pending. Works great for those cases where some idiot keeps my checks for a month before cashing it.

Re:This is getting old.

[zippthorne]

Worse, you don't even need the paper. The routing number and account number are all you need to set up EFT on an account without EFTs disabled. Technically, you need a check number, too, but those are a courtesy for YOUR records, not a fraud prevention tool for the banks: any check number will be accepted.

Re:This is getting old.

[HTH+NE1]

All of those security features in paper checks are becoming worthless. I was standing in line at the grocery store, and the customer ahead of me wrote a check. The clerk fed the check into a document scanner built into the cash register, and returned the original check to the customer. Besides, banks are so automated that it's a rare occasion that a human ever looks at a check.

And now, even if the physical check gets back to the bank, I don't even get it back. Instead I get a reduced-size photocopy of only the front of the check. I don't even get a rubber stamp from Krusty the Klown's Cayman Islands holding company anymore (or anything I can dust for fingerprints or swab for DNA).

The only checks I write anymore are for credit card payments, loan payments, electric and gas bills (they still charge a fee for payment by credit card, which went up this month to $3.95 (they use Western Union® Speedpay®)), and to get pocket cash. Only two of the last three come back, as photocopies.

I'd be tempted to pay my bills with checks signed instead by celebrities, with the hope that perhaps the person receiving the check would value the autograph more than the amount on the check, except that they would still get that routing number and be able to get the payment and keep the autograph.

To protect against accidental disclosure, why can't they print the routing number in black magnetic ink on top of a black field of non-magnetic ink? The check-reading machines can still decode it.

Re:This is getting old.

[gmack]

Your making the mistake of assuming a fraudster will go through the effort of making a fake check.

I can take the numbers off the bottom of the check and initiate an ACH transfer that has no security checks whatsoever.

Fraudulent electronic transfers are the victim's responsibility to check and in the few days to a month it will take someone to notice the problem I can move the money somewhere else.

It's all electronic too so I'd have much less chance of being caught.

Re:This is getting old.

[sjames]

In spite of all of that, a man once drew a check on the back of his teeshirt with a magic marker and the IRS successfully cashed it.

The whole "check by phone" thing also limits the value of the physical anti-forgery measures. It is possible to cash a check against your account that you have never even seen written to someone you have never heard of.

Further, what's to stop me from ordering a box of checks with your details on them (based on nothing more than I can learn from looking at a legitimate check you wrote or even a blank)?

All of those security measures are fine to keep people honest, but if someone is already inclined to criminal fraud, none of it is the least bit helpful.

Re:This is getting old.

[lobsterturd]

There's absolutely no excuse for banks to not have rolled out a checking system that uses much larger one-time-use account numbers and allows merchants to verify that the check won't bounce. They've been twiddling their thumbs.

These do exist in a way. Some banks offer a service whereby checks presented for payment are cross-referenced (according to check number, amount, and date) with the same information provided by the payer before the check was issued and stopped if there is no match.

Alas, with the name "positive pay" and being typically a component of a "controlled disbursement" service, it's obviously out of reach to individuals and small businesses.

Re:This is getting old.

[afidel]

Like I said the ACH protects corporate accounts because their native bank will reject the transaction if there isn't a matching entry from the corporate upload. It shouldn't be difficult for them to extend that system to personal accounts though it would make it a bit less convenient (you would have to go online and enter the check number and amount within a day or two of writing the check or it would bounce).

Re:This is getting old.

[Belial6]

Of course, this is also part of why banks are so hip on 'check cards'. 'Check cards' offer no benifites to the account holder over a standard credit card. They do offer serious down sides given that they allow anyone with access to the card to withdraw funds directly from your account with no pin or identification. Then VISA advertises on TV how easy it is to commit fraud with those cards.

The fact that most banks are replacing their ATM cards that do require pins to access funds with 'check cards' that do not require pins is pretty convincing evidence that banks are not trying real hard to prevent fraud that can lead to fee collection.

Re:This is getting old.

[Fulcrum+of+Evil]

check fraud is no longer as simple as portrayed in Catch me if you Can.

Well yeah, it's that way, largely as a result of that :)

Re:This is getting old.

[hesiod]

Well, I suppose it could depend on what you mean by covering it up. If you mean so the victim doesn't know, that's difficult, since he would have to report the problem in the first place. What I wonder is if they cover up the scale of the problem. I honestly have no idea if those numbers are available and if they are, if they are reliable.

Re:This is getting old.

[gmack]

That's interesting since ACH transfers tend not not have check numbers.

Re:This is getting old.

[Ma8thew]

That's rubbish. Although in Britain we use debit cards and direct debits more, checks are commonly used for transferring money between individuals, when cash is inconvenient.

Re:This is getting old.

[lgw]

There's absolutely no excuse for banks to not have rolled out a checking system that uses much larger one-time-use account numbers and allows merchants to verify that the check won't bounce.

Yes, this is why Dee Hock invented a new system for processing payments to banks a few years back. You may have heard of the organization he created to act as the central clearing house: Visa. Still the largest transaction processor in the world.

The point and purpose of Visa was not to create a way for banks to lend small sums of money (banks were spectacularly uninterested in this at the time, to the point where Visa almost didn't happen), but to create a better system of paying for things.

Re:This is getting old.

[amRadioHed]

Yeah, my coworker from Germany can't get over the fact that we still use checks in America. He says no one ever uses them in Europe.

Re:This is getting old.

[Thundersnatch]

You know... I can't even recall seeing checks outside America since the 80ths. The rest of the world uses cash, bank transfers and credit/debit cards. And we survive, without the costs and problems associated with a ridiculously broken check system

Well, almost nobody in america uses paper checks for retail purchases either. Most retailers recognize the possibiltiy for fraud and don't accept them except from well-known customers. But checks are still widely used for payments made through the mail, either B2B, P2B or P2P. Going to a bank branch and doing a bank transfer simply isn't cost-effective or convenient, although Internet banking has changed that somewhat. Cross-bank transfers via a website are still pretty dicey and untrusted or not supoprted by banks at all.

As for chip-and-pin or smartcards, when I was last in France and the UK in 2006 neither was even close to ubiquitous. And both have had widely reported security issues. Credit and debit cards suck just as bad as paper checks from a security perspective, but are a lot more convenient. My point was there has been no technology that US Banks have been willing to push, because none pass the return-on-investment test. And the worst possible thing would be to spend hundreds of billions deploying some new smartcard based system that turned out to be insecure, and have to do it all over again. We like to spend that kind of money on Stealth bombers instead.

Re:This is getting old.

[lgw]

The magnetic ink is no longer used, post-"Check21". It's all done with optical scanning now. The physical check is mostly meaningless, and I doubt your bank has received even one that you wrote in this century.

Re:This is getting old.

[kisrael]

No, I said "covering it", as in making the bank customer not responsible for the charges someone else made, not "covering it up"

Re:This is getting old.

[lgw]

Signatures are checked for checks for large amounts. Write a check for more than $50K and they'll actually pull your signature card. Endorsing a check for over $50K to a third party (which often happens when buying a house) often requires two bank VPs to sign the check as witnesses (which probably why every tiny bank branch *has* two VPs).

Re:This is getting old.

[Thundersnatch]

But very few criminals will do check fraud for $500, beacuse the penalty is so high if she is caught. Also, doing lots of little $500 fradulent transactions makes it that much more likely to be caught. Not to mention that each instance adds 5 years or whatever to a prison sentence.

Re:This is getting old.

[zoney_ie]

"But there is as yet no "magic bullet" technology to replace paper checks."

It's not stopping banks here in Ireland pretty much doing away with them for personal use, and making life very difficult for businesses to use them too! At this stage almost no-one uses personal cheques anymore: it's pretty difficult to find places that take them.

Re:This is getting old.

First, the magnetic stripes on cards are writable, so once you have the information, it's trivial to take a real credit/debit card and put the fake info on it. This will easily fool people working in stores. So if you can generate the info from the numbers on the check you can make use the person's account.

Second, there's no legal requirement that a "check"be the paper form you get from the bank, you can write your own check on the back of an envelope and it's still legal...but the bank will charge you a hefty fee for the non-standard check.

Re:This is getting old.

[bberens]

The MICR ink is not a requirement. Contrary to popular belief you can still write out a check on a napkin if you wish. It'll just take 2+ weeks to cash because a person will have to actually deal with it instead of their computerized systems.

Re:This is getting old.

When I worked for a bank, in our training classes they told us that almost anything can be used as a check as long as it has the Routing/Account Numbers and a signature on it.

I used to watch a friend of mine who ran a machine that entered checks in the pre-ocr days. Machine would read the account/routing number on the bottom and show her the check, she would type in the amount, and the machine would advance to the next check. She would average around 1,000 checks per hour. She was also considered Average. No signature verification, no comparing the numbers with the words to see if they agree, no looking at the date to see if it was post-dated. None of that. That type of thing is only done if the customer challenges the check as a forgery.

I have switched to BillPay. My bank offers it for free and my routing/account number doesn't appear on the check.

Re:This is getting old.

That's rubbish. Although in Britain we use debit cards and direct debits more, checks are commonly used for transferring money between individuals, when cash is inconvenient.

You couldn't possibly be from Britain, you didn't spell it 'cheque'.

Re:This is getting old.

[mosch]

LOL. No.

I deposit checks electronically to both my personal and business bank accounts. The advanced equipment to do this? A $50 scanner.

Scan the front, scan the back, and the money is credited to my account the next day. No requirement to keep the check, no possible way to examine for UV, or paper stock, or anything else at all.

For my business, I actually have the option to just do an ACH withdrawal instead of presenting the check at all. It's completely legal for me to just look up the numbers on the the bottom of your check, and then ACH your account for the amount of your paper check.

There's essentially no security in checks, at all. please don't fool yourself.

Re:This is getting old.

I had an outgoing check stolen. The perpetrator didn't try to alter that check. He generated a check to himself from me on his computer for "plumbing services" or some such. He signed it as me, but he didn't make any attempt to fake my signature. He went to a different branch than mine to cash it. The bank flagged this check and determined it was fake. Since the bank accepted a forged check with a bad signature, it was their loss, not mine. The perpetrator was eventually arrested and prosecuted.

Re:This is getting old.

[idontgno]

MICR toner for laser printers: as little as $60. Your first forged check will pay this off. And the laser printer you used, if you had to buy one. And all the paper.

The damn bar on check forgery is too low.

Re:This is getting old.

[the_other_chewey]

Cross-bank transfers via a website are still pretty dicey and untrusted or not supoprted by banks at all.

That's what I don't get. WTF is wrong in the country of Silicon Bloody Valley?
I made my last non-electronic money transfer around ten years ago (my first
electronic one being made in 1996, if I remember correctly) - with one notable exception:
Paying someone in the US, six months ago.

Re:This is getting old.

[xaxa]

Yeah, my coworker from Germany can't get over the fact that we still use checks in America. He says no one ever uses them in Europe.

They are sometimes used in the UK. My previous landlord (aged 60-ish) wanted cheques for the rent, although most prefer an electronic transfer or cash.

