With Insider Help, ID Theft Ring Stole $700,000 In Apple Gift Cards

← Back to Stories (view on slashdot.org)

With Insider Help, ID Theft Ring Stole $700,000 In Apple Gift Cards

Posted by samzenpus on Thursday February 5, 2015 @05:31PM from the a-whole-lot-of-apples dept.

itwbennett writes The Manhattan District Attorney's office has indicted five people for using personal information stolen from around 200 people to fund the purchase of hundreds of thousands of dollars in Apple gift cards, which in turn were used to buy Apple products. "Using stolen information to purchase Apple products is one of the most common schemes employed by cybercrime and identity theft rings today," District Attorney Cyrus Vance said in a statement. "We see in case after case how all it takes is single insider at a company—in this instance, allegedly, a receptionist in a dentists' office—to set an identity theft ring in motion, which then tries to monetize the stolen information by purchasing Apple goods for resale or personal use," he said.

57 comments

Min score:

Reason:

Sort:

but... by Anonymous Coward · 2015-02-05 17:37 · Score: -1

i feel sorry for the people whose ID's were stolen. but apple skipped out on paying over $9bil in taxes in 2012, so anything anyone can do to bend them over and stuff a banana in that tailpipe is ok with me. i dont own and never plan to own any apple product ever, so i laugh derisively at them from afar.
1. Re:but... by Anonymous Coward · 2015-02-05 17:58 · Score: 0
  
  i feel sorry for the people whose ID's were stolen. but apple skipped out on paying over $9bil in taxes in 2012, so anything anyone can do to bend them over and stuff a banana in that tailpipe is ok with me. i dont own and never plan to own any apple product ever, so i laugh derisively at them from afar.
  You're such a tool, the bank issuing the credit got screwed in this scam.
2. Re:but... by Anonymous Coward · 2015-02-05 18:30 · Score: 0
  
  As I understand it, Apple has been prepaying their future taxes (the taxes that they will owe if/when they bring the money into the US).
3. Re: but... by Anonymous Coward · 2015-02-06 04:19 · Score: 0
  
  No but they have been taking an accounting reserve to pay the fraction of convertable bond redemption scheme they cooked up. Uncle sam hasn't seen a red cent of the repatriation taxes. They also have massive profit so this reserve is a blip on their balance sheet so it hasn't hurt their stock price.
What about the banks? by TechyImmigrant · 2015-02-05 17:38 · Score: 3, Insightful

>We see in case after case how all it takes is single insider at a company—in this instance, allegedly, a receptionist in a dentists' office—to set an identity theft ring in motion, which then tries to monetize the stolen information by purchasing Apple goods for resale or personal use
Those people can do that because of the horribly insecure payment methods the banks impose on everyone. If crime requires motive and opportunity, then it's the banks who are providing the opportunity.

--
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
1. Re:What about the banks? by ToasterMonkey · 2015-02-05 18:05 · Score: 1
  
  >We see in case after case how all it takes is single insider at a company—in this instance, allegedly, a receptionist in a dentists' office—to set an identity theft ring in motion, which then tries to monetize the stolen information by purchasing Apple goods for resale or personal use
  Those people can do that because of the horribly insecure payment methods the banks impose on everyone. If crime requires motive and opportunity, then it's the banks who are providing the opportunity.
  What about them? They got screwed.
  What did payment systems have to do with this, it was identity theft and credit fraud. That they bought gift cards and high value electronics are just SOP with any scam like this.
2. Re:What about the banks? by TechyImmigrant · 2015-02-05 18:14 · Score: 4, Insightful
  
  Being able to take someone's money by taking plaintext credentials like social security numbers and the numbers written on the front of a card is exactly the fault of the banks.
  
