Fraud Threat Halts Knuth's Hexadecimal-Dollar Checks

Barence writes "You may be aware of Donald Knuth, the creator of TeX and author of The Art of Computer Programming, who used to post checks to anyone who spotted an error in one of his books — one hexadecimal dollar, or $2.56. No one cashed them though. This blogger has two of them proudly on his wall, but the sad news is that modern day bank fraud has put a stop to Knuth's much-loved way of keeping his books free of errors." (Here's Knuth's own post about the sad change.)

This is getting old.

[SatanicPuppy]

Checks and credit cards are absurdly easy to fake in the modern world. Banks need to get off their asses and roll out a new system...With the billion dollar bonuses that they keep giving themselves, I'm not too sympathetic of the cost.

Re:This is getting old.

[Itninja]

Regarding checks, with their watermarks, UV-readable text,and what not, I don't think they would fall under the category of 'absurdly easy to fake'. However, people are absurdly easy to fool. So the result is the same. And with credit cards, are you talking about making physical fake cards? Because that's not exactly something one can whip up with supplies from the local hardware store. Generating valid numbers however, along with a little social engineering, the same results can be had with little effort.

Re:This is getting old.

[Thundersnatch]

any piece of stationary with mag ink at the bottom with bank a.b.a., account number, check number, will be accepted as check

No, it most likely won't. What you say may have been true 10 or even 5 years ago, but is generally not true with modern check imaging systems. The "Check 21" legislation basically enabled all banks to move to electronic check image storage. Of course, they had to upgrade all of their imaging systems to recognize that cost savings, and these new systems are quite discerning, especially for higher-value checks. Manual inspection is required for most high-value checks, and even things like a changed paper stock or layout can be flagged for manual review.

Also, nearly every company of reasonable size is required to implement positive pay, meaning they send a list of check numbers, dollar amounts, and payees to the bank before the checks are actually cut. So when you go to cash a fake check, the bank knows it is fake immediately. There are of course ways to get around this, especially with personal accounts (which usually do not offer positive pay), but check fraud is no longer as simple as portrayed in Catch me if you Can.

That said, check still fraud remains a major cost for banks, and believe it or not they are working hard to make it less possible. But there is as yet no "magic bullet" technology to replace paper checks. Chip-and-PIN, smartcards, etc. all suffer from different security and operational issues. They also cost a lot to implement worldwide, even after including the costs of paper check fraud. A paper check is fairly easily validated, can be sent through the mail, and requires no "secure" hardware terminals at every merchant.

Re:This is getting old.

[Tmack]

There's absolutely no excuse for banks to not have rolled out a checking system that uses much larger one-time-use account numbers and allows merchants to verify that the check won't bounce. They've been twiddling their thumbs.

... and raking in the $$. They wont change their ways because each bounced check is an opportunity for them to collect lots of fees. At least $20 from the person trying to pass off the bad check, and another $20-30 from the account that got overdrawn. To top it off, once that account is overdrawn, they get those fees on Every withdrawal until they stop coming in. For fake checks, they will still charge your account for trying to pass off the bad check. To them, its not broken, its a source of revenue.

tm

Re:This is getting old.

Also, there's no guarantee that when someone writes you a check that they have the funds to cover it, because it isn't processed right then and there. These two factors put together have led the vast majority of merchants to simply refuse checks today.

Many merchants who receive a lot of checks on a regular basis (and thus cannot afford to turn those customers away) are switching to instant check processing systems. We implemented one of these at an old job of mine. Basically, a scanning device reads the check, gets online, turns the check into a direct withdrawal (EFT) from the account instead, slaps a big VOID on the check, and the voided check is handed back to the customer, usually to their great surprise.

Essentially, the check itself becomes useless, merely a carrier of account information. The scanned check image is stored, for verification purposes if it happens to be needed later. Initially, the system didn't do "instant" account checking, but that was added later, so that a bad check could be instantly spotted as such.

On a side note, a year after we rolled these systems out at all locations, the number of check we processed dropped by almost 75%, with a corresponding increase in credit/debit transactions. Once people figured out that writing the checks was essentially useless and that if they lacked the funds they would get an instant rejection while they were standing there basically holding a voided bad check in their hands, then they stopped trying.

Turns out a surprising lot of our customers were basically relying on the float period, where they could write the check and not have it get into the system for a few days, giving them time to come up with the money. When that no longer worked, they stopped trying it. There was no decrease in sales, but since our bad check problems disappeared almost overnight, we had a major increase in profits.

Re:Forgive me

[Flying+Scotsman]

Think of a dollar as "100" cents. 0x100 cents = 256 (decimal) cents.

New Bill

[Ukab+the+Great]

Obviously we must petition the United States Treasury to release a $2.56 bill with Don Knuth's face on it, which he can then autograph and send to the smarty pants who find errors in his book.

Re:New Bill

[Mr.+Slippery]

didn't you know the USPS recomends you not send cash through the mail

If Knuth is right, it's safer to send cash than a check. Intercept cash, you only get that amount; intercept a check, and you can drain my whole checking account.

Re:Forgive me

[Enki+X]

I am ashamed

Re:paranoia much

[marcosdumay]

"It is odd that he's had multiple attacks while I've had zero..."

No, it's not odd at all. I guess that if people did go around showing your checks to everybody they meet or maybe even posting them to the web, you'd have plenty of atacks too. Instead, people probably choose to cash your checks, so you don't have this problem.

Re:Forgive me

AAAAAAAAAAAAAH!!!!!
It's a joke dollar and Knuth gets to designate what a hexidecimal dollar is since HE's writing the checks!!!

Leave it alone already!!!

The retardation of the financial sector

[0xdeadbeef]

We should make every suit at every financial institution in this country write a thousand times on a blackboard:

An identifier is not a shared secret key.

This applies to account numbers, credit card numbers, social security numbers, drivers license numbers, everything.

The symbol that represents you is not the thing that proves who you are. Otherwise, your name itself would be all you need to verify your identity, and we all know how absurd that is.

Of course, the real problem is that they aren't held adequately liable for the fraud that occurs. They blame it on the customer and wash their hands of it. If we made them always eat that cost, I guarantee we'd see real progress against identity theft.

Re:Forgive me

[Ed+Avis]

Think of a dollar as "100" cents. 0x100 cents = 256 (decimal) cents.

Yes, finally someone is taking a stand against the crappy metric-system-obsessed definition of a dollar. Everyone knows a dollar is 256 cents, this whole decimal crap is just a conspiracy by big business in cahoots with the Federal Reserve to rip us off, just like they did with hard disk sizes. I'm voting for Ron Paul.