I'd like to know what people in Germany do to give a gift. On my 21st birthday the card from my grandma contained a cheque for £250, far too much to send as cash, and she wouldn't have wanted to ask for my account details before the day. That's the other use of cheques in the UK -- large transfers between people who don't use online banking.

I think almost everywhere pays employees by electronic transfer (or cash, for illegal work).

No retailers accept cheques. Credit/debit cards are secure, as they're smart cards requiring a PIN to complete a transaction (in fact, yesterday a friend got a call from his bank asking him if he was in Nigeria as a transaction was being attempted there, and they don't have PIN things there yet. Probably the same would happen if he visited the USA. Except he'd say "yes" and they would allow the transaction). To buy something online I'm sometimes asked for a single-use code generated by a little smart-card reader the bank sent me (which requires a PIN).

Re:This is getting old.

[xaxa]

Oh, I've just noticed the cheque on my desk. It's been there for a month, which shows how often I go to the bank...
Transport For London gave me a refund for a broken Oyster travelcard. I don't know why they couldn't just credit my account, or put the money back on the debit card I'd used to purchase the travelcard.

Re:This is getting old.

[xaxa]

As for chip-and-pin or smartcards, when I was last in France and the UK in 2006 neither was even close to ubiquitous

Both are now completely ubiquitous in the UK. I don't know what the security issues are? Apparently credit card fraud has reduced significantly, criminals now have to work out ways of stealing the PIN.

1 - Attach a magstripe reader to an ATM, and also a tiny camera above the keypad. Use for online purchases.
2 - Just the camera. Steal the debit card from the ATM user.
3 - Steal the number, and make a fake card and use it in a country without chip and pin (the USA is a good choice)

Re:This is getting old.

Actually, even physical checks are absurdly easy to fake. It's not about duplicating the most secure checks, it's about creating a NEW check, of the least secure kind, which can pass muster.

Re:This is getting old.

[xaxa]

Chip and pin cards are probablly much harder to fake but at least here in the UK most places will still put a transaction through with a swipe and sign if chip and pin fails or the card does not have a chip.

Have you tested this? The retailers aren't meant to allow swipe+sign after 2006-02-14 for cards with chips. I don't know if they're able to though (I hope not).

Re:This is getting old.

[Hognoxious]

In Belgium most retailers gave up on cheques when the Euro came in. I don't know if banks issue chequebooks any more.

I think you can still get cashier's checks (bankers drafts), though I guess there's a fee involved.

I bought some furniture once & the delivery man had a preprinted form, I filled in my details and signed it & after a few days the money's debited. Sort of a cheque in reverse.

Re:This is getting old.

[Myrddin+Wyllt]

Yeah, but that's the only time they are generally used. I doubt I write (or receive) more than half a dozen cheques a year nowadays - twenty-five years ago it was closer to a hundred.

Re:This is getting old.

[Hognoxious]

France was one of the first countries to move to chip & pin, which was a mal de cul régal if you were spending time there but your cards were issued in a country still on the old system.

Yes, they did run both systems in parallel - but often it took longer as the cashier had to call the supervisor or ask for ID, sometimes your card take a long time to be authorised (if at all).

Re:This is getting old.

[petermgreen]

I thought they were allowed to do it but if they did and the transaction was deemed fraudulant the retailer had to take the entire cost.

I have fairly recently had a card fail to work on chip and pin (chip and pin isn't very reliable in my experiance) and after a couple of attempts the retailer (it was one of the big supermarkets) put the transaction through as swipe and sign.

And then there are the times when a stores computer system goes down and they have to do card transactions the REALLY old fasioned way.

Re:This is getting old.

[rcw-home]

The point and purpose of Visa was not to create a way for banks to lend small sums of money (banks were spectacularly uninterested in this at the time, to the point where Visa almost didn't happen), but to create a better system of paying for things.

Great. I'm sure Dee feels his system is better for him too. Let me know when Dee gets off his butt and creates a new system that doesn't require a central clearing house, doesn't skim a few percent off the top, and can be used by any two ordinary people to pay each other in a theft-resistant manner, even via insecure postal mail. Until then, I'll presume he's still part of the problem.

Re:This is getting old.

[scribblej]

I work for a living desinging systems that process checks and credit cards. I couldn't agree with you more; the aging bank standards are absoluely ridiculous in terms of security.

What I don't see anyone pointing out (and what poor Knuth apparently doesn't know) is that these shortcomings have been somewhat mitigated in the rules for processors and merchants and banks. It's not a great solution, it's not even a good solution, but it's hardly the END OF THE WORLD that people seem to be claiming.

You are probably all familiar with the fact that you have a maximum fraud liability on your credit card of $50, and in practice, you'll never be charged anything, not a penny, if someone uses your credit card for fraud. Simply call your bank, explain the situation, and they will issue chargebacks for any charged you did not authorize. You will in the chargebacks, and your money will be returned and you will not be one penny the poorer. (The merchant who accepted the credit card, on the other hand, gets royally screwed, but that's another story.)

Well, the same is not true of written checks; you probably know you need to issue a 'stop payment' and your bank will likely charge you for that. But written checks aren't what people are freaking out about here, and do take quite a bit of effort to forge successfully (a lot less than cash, but still)... we're talking about ACH payment made through the NACHA system. i.e. "Electronic Checks." And there are very strict rules in place from the NACHA, you can order the book online if you feel like wasting a weekend reading the boringest stuff ever.

The important part is this: You can dispute an ACH transaction just like you can a credit card transaction. Anyone who processes "electronic checks" is /required/ to allow up to 60 days for the customer to dispute a fradulent ACH charge. And if you /do/ call in to dispute it, beleive me, it's going to work out the exact same way as the online credit card purchase; you will get your money back and be no poorer (and the merchant will get fucked again!).

So... everybody don't panic. yes, the systems are horrible. No, they aren't changing around here anytime soon; all efforts are stupid or doomed to fail (e.g. VERIFIED BY VISA which is both). But the bottom line is, your money is safe. A simple call to your bank /will/ solve any problems with people making fraudulent electronic charges to your credit card or checking account. I guarantee it. If your bank gives you ANY hint of a problem with a chargeback drop them like a hot potato and go to a better bank. But they won't; I've never run into a situation where you as a consumer is going to have the slightest bit of trouble.

If you're the merchant, on the other hand, you are well and truly fucked. Heh.

Re:This is getting old.

[xaxa]

I thought they were allowed to do it but if they did and the transaction was deemed fraudulant the retailer had to take the entire cost.

You are correct (according to Wikipedia).

And then there are the times when a stores computer system goes down and they have to do card transactions the REALLY old fasioned way.

I've never had an opportunity to do that.
(I got my first debit card in 2004, around the time chip+pin was introduced. I've probably signed less than 10 times, all of them before 2005.)

Re:This is getting old.

[Golddess]

The check itself may not be easy to fake, but when all you need is the information on the check and you can initiate an ACH? Yeah, it's broken.

I'd link to an example of this kind of thing occurring, but my google-fu is lacking. It was Fred Gallagher of Megatokyo that it happened to though, in one of his rants.

Re:This is getting old.

[Myrddin+Wyllt]

Chip-and-pin has been theoretically ubiquitous in the UK since 14th February 2006. (There was a big, Valentine's-themed ad campaign for it).

Since there were still a large number of unexpired pre-chip cards in circulation at that date, the transition actually dragged out for about a year.

If you are a retailer in the UK in 2008, you won't be able to get an Authorisation Code based on signature for an enabled card, although obviously for US-style cards the old telephone procedure is still in place.

I was in Australia early in 2006, and needed some cash. I walked into a bank with my cheque-book, passport and bank cards and asked at the foreign-exchange type window what the procedure was for transferring and withdrawing funds, expecting a day or two's wait. (I hadn't made any prior arrangements with my bank). The cashier just said "Oh, is the ATM not working then?". I nipped outside, and sure enough was able to withdraw Aussie dollars with my UK card and PIN. Since then I've used ATMs in Germany, France and Spain, all without a problem.

I realise that the US banking system is probably as big as the rest of the world put together, but it does seem to be lagging behind - pretty soon it will just be you, Burma and Liberia holding out.

Re:This is getting old.

[lgw]

Where's the profit in that? Seriously, no one's going to build out a financial infrastructure for free.

Re:This is getting old.

[HTH+NE1]

The magnetic ink is no longer used, post-"Check21". It's all done with optical scanning now. The physical check is mostly meaningless, and I doubt your bank has received even one that you wrote in this century.

Oh, I have gotten canceled checks back in this century. In fact, only this year have they started sending me the photocopies instead. And all the pages of my statements including the check copies are now three-ring punched, and they've provided me a binder for them.

For awhile, a couple of places that bill me said that they may convert any check to EFTs and that by paying by check I'm allowing them to do it, but I was still getting my canceled checks from them up until I moved everything I could (for no fee) to charge to my credit card.

Oh, I still pay for my trash service by check, but it's always the same amount every month so I now prepay for the whole year every January.

Re:This is getting old.

[sameerds]

[In Britain], cheques are commonly used for transferring money...

There. Fixed it for you.

Re:This is getting old.

it's a rare occasion that a human ever looks at a check.

I recently wrote a large check to my life insurance company to pay a yearly premium, and when I saw the check image online, I saw that I had forgotten to sign the check. The check cleared without a problem, which was fine with me because I wrote it and intended for it to be cashed. However, if someone were to steal some of my checks, they wouldn't even have to fake my signature, apparently. If a human had looked at the non-sigged check at some point in the process, she would have detected the problem.

Re:This is getting old.

[Ma8thew]

All this reading American is damaging my brain! Colour, Aluminium, Centre, Grey, Oestrogen.

Re:This is getting old.

[HTH+NE1]

The MICR ink is not a requirement. Contrary to popular belief you can still write out a check on a napkin if you wish. It'll just take 2+ weeks to cash because a person will have to actually deal with it instead of their computerized systems.

Yes, my Accounting teacher in High School related a similar story where he had forgotten his checkbook and didn't have enough cash. As he said it, as long as the written order is valid, the account number is there, and the bank's name and address was correct, the improvised check was just as valid as any other check. It's basically a written order to the bank to pay to the order of the named bearer the funds from the account. Though I also recall someone, perhaps him, adding that with a new law (it would have to have been enacted in the 1980s) that you couldn't do that anymore. Possibly this was a MICR ink requirement, which now may be an obsolete requirement thus allowing for improvised checks again. I have not kept up with the laws on this. Also, that teacher has since died.

In any case, I'm pretty sure the bank would be well within their rights to charge a special handling fee for improvised checks.

Has anyone checked those big novelty checks for lottery winnings people have their photos taken with whether they have readable routing numbers? There's likely a lot of money in those accounts.

Re:This is getting old.

[jsiren]

Interesting; in Finland we use mostly electronic transfers for moving money between individuals, and cash when it's convenient. Many if not most purchases are paid by debit or credit card, and most bills by electronic transfer. One could go to the branch and pay the bill, but this costs money and takes time, so very few people bother. Checks went out of fashion in the eighties or the early nineties (my guess; I got my first bank account in 1992, and I've never written a check.)