  --
  I should use this sig to advertise my book ISBN-13 : 978-1501515132.
3. Re:What about the banks? by michelcolman · 2015-02-05 22:16 · Score: 1
  
  Yes, it's almost scary to see a dentists' office clerk refered to as an "insider". From the headline I first thought it was an insider at Apple. But the clerk doesn't work for Apple or for any of the banks. He or she just happened to have access to some personal information. That makes an awful lot of "insiders" to be afraid of.
4. Re:What about the banks? by Anonymous Coward · 2015-02-06 00:14 · Score: 0
  
  It's not stealing information or theft of identity, as the people still have their information and identities.
5. Re:What about the banks? by Insightfill · 2015-02-06 01:44 · Score: 4, Insightful
  
  Being able to take someone's money by taking plaintext credentials like social security numbers and the numbers written on the front of a card is exactly the fault of the banks.
  Exactly - as long as we continue to call it "Identity Theft" and not "Credit/Financial Fraud", it will have the perception of being the victim's problem and fault. If you get your car window smashed and things stolen out of your car, it's often perceived as partially your fault for where you parked, what you had exposed, etc. In the case of so-called "identity theft", the actual crime can be taking place miles away, and you may have no realistic way of preventing it. The bank has a problem - not me.
6. Re:What about the banks? by stephanruby · 2015-02-06 06:09 · Score: 2
  
  What about them? They got screwed.
  No, they didn't get screwed.
  The contract is written in such a way that it is always the merchants that take the financial hit for fraudulent charges, not the banks (even if the merchants themselves did everything correctly on their end).
  Also calling the receptionist at a dentist's office "an insider" is misleading. That kind of language was specifically designed for the banks to avoid taking responsibility for the fraud. It was not the dentist's office that was being ripped off, it was Apple. By that novel definition "an insider", there are millions of Apple/Banking insiders in the US alone, from the waitress, the janitor, and the bus boy of every restaurant or little hole in the wall where they serve food, to the regular employee, janitor, intern, and temporary employee of every office building where credit card numbers are taken over the telephone.
  I know the use of the word "insider" was introduced by Slashdot itself (either the submitter or the editor), but the word "employee" used in the title of the original ITWorld article leaves a lot to the imagination too, probably for that same reason that if one was to clearly describe what happened, everyone would be assigning blame to the banks and their system, instead of excusing the breach on having an insider employee somewhere (which is very hard to protect against).
7. Re:What about the banks? by oldmac31310 · 2015-02-06 07:07 · Score: 1
  
  Correct. It is information sharing and identity sharing. Sharing is good, afterall, nowadays we live in a sharing economy! Be kind. Share.
  
  --
  http://www.acetonestudio.com
8. Re:What about the banks? by Anonymous Coward · 2015-02-06 09:48 · Score: 0
  
  Being able to take someone's money by taking plaintext credentials like social security numbers and the numbers written on the front of a card is exactly the fault of the banks.
  They took the BANK'S money. Barclay's.
  They applied for instant credit, with someone else's identity, and spent the bank's money.
  CLASSIC IDENTITY THEFT
9. Re:What about the banks? by Anonymous Coward · 2015-02-06 09:51 · Score: 0
  
  Being able to take someone's money by taking plaintext credentials like social security numbers and the numbers written on the front of a card is exactly the fault of the banks.
  Exactly - as long as we continue to call it "Identity Theft" and not "Credit/Financial Fraud", it will have the perception of being the victim's problem and fault. If you get your car window smashed and things stolen out of your car, it's often perceived as partially your fault for where you parked, what you had exposed, etc. In the case of so-called "identity theft", the actual crime can be taking place miles away, and you may have no realistic way of preventing it. The bank has a problem - not me.
  You can commit fraud by lying about yourself on a loan application.
  Identity theft is telling the truth on a loan application - about someone else.
10. Re:What about the banks? by Anonymous Coward · 2015-02-06 10:05 · Score: 0
  
  What about them? They got screwed.
  No, they didn't get screwed.
  Yes, Barclay's lost money given out in fraudulent instant loan applications
  
  The contract is written in such a way that it is always the merchants that take the financial hit for fraudulent charges, not the banks (even if the merchants themselves did everything correctly on their end).
  What fraudulent charge? Did you read the story at all?
  
  Also calling the receptionist at a dentist's office "an insider" is misleading.
  Tell me where the receptionist is labeled an insider. A former Apple employee who was familiar with their instant loans offered by Barclays bank was the insider
  
  That kind of language was specifically designed for the banks to avoid taking responsibility for the fraud. It was not the dentist's office that was being ripped off, it was Apple.
  