Oh, and another thing about the Finnish banking system: you cannot take money out of a random person's account. If you want money from someone, you have to send them a bill and wait for them to pay. Then again, some fraudsters have been sending bills for nonexistent goods and services in the hope that somebody might accidentally pay...

Re:This is getting old.

[lucas+teh+geek]

I lived in Britain in 2004 and what you say is true... as an Australian I could hardly believe it; cheques practically disappeared here decades ago. the only people who still use them are the elderly, who also go and use bank tellers instead of ATMs.

Re:This is getting old.

[johnlcallaway]

Close .. but not quite. I worked in the banking industry many years ago (ok .. almost 30), so my memory may be a bit hazy. As I remember, the requirements were very basic:

• Date -- checks older than 6 months are 'dead' and do not have to be honored. In theory, any check older than 6 months has to be either reissued or turned over to the state as abandoned property. That's how many of those names get in the paper under the 'state has money for you' category. It's amazing how many people don't cash payroll checks in a timely fashion. And states do audit companies to make sure they are either making attempts to reissue the check or turning them over to the state
• The account number on which it is drawn. I don't believe the routing number is required if you take it to the originating bank
• The amount in two places. By tradition, one is numbers and the other is words, but this is not required
• The name of the bank. The address used to be required, but with the large national banks, I don't think it is any longer
• The signature of the person issuing the check
• The name of the person (or other entity such as a business) to whom the check is issued. Or 'cash'

No bank is required to honor a check not drawn upon their accounts. They do so for business reasons, checks usage would be almost impossible if banks wouldn't honor other bank's checks. They are under no obligation to cash a questionable check.

And, of course, no business is required to accept a check written on Kleenex.

On the other hand, a bank is required to honor a check drawn on their accounts *without fees*, providing the identify of the person cashing it can be verified, it's not a dead check, the funds are available, and the signature is validated. Of course, all of these checks are at the bank's discretion, they don't have to verify anything if they are willing to take that risk. (Insert sarcastic comment about risky loans here...)

In theory, you can issue a check on just about anything, providing the above information is on it. However, the only bank that has to accept it is the bank it is drawn on.

So, checks have always been a bit dicey to begin with. Sure, your payroll check is printed on nice shiny paper. It only helps to make sure the check isn't altered, which also used to be a big way to make money on checks.

But the reason most banks will only cash checks for account holders is because they have made an attempt to identify them, so if bad checks happen they can attempt to locate the person who cashed it. Check-21 was an attempt to decrease the ability to defraud, paper no longer has to float around the system so checks clear and bounce faster and kiting is becoming very difficult.

Re:This is getting old.

Why on earth would you try to eliminate cheques world-wide?
Last time I checked, the US was the last "civilized" country to use 'em.

This side of the pond, we haven't been using 'em other than to accept expensive money from Americans for roughly thirty years.

Re:This is getting old.

[hab136]

I would love to be able to deposit checks electronically, as I am often on the road. What bank/service offers this for personal accounts?

Re:This is getting old.

[coryking]

Except the merchants pay a higher fee when a customer uses a debit card like a credit card (i.e. they sign a slip of paper instead of enter their pin). My merchant account charges about 2.5% + $.45 per transaction for credit and about $.35 flat for debit. Don't quote me on that, I only do online transactions, but it is a big difference in cost for retailers.

The rates merchants pay are in direct proportion to how likely fraud is. If you are a porn guy, you probably pay %4->%6 per transaction. If you are a grocery store, you probably pay %1 per transaction. The fact that using your debit card like a debit card has such a lower rate means the credit card companies consider it much safer then using them as credit cards where you sign paper.

In conclusion, if you shop at a store and like them, always pay using debit, never credit--it will save them money!

Re:This is getting old.

[coryking]

Signature checking isn't meant for that. The only time your signature matters is when you get hauled into court and the judge asks "is that your signature?". If you say no, well, now things like the minute details of your signature matter. Until you need to deny signing the check for legal reasons, what is on that signature line doesn't matter. It isn't a replacement for things like photo id...

Re:This is getting old.

I have previously worked for a unit trust company (posting anon for obvious reasons)

We received hundreds of withdrawal letters everyday, some on the back of postcards, one on tissue paper! We didnt even check the signature unless the withdrawal was over £20,000. Apparently, its not worth the time cost of doing so when looking at the amount of fraud that takes place.

Re:This is getting old.

[coryking]

If you're the merchant, on the other hand, you are well and truly fucked. Heh.

Pretty much. Wanna fuck with a company over a tiny credit card transaction? Dont ask for a return, just charge it back! Now they get stuck with a $45 "chargeback fee" and their merchant gets pissed at them. The merchant will never contest you either, and even if the merchant "wins" and get the money back from you, they'll still be out $45 and have lost a couple hairs. It is very easy for customers to abuse the chargeback system. While it exists for a good reason, it is very heavily geared in favor of the card holder.

For better or worse, it is really the merchants who bear most of the cost of fraud. Of course, that cost just gets passed on to the customer indirectly, but still...

Re:This is getting old.

[wvmarle]

Hong Kong also uses cheques big time: it was my first introduction to them after I moved here from The Nethrlands six years ago.

In The Netherlands we don't use cheques, at least not to send to other people or businesses. Instead for making transfers I would either use e-banking which my bank offers since about 1990, or mail a transfer order (similar to a cheque) directly to my bank. I have never ever mailed it out to a third party.

A weird part of cheques is that to make a payment to someone else, the cheque must go to their bank which will then send it to my bank asking for a transfer of the money to their bank. Instead of what I did is send it to my bank, asking to make a transfer to their bank.

Re:This is getting old.

[wvmarle]

And what about if you make an error there? Say add an extra zero to the amount written on the cheque? I may assume the drawee will file a dispute. Or maybe it bounces because they have $500 on the bank which is enough for the $200 cheque you got but not for the $2000 you entered.

Or for that case: completely fake cheques. What happens in that case? Who has to take the risk of the loss?

I do check my bank statement every month, and would file a dispute if I were to find a withdrawal that does not match my records. This luckily hasn't happened so far.

Re:This is getting old.

[wvmarle]

I really doubt that this is also the case for the small businesses: the less than five person business that writes maybe 20 cheques a month. And those account for the vast majority of businesses in most countries, and even a very large share of overall employment.

The boss who writes the cheques and keeps the bookkeeping by himself is usually not interested in doing all that extra handling just to have that one cheque written today be cleared.

Re:This is getting old.

[wvmarle]

This part I still don't get: how can you initiate a transfer so easily? Every cheque has a six-digit serial number (at least that's the case here). The bank knows which cheques they have issued to you, and they know which cheques have been cashed in. So only cheque numbers that have been issued to you and not cashed in, that may be valid cheques. This is also the way I can block a cheque from being accepted by the bank.

Not a foolproof safeguard of course but it should make it a lot harder to just fake a cheque.

Re:This is getting old.

[Peeteriz]

It also depends on the bank. For example, my bank has set that if the POS terminal is chip&pin capable, then all swipe&sign transactions will be declined as if there was no money on account.

Re:This is getting old.

[SwabTheDeck]

The somewhat less fancy way of check verification comes in the form of a service like Certegy which keeps a history of any bad checks. Basically, if someone writes a bad check (insufficient funds, fraudulent, etc.), they'll have both their checking account and their ID number (from things like driver's licenses or passports) flagged and will have a remarkably difficult time writing any more checks out of that account or ID number. Certegy acts as sort of a cartel that many retailers use and so if I write a bad check to Home Depot this week, then next week when I try to buy groceries at Safeway, they'll tell me to go pound sand. The retailer can also take other steps like denying the return of merchandise or withholding merchandise that has yet to be delivered/installed.

This, of course, is not a perfect system. Obviously, it can't stop the initial incident that triggered the customer being flag and there are ways to defeat it. A good way around it is to steal real checks (from an account that actually has enough money to cover your dubious purchases) and then use a fake ID, but in the grand scheme, this type of situation reflects only a small percentage of check problems that these companies face.

As a former employee of a company that used Certegy, I can tell you that over 80% of the check problems are from legit people writing checks from their accounts, but don't realize they don't have enough cash in their account to cover it. As a rational human being, this is mind-boggling to me, but it's absolutely a reality. The real comedy comes when you see someone's name on the "bad" list who is actually one of your employees. I've literally seen a couple of them continue to show up as deviant for a period of several months, though I suppose this should be seen as a signal to the company that they're not paying their employees enough ^_^

Re:This is getting old.

[gmack]

It's not a check it's an ACH.

Bank systems assume that all parts of their network are trusted and that everyone connected is honest. This assumption broke horribly with ACH.

Ever link Paypal to your account? Wonder why Paypal will do a micro deposit and then ask for the amount they sent before it lets you use it? It's because the transfer is done via ACH and if you get the account number wrong they will end up withdrawing from the wrong account. No one checks these things.

There are third parties you can go to and use them to withdraw the money for you. All I need are your transit, branch and account numbers. All of these numbers are at the bottom of every check if you know how to read the account number.

I do a lot of IT contract work and some of it has been for telemarketing ops in Montreal and most of them are less than honest. Take a guess what form of payment they prefer? ACH.. it takes awhile to notice that the money is gone and it's the hardest to reverse.

Re:This is getting old.

[AigariusDebian]

The whole 'check' system is a rather absurd anachronism that causes nothing but problems to everyone. In civilized countries a bank will ONLY give your money out if it gets a direct authorization to do so from you. Either you have to go to the bank (with a state issued photo ID) or you have to authenticate electronically via a secure channel using two factor authentication. (Bank card chip + PIN, Internet bank username/password + One time password from a pad, One time password generator + PIN)

Any other way of getting to your money (Direct Debit, magnetic stripe debit cards) requires the receiver to be a large business that has gone trough a large number of verifications and requires you signing a direct debit contract in person, in the bank with a photo ID in hand.

In such system you can give away your bank account number on every corner and there is simply no way that anyone can abuse that.

Re:This is getting old.

[AigariusDebian]

It is called Internet banking: person A calls person B and writes down his IBAN bank account number, then get on the Internet and goes into his own banks Internet bank site (using a secure two factor authentification), and sends the money directly to persons B bank account where it appears in 5 minutes to 24 hours. All much faster, cheaper and more secure than snail mailing checks.

Re:This is getting old.

[1u3hr]

Checks and credit cards are absurdly easy to fake in the modern world. Banks need to get off their asses and roll out a new system

Actually, the OLD sytem, where they checked your signature, was far more secure than the "new" one, where they just feed the cheque into a machine that reads the magnetic ink numbers. Whese are, as Knuth has discovered to his cost, very easy to counterfeit.

Anyway, my cheque account usually has $1 in it. When I write a cheque, about once a month, I transfer exactly that amount into it. So I'm not very concerned about this.

Re:This is getting old.

[1u3hr]

You know... I can't even recall seeing checks outside America since the 80ths

Where did you go? Mars? Every couintry I've lived in uses cheques. Australia, Hong Kong, for a start.

Re:This is getting old.

[rubycodez]

the right size and mag ink is for expedited processing through the semi-automated systems, if someone writes a check on a sheet of toilet paper with all the things you wrote, well, maybe it goes through and maybe it doesn't, at bank's discretion.

working as IT guy for a dentist friend of mine a couple decades ago, we put through checks from patients (in a hurry, one supposes) that had only amount written in dollar area. no signature, no payee specified, no amount written second time in wording. no problem!

Re:This is getting old.

[will_die]

Living in Germany and just do basic banking stuff so their may be more advanced options that are not commonly used.
What you do most of the time in Germany would be recognized as a reverse check you give someone your bank code and control number and they goto the bank, very limited on-line capability, and submit that and they do a transfer. If utilities and requests for payments from companies they will send you pre-filled in forms so you can just go to the bank do a quick verify at ATM type devices and and submit the form.
Banks will handle scheduled transfers for thing like rent and fixed payments. For payments that vary per month, such as utilities, it can vary most bank/utilities(of the 3 I have used) still work the old way, you do a payment each month based on last year and then once a year a person comes by does a reading and reimburses you or sends a form for the owned extra amount, you then adjust the amount you are paying based on if you need to pay more or less. For the 3rd utility they pay each month based on last year but every 6 months and if you had filled in the forms with the utiltiy and your bank, and the bank did it, they would mail the bank form directly to the bank and since you had pre-approved it the utility got paid.
So for your Grandma it would be cash. In fact cash is very much needed in Germany, most restaurant unless they deal with alot of tourist do not do anything but cash. Larger grocery stores, stores on the autobahns will accept the eurocard, but leave the major city and chances of that working decrease. When I was back in the US carried very little cash and did credit cards for everything, I have since gone to carrying a hundred or so all the time.
On the bonus side merchants still have to do some trust of the customer, I have purchased some large price items and as a payment option they would give me one of the bank forms, and ever had them as a payment option from hotels.

Re:This is getting old.

Learn to fucking read, shitcock.

Re:This is getting old.

[Leynos]

One possibility is that these numbers aren't accessible for security reasons to anyone who doesn't need them to collect funds.

Re:This is getting old.

Well let's clear something up. I can rip my shirt off and write a legal check on it with a crayon. It doesn't matter what kind of paper, etc. it's printed on legally.

The only thing the bank cares about is the check number, routing number, account number, payee name, and amount.

That said, if you know that information, you can order all the fancy UV ink offset printed checks you want for someone else's account.

Re:This is getting old.

[hesiod]

Learn to have a proper reaction, you insulting twit.

Re:This is getting old.

[jrumney]

Use a foreign card in UK, or a UK card overseas. In my recent experience using a UK card in Malaysia, Singapore, Hong Kong and New Zealand, you get a mixture of chip and PIN, chip and sign, swipe and sign and even swipe and PIN, the last of which I thought was never supposed to work with UK cards (it didn't on my last trip to NZ before they rolled out chip capable readers, then I was always asked to sign, or in some cases rejected because the retailer did not accept signing as an option).

Re:This is getting old.

[Thundersnatch]

It sounds like you're doing electronic check conversion, which is essentially a good old-fashioned wire transfer. Are you sure you can do that for your personal account? If so, that's the first I've heard of it, and I work in the banking industry.

In any case, paper check writers are just as protected in a ECC transaction as they are with a paper check. Different laws, but he liability is essentially on you as the payee and both banks to handle the trasnsaction securely, and accept the consequences of fraud.

Re:This is getting old.

[Belial6]

So, you agree with me entirely that 'check cards' are totally insecure, and banks are pushing them so that they can charge higher fees while shifting the risk on to the customer.

Re:This is getting old.

Less than £70.

Re:This is getting old.

USAA.

Re:This is getting old.

Presumably if I did something like that, you'd have to file a civil dispute with me.

And if I had fraudulently altered the check image, i'd probably be on the hook for some sort of criminal charges.

Re:This is getting old.

[mosch]

Well, from my personal account I can just scan the check. USAA offers this.

From my business account, I don't even need to bother with the scanning, if I don't feel like it.

This is rather disquieting

[jeffasselin]

That the financial system is not any more secure than this. I always thought there were some serious security measures taken by banks before transferring funds, like doing small payments whose value has to be confirmed, and stuff like this.

Just like any security issue, though, it appears convenience wins over security for now. It would probably be too detrimental to the big banks and financiers of the world to have to authenticate transfers properly. They're already reduced to quasi-poverty (WHAT? I ONLY GET 100MILLIONS TO SPEND THIS MONTH?).

Re:This is rather disquieting

[jimicus]

That the financial system is not any more secure than this. I always thought there were some serious security measures taken by banks before transferring funds, like doing small payments whose value has to be confirmed, and stuff like this.

Perhaps, but you've got to bear in mind that the banking industry is, more or less by definition, entirely driven by money.

There will always be a certain degree of fraud - the entire industry accepts that and doesn't even pretend that they'll ever eliminate it altogether. However, it's a huge industry. Even small procedural changes take a lot of work to implement - and therefore cost a lot of money.

If the amount of money lost to fraud that can be saved by a given procedural change is less than the amount it will cost to implement, it makes no sense to implement it.

Re:This is rather disquieting

[NixieBunny]

Yeah, I though that as well until one day I sent a $14,000 check to my mortgage company and they deposited it for the default payment amount of $1400. The scary part is that the bank didn't read the check at all, using the mortgage company's data tape instead of the actual document to learn the deposit amount. Seems they are not willing to take the time to read the numbers written on their checks! Momentum is the only thing sustaining the banking industry.

Re:This is rather disquieting

[just+fiddling+around]

Let me tell you, this is just the tip of the iceberg.

I had a friend get one of his post-dated cheques cashed months before the date (with extra-salty fees attached of course). The depositor did not even falsify the date!

A TV network program (JE on the TVA network in Canada) even tried making cheques with signatures bearing no resemblance to the one attached to the account (like ROGER in block letters for a woman's account) an the banks passed them and TOLD THE CAMERA that signatures are not checked before approving a transaction!

Banks don't care because cheque fraud creates excuses for them to extract fees ("research" fees, overdraft fees, transaction fees) from their clients. ==> Profit!

Re:This is rather disquieting

[Zenaku]

I had a friend get one of his post-dated cheques cashed months before the date (with extra-salty fees attached of course). The depositor did not even falsify the date!

Your friend was completely misinformed if he thought that post-dating a check meant it wouldn't be valid until that date. The date written on a check has no affect on its validity. It's mostly just their for your own record-keeping.

If a human teller happens to look at the check, he or she might refuse to process it, just because they can, and may not know whether it is valid or not, but there is no law obliging them to treat is as invalid.

And how often these days is a human teller the one processing a check?

Lesson: Don't write checks your account can't cover.

Re:This is rather disquieting

[lgw]

That's actually a feature of the system, not a bug (from the banking industry's point of view). When your check is processed the merchant simply declares a value. That might be the value written on the check, or it might not. If the merchant declares a value higher tan you intended (or you never wrote that merchant a check at all) that's fraud, but the check clearing system doesn't even try to catch that. It's handled out of band, and its completely up to you to report the fraud. Pay attention to your accounts!

Re:This is rather disquieting

[Fulcrum+of+Evil]

I had a friend get one of his post-dated cheques cashed months before the date (with extra-salty fees attached of course). The depositor did not even falsify the date!

why should this surprise you? If you give someone a valid check, they can deposit whenever they want, regardless of the date.

Re:This is rather disquieting

[wvmarle]

In Hong Kong, a post-dated cheque will be refused. I have had this a few times that i got a cheque dated day after tomorrow, that I didn't look at the cheque and simply handed it in at the bank. Even the teller didn't spot it, but next day I got a call from another bank staff that this cheque was not valid yet.

The most impressive part is that it seems that every cheque is checked by a human. Or maybe they use automatic handwriting recognition only sending the fails to humans for checking.

Re:This is rather disquieting

[Ambvai]

I've had it worse-- I've deposited 10,000 in cash [mostly 20s and 100s] before and, upon reviewing my bankbook [while still standing there, thankfully] noticed that what was entered was 1,000. Unfortunately, my bank has switched over to a new system that doesn't use bankbooks. Instead, they issue you receipts and you write in your balance like a checkbook...

Well, checks may be out..

[Puffy+Director+Pants]

But it seems he's found a bank that will offer adequate safeguards for the reward?

Personally, I'd prefer error-spotters to be written into the books like David Weber used to do, but I don't know how you'd kill anybody in a book on programming.

Re:Well, checks may be out..

[spud603]

You're referring to the "Bank of San Serriffe"? The one with branches in in Elbonia and Blefuscu?
I'm not sure I trust their safeguards any more than a traditional bank's..

Re:Well, checks may be out..

[gnud]

You name variables after them in illustrations of poorly thought out algorithms?

Re:Well, checks may be out..

[whoever57]

You're referring to the "Bank of San Serriffe"? The one with branches in in Elbonia and Blefuscu?

I think it is this San Seriffe. Perhaps Donald Knuth is a Grauniad reader?

Re:Well, checks may be out..

[spud603]

I think you're right. Good call.

Re:Well, checks may be out..

[prgrmr]

Does this mean I can get Knuth to cash my 25 Coronas?

Re:Well, checks may be out..

[anothy]

C#, probably.

An end of an era

[magisterx]

This is a sad commentary on our society and a horrible end to a wonderful tradition.

New Bill

[Ukab+the+Great]

Obviously we must petition the United States Treasury to release a $2.56 bill with Don Knuth's face on it, which he can then autograph and send to the smarty pants who find errors in his book.

Re:New Bill

And a new "divide by zero error" bill with George Bush's face on it.

Re:New Bill

[Amouth]

didn't you know the USPS recomends you not send cash through the mail

Re:New Bill

[LWATCDR]

It does make me wonder...
Will Knuth get his face on a stamp someday?
Goodness I hope there still stamps in the future :)

Re:New Bill

[Mr.+Slippery]

didn't you know the USPS recomends you not send cash through the mail

If Knuth is right, it's safer to send cash than a check. Intercept cash, you only get that amount; intercept a check, and you can drain my whole checking account.

Re:New Bill

[adonoman]

Clearly the best solution yet.

Re:New Bill

I definitely agree.

Currently, our currency has depictions of slave owners and some quasi-occultist stuff on it. Wouldn't it be nice to put some of our greatest minds on the greenback?

Re:New Bill

[MasterOfMagic]

The right way is a money order. The USPS actually issues money orders for this very purpose, and they charge only a very nominal fee on top of it.

Re:New Bill

[idanity]

i second that. NEW BILL.

Re:New Bill

[ArsonSmith]

...and they charge only a very nominal fee on top of it.

How convenient...

Re:New Bill

[mcvos]

didn't you know the USPS recomends you not send cash through the mail

If Knuth is right, it's safer to send cash than a check.