  Barclays got ripped off
  
  By that novel definition "an insider", there are millions of Apple/Banking insiders in the US alone, from the waitress, the janitor, and the bus boy of every restaurant or little hole in the wall where they serve food, to the regular employee, janitor, intern, and temporary employee of every office building where credit card numbers are taken over the telephone.
  Never heard of insider trading? It's not novel, that's what the definition IS. This guy knew how the credit apps went through, he probably once assisted customers in applying for them, maybe even got trained for it? He sure knew a lot more than most of you did, because post after post here keeps suggesting fraudulent debit charges...
  
  I know the use of the word "insider" was introduced by Slashdot itself (either the submitter or the editor), but the word "employee" used in the title of the original ITWorld article leaves a lot to the imagination too, probably for that same reason that if one was to clearly describe what happened, everyone would be assigning blame to the banks and their system, instead of excusing the breach on having an insider employee somewhere (which is very hard to protect against).
  Congrats, so you made it as far as the TITLE of the original article? /golfclap
11. Re:What about the banks? by Anonymous Coward · 2015-02-06 10:10 · Score: 0
  
  Yes, it's almost scary to see a dentists' office clerk refered to as an "insider". From the headline I first thought it was an insider at Apple. But the clerk doesn't work for Apple or for any of the banks. He or she just happened to have access to some personal information. That makes an awful lot of "insiders" to be afraid of.
  "The DA’s office alleges that Annie Vuong, a 27-year-old from the Bronx, stole the names, address, birth dates and social security numbers of patients at the Manhattan dental office where she worked. That data was passed to Devin Bazile, a 30-year-old former Apple sales associate from the Bronx, who used it to apply for Apple “instant credit,” the lawsuit alleges."
  So many people fail at reading today. He had knowledge of the instant loan application process.
12. Re:What about the banks? by stephanruby · 2015-02-06 13:53 · Score: 1
  
  My bad. I just read the article.
  Your post should be upvoted and mine should be downvoted into oblivion.
13. Re:What about the banks? by Anonymous Coward · 2015-02-06 15:48 · Score: 0
  
  My bad. I just read the article.
  Your post should be upvoted and mine should be downvoted into oblivion.
  Don't feel bad, the title of the linked articles is further than 99% of the other posters go.
  I work in the financial services industry and coffee was starting to wear off.
here's an idea by frovingslosh · 2015-02-05 17:50 · Score: -1

Here is my idea (Apple would call it an invention and patent it). All banks, instead of bothering with nonsense like my mother's maiden name, should ask a series of questions like "Are you an Apple fanboy?" They could protect themselves and me from a lot of grief and fraud by recognizing that there are a lot of customers who would be glad to share the fact that they will never buy an Apple product and don't want their card to be used for such purchases. I would gladly list other biases that I have that I never want my credit card involved in financial transactions for. Compiling that information from those who voluntarily contribute it could go a long way to stopping and catching this kind of fraud.

--
I'm an American. I love this country and the freedoms that we used to have.
1. Re:here's an idea by pen · 2015-02-05 18:04 · Score: 2
  
  Here's another idea:
  Apple products can be deactivated remotely, even laptops.
  Each device has a serial number that can be linked to the gift cards which can be linked to the stolen credit cards.
  Do a little bit or leg work, deactivate the illegally obtained devices. Even if you don't nab the thieves, you make this scheme way less profitable.
2. Re:here's an idea by cheater512 · 2015-02-05 18:08 · Score: 1
  
  Not if the items get sold before they are deactivated.
3. Re:here's an idea by Anonymous Coward · 2015-02-05 18:09 · Score: -1
  
  Apple only cares about happy customers, regardless how they purchased their Apple product.
  Image how much PR damage the angry tweets from customers who had their recently purchased Apple product being deactivated?
  And with a simple utility even my 8 year old retarded nephew can change those ID's....
4. Re:here's an idea by NoKaOi · 2015-02-05 18:37 · Score: 1, Funny
  