It is. When you send cash through the mail, you know exactly how much money you're risking, and for small amounts like $2.56, it might well be the safest way that's economical.

Re:New Bill

[Mr.+Slippery]

The right way is a money order. The USPS actually issues money orders for this very purpose, and they charge only a very nominal fee on top of it.

If I'm sending large amounts, a money order is worth the hassle; but having to go to the P.O., stand in line, fill out the paperwork, and pay the fee, isn't worth it when compared to the small risk of $20 bill into a birthday card. or even paying a small debt with mailed cash.

Re:New Bill

They charge a nominal fee to send actual mail too.

Re:New Bill

[Lord+Bitman]

Goodness I hope there still stamps in the future :)

for fuck's sake.. I hope there aren't!

Re:New Bill

[Ann+Coulter]

It is unfortunate that no living person may have his or her face printed on currency. We need Donald Knuth alive more than we need him dead.

Re:New Bill

[sdpuppy]

Goodness I hope there still stamps in the future :)

Of course! How else can the post office (of any country) print its own money?
http://www.linns.com/

I'm not being entirely facetious here - there are a number of countries who obtain significant income from sales of its postage stamps to collectors:

Just Google the following:

"postage stamps" "main source of income"

As to checking accounts, the best way to proceed is to keep it balanced and as little extra $ in it as possible. (You probably want to keep it with an after check balance a little greater than 0 - in case an error is made in balancing; to avoid fees.

After all it doesn't make much sense to keep much money in checking - even the so called "interest" checking accounts pay very little interest, better off keeping the money in a high interest savings account (e-accounts pay the most)

While fraud can still occur by the same means that Knuth had trouble (electronic transfers), the account number is not as exposed as with checking.

Re:New Bill

Sam, put away the hammer - Ann hers says it's a false alarm

Re:New Bill

If you're sending $2.56, it's not particularly nominal (to extend your pleonasm), at $1.05 ...

Re:New Bill

[gstoddart]

If Knuth is right

*laugh* To a lot of us, there can be no "if" in that statement.

Knuth is just right. Anything else is sacrilege. ;-)

Cheers

Re:New Bill

[Gavagai80]

It costs $1.50 to send a money order, which is fine for a large value but not good for sending $2.56.

Re:New Bill

[rfunches]

Nominal if it's a large enough amount. It would cost Knuth $1.05 for the money order plus the $.42 stamp -- a grand total of $1.47, not including the cost of the envelope or the check -- to send $2.56.

On a related note, some local and state government agencies only accept USPS money orders as payment for things like fines or running one of those EZPass toll booths. I've had people come into our office to buy a $3 money order because they realized too late they were in an EZPass lane and got the toll bill a week later. Considering that "business" or "direct" mail (aka junk mail) is on the decline, money orders might be the last revenue refuge for USPS.

Re:New Bill

[blair1q]

"and they charge only a very nominal fee on top of it"

Sounds like a conflict of interest to me.

Why improve security when it makes you money to leave it ragged?

Re:New Bill

[zippthorne]

For small amounts (under $500 iirc), you can get Western Union MOs from the 7-11 (and presumably other convenience-type stores and banks) for something like 50 cents.

Re:New Bill

[The+Dancing+Panda]

Or you can go to any Amscot and get one for free.

Re:New Bill

[freakmn]

Carrying that to its logical conclusion, you wouldn't be the recipient of one of those fancy checks anyway, right?

Re:New Bill

[ArsonSmith]

But that makes sense, that's the service they provide.

They are charging you to send mail but then say it's not safe to send mail unless you pay us some more to make it safe.

Re:New Bill

[idontgno]

it's not safe to send mail unless you pay us some more to make it safe.

What's the word for that? Hmm... Hmm... Oh, yeah, "protection"

Re:New Bill

In other words, they steal money from envelopes in order to press you into *buying* money-orders for nominal fees - now that sounds like extortion..

ie - "hey, you knows da mail is dangerous.. you wants it to make it through without it having any problems?"

Let's face it, how much mail is received in a condition other than how it was mailed, ie semi-opened, to fully opened.

Re:New Bill

They are charging you to send mail but then say it's not safe to send mail unless you pay us some more to make it safe.

How dare they charge more to do more work. Next thing you know, they'll be charging more for heavier letters!

Re:New Bill

[Bo'Bob'O]

The reason they don't like you to send cash in the mail isn't the safety of your money, its for the safety of the postal carriers. If you could send cash in the mail a carrier could potently be carrying dozens or even thousands of dollars and making them a target for crime. This would have especially been true back before various forms of automatic and credit card billing were common.

Pfft. This is not new.

Anyone can print a check. Everyone knows this or at least should. Companies print their own checks. Government offices print checks. Hell, if you run out of checks you can just write your information on a piece of paper and sign. (Ask your banker if you want confirmation.)

Anyone can print a check with any account and routing numbers they want. While checks are low-tech, and easy to copy, they're also very easy to trace. The fraudster's bank has identifying information for whomever cashed the fakes, which makes prosecution trivial.

This is not 'the end of an era' unless you've been living under a rock. Have none of you heard of Frank Abignale? (Watch 'Catch me if you can.') Check fraud is as old as checks.

LOL, captcha: decency, which the fraudsters didn't have.

Re:Pfft. This is not new.

[petermgreen]

Anyone can print a check with any account and routing numbers they want. While checks are low-tech, and easy to copy, they're also very easy to trace. The fraudster's bank has identifying information for whomever cashed the fakes, which makes prosecution trivial.
It seems to me that at least according to the article the problem is that theese numbers can be used internationally.

So your bank knows that your money has been transferred to some "bank" in $THIRD_WORLD_SHITHOLE . Said "bank" either does not have sufficiant evidence to figure out who picked the money up or refuses to cooperate.

What then?

Re:Pfft. This is not new.

[Swanktastic]

So your bank knows that your money has been transferred to some "bank" in $THIRD_WORLD_SHITHOLE

Aha... Now I know why my friends in New Jersey can't cash my checks.

Re:Pfft. This is not new.

[sdpuppy]

Awhile back, there was a ...sort of... lovers dispute over money (she owed him) and the girl ended up writing him a "check" using one of her undergarments. Apparently the bank honored the "check" and it made the news, so she had her revenge - not only he was embarrassed at the bank, now everyone knew.

OK this is Slashdot so I've got to say - I think it was her panties. Enjoy. :-)

Re:Pfft. This is not new.

I'd think most guys would be proud to not only get the girl's panties, but also get some money from it! So, maybe he wan't embarrassed at all.
But depending on the panties, maybe she was...

Only a genius...

[tomd123]

would think the way he does... If you can't beat the banks... create one. :D

Shift left by 1

[FourthAge]

Actually, don't the cheques start at $2.56, and then shift left by 1 as each error is found, up to a maximum of $327.68? (It's wise of Knuth to put a cap on it.. you might be tempted to cash a cheque worth (164)*$0.01..)

Re:Shift left by 1

[msuarezalvarez]

That really depends on the particular project the bug is found on.

Re:Shift left by 1

[Sloppy]

Actually, don't the cheques start at $2.56, and then shift left by 1 as each error is found, up to a maximum of $327.68?

Unfortunately there was a bug in Knuth's check writing program, and the last person received a check for the amount of "one carry bit, set."

Re:Shift left by 1

[greg1104]

There's more detail about the doubling scheme used at Wikipedia. The hilarious part there is that one of the sample posted checks recipient's name obfuscated, yet all of Knuth's bank information is completely clear.

Re:Shift left by 1

[tweak13]

Actually if you read the details for that image, it claims that the numbers have been randomly swapped. It seems to me it would have been easier to just blur it but whatever.

Re:Shift left by 1

[noidentity]

Actually, don't the cheques start at $2.56, and then shift left by 1 as each error is found, up to a maximum of $327.68?

Unfortunately there was a bug in Knuth's check writing program, and the last person received a check for the amount of "one carry bit, set."

Better than receiving one for -$327.68.

Re: Fraud Threat Halts Knuth's Hexidecimal-Dollar

hexAdecimal

Ridiculous, but true

One of my friends left their laptop somewhere and it was "stolen." Among the other items in the laptop case was a personal check from me, and within the next couple weeks I had some mysterious payments going out of my bank account. During the resultant hassle, it became clear that the security on checking accounts is non-existent. As Knuth's post says, all someone needs is the routing and account numbers (numbers printed on every check) in order to make payments from the account and probably to get at the money in any number of other ways. No verification at all is done to ensure that the person making the payments is the person who owns the account. It seems outrageous that your finances can be compromised by writing checks to people you don't know, or just having one of your checks seen by someone untrustworthy, when that's basically what checks are for, but that's the way it is. What is it with bankers these days? Aren't these people supposed to be smart about money?

Re:Ridiculous, but true

[burris]

Bankers are smart about money...THEIR money. Why should they waste lots of their money on making fraud truly difficult when the risk can be so easily managed for a lot less.

Re:Ridiculous, but true

The goal of the "modern" bank check system is not to make it hard to commit fraud, it is to make it hard to commit fraud and not get caught. The check has to go to another account, which presumably is at a bank which knows it's customers and their information thoroughly. If it is cashed directly for currency, then appropriate ID must be presented.

When I held my first several real jobs, I did not have a bank account, and I cashed all my checks at the bank they were drawn on, driving 30 miles every other Saturday. I always had to wait while they called the issuing bank, which was usually in North Carolina, and verified the check over the phone by a voice conversation. After a few months they recognized me each time and stopped making the telephone call.

I think part of the modern problem is that it is easy and nearly anonymous to get a bank account. The banks don't know their customers the way an old fasioned banker would see his customers at church or in the grocery store. Starting with enough information to get a fake id, you can then get a bank account, and then deposit fraudulant checks, and obtain the cash via ATM or spirit it away into just another semi-anonymous bank account before the fraud is detected.

I am not sure what is the solution. Requiring checks to have some secrete checksum on them or be on special paper issued by the bank would allow the banks to kill the system by charging high fees for the checks -- it is a matter of law in most states that a check must be honored by the bank so long as it has the right information on it, it doesn't have to be written on paper even (Frank Dobie used to win proposition bets based on cashing a check written on a wooden shingle). We are not going to go back to a system where it is harder to get a checking account, in the old days the poor and minorities were often locked out of that system, and even today poor people are exploited by exhorbitant rates at check-cashing places because they are more likely to lack a checking account. Bank accounts will probably get easier to obtain, not harder.

paranoia much

[Speare]

First, the blurb is very misleading. I took from it that the bank yelled at the use of the phrase "one hexadecimal dollar" which no banker would understand how to equate to the digits, $2.56. Since it's the text that wins in most audited disputes about amounts, that's a problem.

He's just paranoid about the MICR routing numbers, and how banks are not secure. This has not changed, and is not at all particular to him. It is odd that he's had multiple attacks while I've had zero, since he claims the attack is entirely despite any knowledge of the account holder's name or wealth.

Pseudocode: // I was going to write this in WEB but fuck that

• Set up an independent "Knuth's Mistake Fund" checking account.
• If a mistake is found, deposit $2.56 and send paper check, valid within 30 days
• If a month goes by and the guy didn't cash it, withdraw $2.56 and void the check.
  (Mistake-finder framed the check for his wall.)

Re:paranoia much

It is odd that he's had multiple attacks while I've had zero, since he claims the attack is entirely despite any knowledge of the account holder's name or wealth.

Well, his checks are posted in many people's offices, where your checks are just up at the District Attorney's office. Therefor, everyone knows you have no money in the account.

Re:paranoia much

[scrod98]

In the article, he isn't just paranoid, but has had several problems, which have extended to make unhappy bankers. You plan would work, but then it would be like $30 worth of effort, so loses its appeal. Another casualty of technically savvy criminals, staying one step ahead of industry.

Re:paranoia much

[marcosdumay]

"It is odd that he's had multiple attacks while I've had zero..."

No, it's not odd at all. I guess that if people did go around showing your checks to everybody they meet or maybe even posting them to the web, you'd have plenty of atacks too. Instead, people probably choose to cash your checks, so you don't have this problem.

Re:paranoia much

[NixieBunny]

I wondered about that also, but then I realized that these checks are treated as trophies and are presumably posted on the web as scanned images. The check that you or I write to the phone company is never posted on the web, so it's not likely to be scammed from.

Re:paranoia much

[Albanach]

It is odd that he's had multiple attacks while I've had zero

Are copies of your checks published with routing and account numbers intact on sites like Wikipedia?

Still think it's odd?

Re:paranoia much

[barzok]

Since it's the text that wins in most audited disputes about amounts

Because legally, that is the amount the check represents. The numerical representation is defined as the "courtesy" amount.

If the two amounts differ, the amount written out in longhand is the amount the bank recognizes. Always.

Re:paranoia much

How does that stop someone from trying to withdraw money from the account?

Most banks (at least here in Canada) charge the account holder a fairly substantial fee if they do not have the funds in their account to process a transaction.

1. Bank Account Balance: $2.56
2. Send paper check, it gets posted all over internet.
3. Bad guy gets account number, attempts to
withdraw $100 from account.
4. Bank sees $100 withdraw, when customer only has a balance of $2.56, denies the withdraw, but charges a $35 NSF (no such funds) fee.
5. Bank Account Balance: $-32.44

Re:paranoia much

"Note that the machine-readable numbers at the bottom of the check have been randomly swapped or modified, so that no personal information about Don Knuth's personal bank account is leaked through this image."

Re:paranoia much

Your general point makes sense, but not the specific example. From the Wikipedia link:

Note that the machine-readable numbers at the bottom of the check have been randomly swapped or modified, so that no personal information about Don Knuth's personal bank account is leaked through this image.

Re:paranoia much

[Smauler]

From that page :

Note that the machine-readable numbers at the bottom of the check have been randomly swapped or modified, so that no personal information about Don Knuth's personal bank account is leaked through this image.

Unfortunately, I think they may have used ROT26 :P.

Re:paranoia much

[Andy+Dodd]

"It is odd that he's had multiple attacks while I've had zero, since he claims the attack is entirely despite any knowledge of the account holder's name or wealth."

OK, maybe you're misinterpreting TFA, but it's pretty clear that some (most) people are using these checks for bragging rights. Thus the checks, which include the account holder's name (Donald Knuth), the bank name, routing number, and account number, are displayed in many cases publically, sometimes as scans on the Internet.

Re:paranoia much

[Albanach]

Indeed - I was making an example with too much haste. I should just have posted a link to Google images.

http://www.lsi.upc.es/~valiente/knuth-1998-08-10.jpg
http://truetex.com/knuthchk.jpg
http://www.lsi.upc.es/~valiente/knuth-2002-08-24.jpg

etc...

The point Knuth makes in his post is that these things got framed and put on CompSci notice boards etc. Obtaining the details became trivial. The OP was suggesting that Knuth's accounts being targeted was in some way odd when in fact it was predictable if unfortunate.

Re:paranoia much

[david_thornley]

The longhand amount is the one that the banks should always recognize, but it isn't what they do always recognize. I inadvertantly wrote the wrong number in the number field, and that's what the bank treated the check as.

I don't know how often this happens, but the bank recognized the numerical amount at least once in the 1970s.

Re:paranoia much

Oh, that's just cute. Obfuscate the name of the recipient, the bank logo, and the little curly queues, but leave the important stuff clear as day.

Re:paranoia much

[Vellmont]

*Set up an independent "Knuth's Mistake Fund" checking account.
*If a mistake is found, deposit $2.56 and send paper check, valid within 30 days
*If a month goes by and the guy didn't cash it, withdraw $2.56 and void the check.

Runtime Exception! Fraudster makes check for $2000!
(handle exception)
{banker complains to Knuth, tired of penny-anty fraud that's costing him time and money.}

From what I read Knuth is changing his procedures because it's causing people grief at the bank, not because he was robbed of some large sum of money. The money in the account isn't the problem here.

Re:paranoia much

[legirons]

The oddest thing is, how come just knowing someone's account number is sufficient to withdraw money? that's like a username without a password (especially if account numbers are generated sequentially). does Knuth's bank not do any authentication of who they give money to?

Re:paranoia much

Is your routing number and account number posted on wikipedia?

http://en.wikipedia.org/wiki/Knuth_reward_check

Re:paranoia much

[nedlohs]

Yes, because when someone actually does steal from your bank account via knowing the routing and account numbers you are just being paranoid trying to have fewer instances of those numbers put on people's walls and plastered on the internet.

Re:paranoia much

These checks are easy to find and see.

Re:paranoia much

[ShaunC]

First, the blurb is very misleading. I took from it that the bank yelled at the use of the phrase "one hexadecimal dollar" which no banker would understand how to equate to the digits, $2.56.

Along those lines, I always wondered whether or not this check was ever mailed to Verizon, and if so, whether or not they managed to cash it.

Re:paranoia much

Indeed. Go to google image search and search for "knuth checks" and you'll get many check images with his ABA and account numbers. This is probably not true for the average check user.

Re:paranoia much

You should read your account agreement. Voiding a check does not mean that it will not clear. If your bank accepts the check, too bad, and they are usually too busy to look at every check. Making it good for 30 days means nothing, again your bank probably won't look at that any more than they have the time to look for stopped checks. The kicker is, even though all checks are only supposed good for 9 month ( I think that is the correct time) before becoming void, if your bank cashes a two year old check once again you pay.

It's 2008

[superphreak]

He could still PayPal... (?)

Re:It's 2008

[macbuzz01]

It's clear that many don't cash the checks, so PayPal would have the privilege of hanging on to $2.56 times the number of people who find mistakes, interest free until they are cashed and then PayPal can collect fees on that too.

There is always the chance that PayPal will freeze his account, with little recourse, and seize the funds.

Re:It's 2008

Which is so not the point.

Re:It's 2008

[Captain+Spam]

What would you rather have, an actual, physical, signed check by one of the legends of programming, one which you can frame if you want, or a string of text in some giant database reading to the effect of "dknuth sent $2.56", which would equate to about one line on a sheet of blank, white paper?

Re:It's 2008

[superphreak]

Ok. Sorry. I guess I didn't realize who the guy is, and/or why many people didn't actually cash their check. +1 ignorance. Sorry!

Re:It's 2008

[camperdave]

I thought the amount doubled each time an error was found. First mistake was $0.01, the next $0.02, and so on, through $2.56 up to $327.68 (the cap he placed on the offer). So only one person would get $2.56 - unless he is giving the same amount to multiple people who find the same mistake.

Re:It's 2008

[sdpuppy]

In that case, I think he should buy (or program :-)) "Certificate Maker", and when a reader sends in an error report, he prints a nice one up signs it and mails.

Probably costs less to him, recipient has his/her trophy, banker doesn't have to run after YAF (Yet Another Fraudster) and everyone is happy!

Sigh

[msuarezalvarez]

I blurred the numbers identifying the account and such before posting mine online.

It is sad that things have come to this :(

cheaper to lose the money

[NotQuiteReal]

Last time I checked you can't "void" a check you no longer possess. You can, however, put a stop on it, but that costs more than $2.56 at most banks.

Re:cheaper to lose the money

[Remloc]

Last time I checked you can't "void" a check you no longer possess. You can, however, put a stop on it, but that costs more than $2.56 at most banks.

Most major banks will stop (a limited number of) checks for free with person's of deposits the size I'm sure Mr. Knuth is capable of making.

Paychecks

Knuth writes that "before long, companies will find it impossible to give out paychecks without exposing themselves to unacceptable risk". When I interned in the US, I was absolutely stunned that my paycheck was actually a, well, check. Seriously, is that still common in civilized countries? Where I live the paycheck hasn't been a physical check since before I was born.

If you're going to rely on banks to get paid anyway, why go through the cumbersome road of checks? Just have the money transferred directly...

Re:Paychecks

What makes you think that any portion of the process of direct transfer is more secure ? It is essentially exactly the same as check, except the information is exchanged electronically instead of on paper. Fraudulant wire transfers are quite common. Consider the craigslist scam where a distant purchaser "accidently" wires you too much money (or sends too big a check), and asks you to write a check for the change and send it with the item -- it depends precisely on the fact that they can make a fraudulant wire transfer or check that will take longer to discover and unwind than it will take them to cash your valid check.

To do direct deposit payments, you generally sign a slip that gives the company the authority to correct any mistakes by taking the money out of your account with out your permission or knowledge. Think about the kind of people who work in your company's HR department. Do you really want them to have access to your bank account information, let alone be sitting at a computer terminal with the ability to make you miss your mortgage payment by entering an extra zero somewhere ?

Re:Paychecks

Again, this is a flaw of the US system, not all bank system relying on direct transfers. I can at any time deposit money on any Norwegian bank account, transfering it from my own. That does not give the people I transfer money to any rights whatsoever to withdraw money from my account(!).

Checks aren't used for *anything* in Norway. If someone owes you money, you give them your account number, and they deposit money. What's wrong with that?

The retardation of the financial sector

[0xdeadbeef]

We should make every suit at every financial institution in this country write a thousand times on a blackboard:

An identifier is not a shared secret key.

This applies to account numbers, credit card numbers, social security numbers, drivers license numbers, everything.

The symbol that represents you is not the thing that proves who you are. Otherwise, your name itself would be all you need to verify your identity, and we all know how absurd that is.

Of course, the real problem is that they aren't held adequately liable for the fraud that occurs. They blame it on the customer and wash their hands of it. If we made them always eat that cost, I guarantee we'd see real progress against identity theft.

Re:The retardation of the financial sector

[cdrguru]

The difficulty with making banks liable for fraud is most of the attempted fraud is the other way around - people trying to get stuff from banks. Think about it. Wouldn't you claim that your account was incorrectly debited $500 from an ATM transaction that you didn't make if you could get away with it? Sure you would. So would everyone else in your city.

There is no way to prove the difference between "identity theft" on the scale where a bank is defrauded and outright dishonesty by the customer.