  But as a user, I want to know that my product is genuine. That's why I only buy Microsoft products, because just in case I forgot where I purchased my computer, I get reminded over and over that it's genuine!
5. Re:here's an idea by tlhIngan · 2015-02-05 18:55 · Score: 1
  
  Here is my idea (Apple would call it an invention and patent it). All banks, instead of bothering with nonsense like my mother's maiden name, should ask a series of questions like "Are you an Apple fanboy?" They could protect themselves and me from a lot of grief and fraud by recognizing that there are a lot of customers who would be glad to share the fact that they will never buy an Apple product and don't want their card to be used for such purchases. I would gladly list other biases that I have that I never want my credit card involved in financial transactions for. Compiling that information from those who voluntarily contribute it could go a long way to stopping and catching this kind of fraud.
  You can do that - call up your credit card provider and they can enter it into their fraud profile on you so if your card gets charged at that company, it triggers a fraud alert.
  The problem isn't that though. The trick is different. You see, in the US, Apple offers instant financing through BarclayCard - basically an instant sign up credit card. And that's what happened here - the receptionist at the dental office took the stolen credentials, and then gave it to their Apple store buddies who used it to apply for BarclayCard credit cards. They then used those cards to buy gift cards. Those gift cards were then used to buy Apple products which were the sold for cash (classic money laundering).
  So telling your bank wouldn't really have helped because they applied for new credit - this wasn't a case of the receptionist capturing the credit card information you used to pay for the dentist, but using the information in your file to apply for new credit (standard identify theft).
  No doubt because Apple's own employees were involved that Apple would be forced to eat some of that (and that it was Apple's own initiative to allow for instant financing). Of course, perhaps Apple should send the victims some free gifts as compensation for potential time lost having to deal with whoever manages BarclayCard and the unexpected bills.
6. Re: here's an idea by Anonymous Coward · 2015-02-05 19:52 · Score: 0
  
  And when they get deactivated, the unlucky users get to tell the police where they bought them from.
7. Re:here's an idea by houghi · 2015-02-05 20:10 · Score: 1
  
  Yeah, in no way will this be abused.
  FYI in Europe it is possible to block stolen phones. In 99% of the time this is not done due to the cost being higher then the worth of the phone itself.
  What should happen is that this service is free and the companies are obliged to pay for it up front. Because if you look at it per phone, the cost is high. If you look at it in total cost, it is peanuts.
  
  --
  Don't fight for your country, if your country does not fight for you.
8. Re:here's an idea by Anonymous Coward · 2015-02-05 21:05 · Score: 0
  
  Telling your bank, no, but placing a free 1-year freeze on your credit with the credit reporting agencies does work. Rinse and repeat each year, and turn it off before you apply for credit.
9. Re:here's an idea by stoploss · 2015-02-05 22:26 · Score: 1
  
  Telling your bank, no, but placing a free 1-year freeze on your credit with the credit reporting agencies does work. Rinse and repeat each year, and turn it off before you apply for credit.
  ...or just place a permanent freeze on your credit, like I did a decade ago. When you want to apply for credit you temporarily lift the freeze for a few days whereupon it reverts to frozen. It works much like making your Bluetooth device discoverable.
10. Re:here's an idea by tofarr · 2015-02-06 01:06 · Score: 1
  
  Not sure if troll or just stupid - giving more power to a large corporation over what is done with products after they have been sold. Stick with the banks - the problem lies there
11. Re:here's an idea by gnasher719 · 2015-02-06 02:54 · Score: 1
  
  No doubt because Apple's own employees were involved that Apple would be forced to eat some of that (and that it was Apple's own initiative to allow for instant financing).
  
  Liability will be interesting. So a financing deal was started in the name of Mr. X, but Mr. X didn't actually do anything so isn't liable for anything. Because of that financing deal, Apple handed over a computer or a phone to a crook, and Barclays paid money to Apple. The crook sold the computer or phone to Mr. Y who may or may not have been aware what was going on, and may or may not be found.
  