Now in reality most "identity theft" is accounted for because the FBI changed their reporting rules. Credit card fraud - using someone's credit card number - is now counted as identity theft. My guess is 90% of the "identity theft" that is reported is in reality simply credit card fraud. And people do not lose because of credit card fraud - merchants do.

Why aren't merchants up in arms because of credit card fraud? Simple, they have insurance. They don't really lose out either. In effect, it is a vicimless crime.

Re:The retardation of the financial sector

[SydShamino]

Wouldn't you claim that your account was incorrectly debited $500 from an ATM transaction that you didn't make if you could get away with it? Sure you would. So would everyone else in your city.

Some people have morals even without the threat of punishment for misdeed.

Re:The retardation of the financial sector

[BlueNoteMKVI]

Not victimless.

Filing claims on a merchant's insurance for credit card fraud leads to higher insurance premiums for the merchant.

Not filing claims leaves the merchant SOL and out $fraud_amount that they must make up elsewhere.

Either way means higher expenses for the merchant. Merchants don't just accept that, they charge higher prices to make up for the difference. Who pays those prices? You do. In a roundabout way, we are ALL victims of credit card fraud, by means of higher prices.

Re:The retardation of the financial sector

Wouldn't you claim that your account was incorrectly debited $500 from an ATM transaction that you didn't make if you could get away with it?

OK Sam, find out who this "cdrguru" guy is so that we don't accidently hire him!

Oh yeah, the answer is NO. Some people do have a sense of right and wrong.

Re:The retardation of the financial sector

[Aladrin]

"Think about it. Wouldn't you claim that your account was incorrectly debited $500 from an ATM transaction that you didn't make if you could get away with it? Sure you would. So would everyone else in your city."

No. Not everyone would. I will agree that a majority would, but not all. I, personally, would not. I don't need money so bad that I'm willing to go against my own ethics.

Re:The retardation of the financial sector

[steelfood]

Currently, the technology required to make secure authentication ubiquitous is prohibitively expensive. Banks continue to employ a lot of legacy systems the for reliability purposes, because any downtime is simply unacceptable.

Unless you want everyone to go around doing authentication with shared secret-codes like they do in spy movies, or calculating in their heads their own public key for every transaction that requires authentication, some form of picture ID is the most practical method. Remember that while you might do everything online, in the real world, only a very small percentage of transactions in the world are done through computers. In fact, most things are done through cash, where the only authentication exists to confirm the veracity of the actuall bill.

Re:The retardation of the financial sector

[Fulcrum+of+Evil]

There is no way to prove the difference between "identity theft" on the scale where a bank is defrauded and outright dishonesty by the customer.

And there won't be until the banks are held responsible for failures. It's like this now because it's cheap and easy, but there's not much verification of identities.

Re:The retardation of the financial sector

I doubt most would even understand the terminology. The name analogy might be more appropriate.

Re:The retardation of the financial sector

[Teancum]

Currently, the technology required to make secure authentication ubiquitous is prohibitively expensive. Banks continue to employ a lot of legacy systems the for reliability purposes, because any downtime is simply unacceptable.

I say, B.S.

The "technology" required to securely authenticate financial transactions is hardly expensive.

I've noted that my editorial transactions on Wikipedia are several orders of magnitude more secure and harder to hack into than my financial transactions. If you ever try to become a "check user" or get involved deeper with the Wikimedia political process than being just a project administrator or bureaucrat, you will discover even further authentication including verification of identity that I could only wish my bank would use.

Shared secret codes are used all the time with internet actions. They are called a "password". This isn't something from spy movies, but something that has been used by computers since practically when they were first created. Most database engines like MySQL even have password authentication algorithms that even keep the database administrator from knowing what the password is.

The whole problem here is that identification != identifier. Your bank account number, SSN (or government issued identification number), mother's maiden name, birth date, place of birth, or any other textual information that can be used to clarify that you are a unique individual still doesn't address if you are indeed the person who is asserting the claim to be that person.

When you apply for a U.S. passport, one of the things you have to do in order to get the passport issued is to have a genuine person who is an officer of the government (usually a postmaster at a post office) verify the documents that you are using to agree that you are indeed this individual. If the government wanted to, they could at that point set up some pass phrase or some other identification scheme for further transactions.

The reason for the pass phrases in "spy movies" BTW is also for authentication, as the information being transferred in intelligence operations is usually so important that they don't want to hand it over to any ordinary person... or the wrong person.

There is no reason a bank can't independently establish the identity of a person, or set up a "network" of legally secure identification locations (at any bank that is licensed) where you have to go in and establish your identity with a photo ID, finger prints, DNA test, or some other very difficult to forge process and set up the secure identification number with checksums/random numbers (so you can't just randomly guess the number) and perhaps even a customer-generated password/pass phrase that can then be used for banking transactions from that point on... including network transactions.

This doesn't have to be prohibitively expensive, and at most would be just a couple of dollars of cost per customer. A cost that could even be charged to the customer as a legitimate fee (that most customers would be willing to pay as well!) If you suspect that your "identity" is compromised, you can re-establish your "identity information" at the bank or wherever you did this in the first place, comparing the biometric data (aka signature, finger prints, DNA, etc.) "on file" with who you are. Attempts at "identity theft" by the bankers or "authenticators" would be a stiff felony and subject to a long term in prison... at least on the order of falsification by a notary public (which is currently found in most banks).

BTW, about most transactions being done with cash? I'd like to know where you've been. I've tried to live a cash-only lifestyle, and I've found that at least in the 21st Century it is impossible to be that way completely. The first place I had real problems was with the telephone company, but now all utility companies require at least check transactions, and prefer debit/credit cards (for some that is the only option). Paying on a car or h

Re:The retardation of the financial sector

Are you implying that if your car is insured then stealing your car is a victimless crime? Or that if your life is insured, murdering you is a victimless crime?

Re:The retardation of the financial sector

[rastoboy29]

While I agree with everything you say, I think it's worth contemplating the consequences if they were to actually do this.

Are you really ready to have your life depend on biometric readings, for example?

Re: Fraud Threat Halts Knuth's Hexidecimal-Dollar

You hexed a decimal?

Slashdotted

[Russianspi]

While it seems to be fine at the moment, it took a few tries for me to load it. So, to try and help the server, here is TFA: "Financial Fiasco Leading banks and investment funds have been foundering, because of bad debts and lack of trust; and other, less well-known kinds of fiscal chaos are also on the horizon. For example, due to an unfixable security flaw in the way funds are now transferred electronically, worldwide, it is no longer safe to write personal checks. A criminal who sees the numbers that are printed at the bottom of any check that you write can use that information to withdraw all the money from your account. He or she can do this in various ways, without even knowing your name --- for example by creating an ATM card, or by impersonating a bank in some country of the world where safeguards are minimal, or by printing a document that looks like a check. The account number and routing information are all that international financial institutions look at before deciding to transfer funds from one account to another. (See, for example, Grant Bugher's comments.) More and more criminals are learning about this easy way to acquire money, and devising new schemes to conceal their identities as they steal the assets of more victims. Nowadays almost everybody knows that it's dangerous to reveal your credit card number, or to have that full number on a printed document that somebody might find in the trash. Soon people will learn that it is equally dangerous to reveal the numbers that are printed in plain sight on every check. Forget signatures; banks have no time to verify them. The once venerable system of checking accounts is irretrievably broken. Before long, companies will find it impossible to give out paychecks without exposing themselves to unacceptable risk. One consequence of this debacle is, alas, that I can no longer write checks to reward the people who discover errors in my books. The system that I've been using has worked well for almost forty years; but recently I have had to close three checking accounts, and the criminal attacks on those accounts have caused significant grief to my bankers. (Certainly I do not believe that anybody who received one of my checks has been in any way a culprit. But all such recipients are entitled to bragging rights; therefore the numbers printed on those checks inevitably become known to random members of the public.) I cannot in good conscience continue to traumatize the people at my bank, who obviously have plenty of other things to worry about. After painful deliberation I've come up with a new plan, which I hope will be acceptable to all concerned, and perhaps even welcomed as an improvement. Instead of rewarding heroic bug-finders with dollars, I shall henceforth award brownie points, otherwise known as hexadecimal dollars (0x$). From now on it will be kudos, not escudos. Instead of writing personal checks, I'll write personal certificates of deposit to each awardee's account at the Bank of San Serriffe, which is an offshore institution that has branches in Blefuscu and Elbonia on the planet Pincus. It turns out that only 9 of the first 275 checks that I've sent out since the beginning of 2006 have actually been cashed. The others have apparently been cached. So this change in policy will probably not affect too many people. On the other hand, I don't like to renege on promises, so I shall do my best to find a suitable way to send money to anyone who really prefers legal tender. Everybody who has received a reward check or a hexadecimal certificate from me since 1 January 2006 automatically has an account at the Bank of San Serriffe, and these accounts are listed on the bank's website. All of these people have my undying gratitude for the invaluable help they've generously provided in order to improve the books and the software that I've written. I ask friendly readers to keep sending those precious bug reports, and to let me know if my new policy displeases you in any way"

Money Orders...

Rather than the fictional bank, he could make good on the promises by purchasing money orders. The worst that can happen is a fraudster figures out a way to cash the money order, but the fraud stops there.

Actually

[hey!]

a check doesn't legally have to have your account or bank routing number on it. It certainly doesn't have to be printed by your bank.

The numbers are there to make it convenient for banks to move money around. A bank can refuse to honor such a check, but a bank can refuse to honor any check. There's no legal obligation to honor any check.

The numbers don't turn an ordinary piece of paper into a check. What does that is your signature.

I once knew a guy who wrote out a check to another guy on a napkin. He then went over to his bank branch with the other guy and made sure they honored the "check", which after some discussion they did. He could have just withdrawn money, but he wanted to prove it could be done, and he did.

Re:Actually

[Chirs]

My bank at least will charge me an additional fee if the check isn't MICR-encoded.

Re:Actually

[midicase]

"What does that is your signature."

Still a signature is only part of it. I've issued checks without the signature and they still pass though the mostly automated clearing houses.

Could the signature prove that you did[n't] issue the check?

Re:Actually

[u38cg]

During the Poll Tax palaver in the UK in the late eighties, people delighted in finding more and more ridiculous things to write checks on. IIRC, the government was presented with cheques painted on scrap vans, carved into gravestones, engraved onto a tombstone, and on one occasion written on the side of a cow. HMRC being humourous types, they cashed them all.

Re:Actually

[zippthorne]

Well, that's pretty stupid if that's the case. Your signature authorizes, but it does very little to confirm that it's actually YOUR signature, especially if the bank only has your name and account balance on file at a given branch and/or the tellers aren't trained forensic handwriting analysts.

A good system would require for every transaction at the very least,

• claim of identity
• confirmation of identity
• amount
• symbol of agreement

A signature only provides the last one, and depending on how legible it is, the first. Banks are really dropping the ball here.

What I want to know is.. Where is the "GeekBank" where all of this stuff is done according to well-researched protocols? Surely that would do pretty well?

Re:Actually

[vsync64]

What does that is your signature.

Which can be an 'X' if you want.