  First, there's the question whether these computers were stolen. In the UK, in a similar case, a judge decided that this was not theft, but a voidable contract (since the buyer entered a contract but had no intention to pay for the computer and forged documents to avoid paying, Apple could obviously void the contract and ask for the computer back). However, the contract had not been voided yet, so the buyer owned the computer legitimately. That's one judge in the UK; a judge in the USA might decide differently, and it is a borderline case, so the laws might be different.
  
  Now can Barclays get their money back from Apple? Difficult. Depends on the contracts, depends on the small print in US laws. Depends on to what degree Apple is liable for crimes committed by employees. Also depends on how much Apple values their relationship with Barclays. How much money Barclays is making if things like this $700,000 fraud are included.
12. Re: here's an idea by cheater512 · 2015-02-06 07:51 · Score: 1
  
  User: "I bought this iPad from a white van"
  Police: "So can you describe it?"
  User: "Well it was white...and it looked somewhat like a van"
Homo sapiens assholius by Black+Parrot · 2015-02-05 17:50 · Score: 2

Why are so many people such jerks?

--
Sheesh, evil *and* a jerk. -- Jade
1. Re:Homo sapiens assholius by Anonymous Coward · 2015-02-05 17:56 · Score: 0
  
  Why are so many people such jerks?
  $
2. Re:Homo sapiens assholius by Required+Snark · 2015-02-05 19:46 · Score: 1
  
  Ohh, you're reading Slashdot, and you are asking "so many" people are jerks? Really, you should pay more attention to what goes on here.
  Slashdot is jerk central. More jerks then you can shake a stick at. Being here means you have a 100% probability of seeing jerk behavior all the time. At this point you should expect people to be jerks. It's normal.
  All though this does not necessarily answer the question of why, it does show that this behavior is normal and should be expected. I hope this helps you out a bit.
  
  --
  Why is Snark Required?
3. Re:Homo sapiens assholius by Anonymous Coward · 2015-02-05 22:27 · Score: 0
  
  The thieves or the ones buying Apple products?
4. Re:Homo sapiens assholius by ruir · 2015-02-06 00:05 · Score: 1
  
  Lets found anonymous jerks... "I am jerk and I am here today because..."
Why Don't We See This With Dell? by Anonymous Coward · 2015-02-05 17:59 · Score: -1

Or Acer or Lenovo or Sony?
If Apple is such faggotry shit why don't we targeted attacks against those brands?
Why haven't I ever read a single article about someone being mugged for their Android phone?
Spare me "the pretties" BS -- it's because Windows and the Windows Clone called Linux is SHIT
looks like shit, acts like shit and YES I USE A MAC for development and only use *nix on the CLI because the Linux GUI is a shit fest.
But yes -- Linux has won, because it looks that by 2020, Windows and Linux will be largely interchangeable if Windows is even around at all.
Which would be a WIN for MS and let them focus on Office, Exchange and SQL Server -- their Enterprise work horses that actually pay
1. Re:Why Don't We See This With Dell? by cheater512 · 2015-02-05 18:10 · Score: 0
  
  Sorry, Linux isn't a GUI. Which GUI do you dislike specifically?
  Not sure how you say Linux is a clone of Windows when it is pretty well documented it is a clone of BSD, which Mac OS X is also a clone of.
2. Re:Why Don't We See This With Dell? by Anonymous Coward · 2015-02-06 00:12 · Score: 0
  
  Sorry, Linux isn't a GUI. Which GUI do you dislike specifically?
  Different AC here, but I'm going to go ahead and say all of them. From gaping holes of space to poor font kerning and everywhere in between. Even KDE, which I consider to be at the top of the shit heap, still looks like it was cobbled together by a guy working out of his parent's basement.
3. Re:Why Don't We See This With Dell? by Anonymous Coward · 2015-02-06 00:31 · Score: 0
  
  > let them focus on Office,
  *snort*
  > Exchange
  *bwaha*
  > and SQL Server
  *BWAHA - HA - HA*
  Dude, you made my day!
why steal information by ihtoit · 2015-02-05 18:00 · Score: 2

when you fucking idiots are GIVING IT AWAY on your fucking Facebook accounts??