Re:Actually

[anothy]

having looked into much of this while designing alternative remittance systems, i'm fairly confident in saying that such a thing doesn't exist, or at least isn't recognizable as a bank. a few of the regulations designed to protect consumers actually make it very difficult to change from the status quo, and overall have the effect of making it expensive to try new things.
things which don't try as hard to look like banks (paypal being the most popular example) have a lot more flexibility; those may or may not qualify for what you're looking for. i'm inclined to say not, until i can pay my utility and tax bills with my paypal account.

People will still look for the errors

[QuantumFlux]

If no one is cashing the cheques anyway, why bother with a cheque? Knuth could just create signed certificates and geeks will still scramble to get them. The guy is famous enough now that there's no need for any monetary incentive...

So write Knuth and get your certificate

Cuz he's obviously wrong. He's such an idiot.

It's called a joke.

Business Accounts get all the security

[dracocat]

I imagine that at some point consumer accounts will get the same protection that business accounts get with positive pay features. Basically companies write all their checks then send their bank files with each check number and the amount of the check.

All they need is a web interface that does the same, then I can put in the information for the one check I end up having to write each month.

Re:Business Accounts get all the security

[BlueNoteMKVI]

Personally I rarely write checks any longer. My bank will print and mail the check for me at no charge through my online banking system. For most major providers they send it electronically, but I can use that system to write a check to anyone I please. The bank deducts the amount from my account immediately, if the check comes back doctored and is cashed for a higher amount then it becomes their problem to deal with.

What % of checking transactions are fraudulent?

How pervasive of a problem is check fraud to the BANKING industry? When it is YOUR account it is a problem. I guess they have had bean counters study this and the extra security is not worth the money and time.

PS Remember getting the ACTUAL cancelled check with your statement.

PSS There is mom and pop dry cleaner in my neighborhood that hangs bad checks on the wall. Those are ripe for the theft!

Re:What % of checking transactions are fraudulent?

[freakmn]

PSS There is mom and pop dry cleaner in my neighborhood that hangs bad checks on the wall. Those are ripe for the theft!

I think if I were in the market for writing fraudulent checks, I'd try to avoid the ones that don't have any money in the account. You know, to try to get some reward for the risk.

Re:What % of checking transactions are fraudulent?

[Teancum]

I've had both close friends who have had problems with this, as well as some personal experiences where I've had to shut down checking accounts to kill the problem.

The worst problems I've had is with banks themselves taking money they weren't authorized to remove from my account, but that is another story. Surprisingly, I usually got the money back when I confronted an officer of that bank about the issue, usually with a sincere apology and something about glitches in their computer software (right!)

pictures of knuth checks are everywhere

[Bananenrepublik]

If you look at http://en.wikipedia.org/wiki/Knuth_reward_check you'll see a picture of a check with all the numbers. A Yahoo-image search immediately yields scanned checks, both front and back. More attack vectors, indeed.

Re:pictures of knuth checks are everywhere

From the wikipedia info on the image you were talking about:

"One of Donald Knuth's reward checks. Note that the machine-readable numbers at the bottom of the check have been randomly swapped or modified, so that no personal information about Don Knuth's personal bank account is leaked through this image."

Paypal

[cylcyl]

How about doing it via Paypal instead of direct deposit or check?

Grrr cheques

[kanweg]

I explicitly tell Anglophone clients not to send cheques. It is easier, cheaper and less time-consuming to do your banking electronically.

In my country we're not used to cheques. Cashing it would take me a 45 minutes trip to the bank (depending on the waiting line) plus it costs me over 10 Euro to receive my money. Excuse me?

So, I'm sending it back although I'm not sure what the consequences of that are.

Bert
Well, probably the Koreans laugh at the way we pay here anyway (they can pay just about anything with their mobile phone).

Why not money orders?

Just send an MO for $2.56, you can do it at any post office, any bank, or most convenience stores. Since it's a one-time use thing, they can't steal money out of your account.

Okay, so the fee is a bit higher, but I get the idea that Mr. Knuth isn't exactly hurting for cash.

Re:Why not money orders?

[eclectro]

He's semi-retired. I bet he would rather spend his time finishing his books than spending a bunch of time running to the post office. But even then, I can't help but wonder if Knuth had a 401k that lost X^2+Y....

What's wrong with PayPal?

[toby]

Apart from the whole "they're evil" part.

Hebidecimal?

That the word you're looking for?

oh the mistakes that could be made

[v1]

if he had posted the checks in binary and the clerk didn't notice the difference...

Re:oh the mistakes that could be made

[taustin]

I have a friend who used to reduce fractions on his checks. So 44 cents would be 11/25. Used to, until a bank teller didn't catch it, and it messed up his otherwise perfect-for-30-years bank account records. Then his head exploded, and took out the entire building.

Also

[Sycraft-fu]

There is good protection on money orders in form of the USPIS. That is the post office's police force. Really, they have their own federal police force specifically for the purpose of investigating mail crimes. This means that in the event a money order is stolen, there are police who are actually interested, and able to, look in to it. Your local police force can't do much if the check crossed state lines, and the FBI isn't interested unless it's a large amount. However the USPIS, well that's what they do. Mail crimes are their reason to be. That isn't to say they close every case of a stolen money order, but there is at least a group that will look in to it. Makes them much more secure than a regular check, in general.

Re:SPO2NGE

I know this is off topic, but can someone explain the point of these posts? I'd like to think it's just trolling, but trolling usually involves making comprehensive sentences whose statements are formulated to annoy people with a certain worldview. These posts, on the other hand, are like a nonsensical, malfunctioning Markov chain.

Shocking

[dexmachina]

'"The system that I've been using has worked well for almost forty years; but recently I have had to close three checking accounts, and the criminal attacks on those accounts have caused significant grief to my bankers," says Knuth.'
Maybe (and this is just wild conjecture here) that has something to do with idiots writing articles like this, complete with scans of people's personal cheques with the signature uncensored. Brilliant. Real effing brilliant.

Isn't the real question....

[GWLlosa]

So who got the 'last' one?

the consequences....

[tacokill]

I'm sending it back although I'm not sure what the consequences of that are.

I can't speak for Euro/UK law but in the US, nobody is required to take a check. There simply are no legal consequences for not accepting a check for payment.

Cash, on the other hand, specifically says, "This note is legal tender for all debts, public and private", so it has to be taken if the service or product has already been provided.

In the US, companies are not required to take coins but they are required to take cash for "services rendered". ie: you've already received the benefit. If the service is not yet rendered, then they/you can negotiate the required terms of payment. But now you're getting into contract law...

Re:the consequences....

[kanweg]

Thanks for the reply.

Bert

Re:the consequences....

[Teancum]

They may be "required" to take cash, but they sure don't have to make it easy. My former electric utility company would gladly take cash from me... as long as I went to their office, in person, in Scotland (I live in Utah). It is former as I have since moved and have another electric utility company I work with.

You also may be required to fill out a whole bunch of forms and even perhaps be finger printed for trying to do a cash transaction. After spending the half hour or so on all of that paper work, yeah, they'll take your cash from you. Perhaps.

255!

[denmarkw00t]

Hah, screencapped for posterity (0 is a post!) http://i38.tinypic.com/dr8gzn.jpg

Re:3:!6 Re:Forgive me

[fuzzyfuzzyfungus]

Umm. You do realise that only Fundamentalist Atheists are required to scorn everything that a theist does. Mere fanatical Atheists just scorn theism, and evaluate other aspects of a person's character and activity according to whatever criteria are locally relevant.

Slashdot isn't an especially atheistic crowd to begin with and I don't think I've ever met an atheist who thought that theism necessarily prevents somebody from doing good work in other areas(though it certainly can). Strawman much?

since check21 legislation passed..

and since check21 legislation (google it), physical checks can be transformed into digital copies by processors...then shredded. it cuts down on shipping fees, but its hard to read a holographic UV watermark through a bad black and white JPEG.

errr what? bankers, wake up and smell reality.

sorry, i work in that environment, and what you are saying is just not what i see every day.

banks are not 'working hard' to prevent check fraud. . . they are working lazily when they feel like it. What they are working hard on is reducing costs, and outsourcing. some of the software that processes checks is owned by Indian companies, and when you call for service on your check processing machines, the person who answers might just be in india too.

hell, banks arent even 'working hard' to make electronic check payments secure. a high school kid, with just a tiny bit of knowledge, could steal tens of thousands of check account numbers in minutes, and my employers would never know. considering the high turnover rate of employees here, who make less than 10 dollars an hour to bust their ass and get yelled at for being lazy, its a miracle it hasnt happened yet.

and i am not going to point out the problem either, because anyone who knows about computers or points out potential problems at a bank is considered a 'terrorist', because of bankings' anal-retentive, hyper-hirearchal, techno-ignoramus republican filled culture. they'd rather wait until disaster strikes, then have the government bail them out, instead of spending any time/effort to deal with it.

restaurants, bars, theatres, grocery stores, boutique shops, and gas stations are the ones 'working hard' to prevent check fraud... by not accepting checks anymore. this doubtless costs them some business, but they have to do it to prevent theft.

as the poster above said, banks win either way with bounced checks. . .. why should they care?

People still use cheques in this day and age?

[jonwil]

I havent written a cheque in my life and I get along fine. Why do we still need a system based around sending bits of paper around when I can log onto my internet bank and transfer money to any other Australian bank account in a couple of minutes (although the money doesn't actually end up in the other account right away unfortunatly)

Re:People still use cheques in this day and age?

[Krisbee]

I can do that here in Sweden too. Checks only appear when dealing with folks in the U.S. and they are extremely complicated and expensive to cash.

Re:People still use cheques in this day and age?

[Joe+Jay+Bee]

Cheques are still pretty huge here in the UK. Businesses still use them a lot for payments to other businesses, settling of invoices and whathaveyou, and person to person payments still use them a lot.

It's probably fear of technology that does it; many people, especially the elderly, will trust a bit of paper more than an electronic transaction, even if the latter is actually more secure.

Boo freaking hoo.

[joost]

Seriously, checks? In 2008? You might as well complain that you can't pay with beads and mirrors any more.

Mobile Phone Bill?

[ghoul]

At least thats something the Korean's cant pay with their mobile phones. Of course if they could they could live for free- Charge everything to the mobile bill including the mobile bill which includes the things you charged last month. Infinite recursion!!! Of course there is a real world example for this behaviour- the US dollar . The US pays for everything using paper dollars which are worth only the paper they are printed on - anytime anyone wanted something real in return say gold all dollars would instantly be worthless so noone demands payment and just pass on the dollars while the national debt keeps growing just like the mobile bill would but noone is bothered as the debt is being serviced just like the mobile bill is paid every month.

Re:3:!6 Re:Forgive me

[Forge]

Hmm... Funny thing is, when I check my SlashDot user page, the only comments from me that are ever modded down are about atheism.

Slashdot mods are willing to asses the merits of even a closed source argument or laugh at a Pro Republican joke, but give them anything involving Religion or Evolution and you get the instant knee jerk.