--
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
1. Re:why steal information by AmiMoJo · 2015-02-06 02:11 · Score: 1
  
  What information to people post to Facebook that could result in this kind of fraud? I don't use Facebook so I'm curious to know. Do they post the details of their credit cards or something? Or is it just that the banks have ridiculously low authentication requirements?
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
2. Re:why steal information by ihtoit · 2015-02-06 05:48 · Score: 1
  
  Mothers maiden name: Facebook
  Date of birth: Facebook
  Pet's name: Facebook
  Name of last school you attended: Facebook
  Name of favourite teacher (you're probably still in touch with?): Facebook
  All I need is your IBAN, I can connect that to a name via your bank, and your Facebook account via your email (which most people who have both will have used the SAME EMAIL ADDRESS) and I own your fucking life.
  
  --
  Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
3. Re:why steal information by Anonymous Coward · 2015-02-06 07:05 · Score: 0
  
  I've never seen anyone post that information. You don't own anyone scrub. You also realize now that must info is private by default, right? You can't just publicly grab it.
  You're pathetic. Fucking script kiddies.
Apostrophe terrorism: by Zanadou · 2015-02-05 18:06 · Score: 1

...a receptionist in a dentists' office...
Wow, that office really gets around...
1. Re:Apostrophe terrorism: by Anonymous Coward · 2015-02-06 00:49 · Score: 0
  
  I don't see the problem. So what if the office is shared by more than one dentist - is that not common?
Master plan by lucm · 2015-02-05 18:14 · Score: 1

I'm pretty sure that if I had to create hundreds of lines of credit, buy hundreds of thousands of dollars worth of Apple products and then sell all this stuff one iPhone at a time on Craigslist I'd end up making less than minimum wage. What a fucking lousy scheme, it's almost as tedious as stealing from park meters or vending machines.

--
lucm, indeed.
1. Re:Master plan by gtall · 2015-02-05 23:36 · Score: 1
  
  You don't understand criminals' pyramid schemes, do you?
2. Re:Master plan by lucm · 2015-02-06 13:32 · Score: 1
  
  Why don't you explain the alleged pyramid scheme involved in this situation? Or does your expertise in this matter stops at making vague statements?
  
  --
  lucm, indeed.
What a waste by Anonymous Coward · 2015-02-05 18:33 · Score: 0, Flamebait

laptops? iphones? What a waste.
I want $700,000 worth of itunes!
1. Re:What a waste by ihtoit · 2015-02-05 19:26 · Score: 1
  
  so 4.6 songs, then?
  
  --
  Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
yuo failU 1t by Anonymous Coward · 2015-02-05 19:26 · Score: -1

Design approach. As the choosing Bunch of retarded resulted in the most people in.to a those obligations. of an admittedly = 1400 NetBSD
OH NO! by Anonymous Coward · 2015-02-05 21:08 · Score: 0

That's terrible. $700k in apple gift cards?! That's *almost* a full two minutes of income for Apple!
anthem breach by Anonymous Coward · 2015-02-06 01:19 · Score: 0

So, in the Anthem breach, what was disclosed: name, date of birth, SSN..
And what did the receptionist at the dentist office need to enable the thefts here:
" DAÃ(TM)s office alleges that Annie Vuong, a 27-year-old from the Bronx, stole the names, address, birth dates and social security numbers of patients"
Excellent.. buy more Apple stock, because there's a new 67 million unwitting customers for Apple products..
From Communist Sweatshop Productions: by Anonymous Coward · 2015-02-06 01:36 · Score: 0

The iCrime
New from Apple !
Apple knew this would be abused by laughingskeptic · 2015-02-06 04:05 · Score: 1

Apple made the business decision to have the instant credit provided by a 3rd party. There was a lot of money to be made in this channel and Apple is sitting on billions in cash so why did Apple not provide the credit directly? Because they knew this would be abused and they couldn't put a solid number on the potential downside. There are probably some interesting emails to be subpoenaed by an enterprising attorney on this subject. I would guess the Apple CFO would have been for offering the credit directly and the CMO against it.
1. Re:Apple knew this would be abused by tlhIngan · 2015-02-06 04:50 · Score: 2
  
  Apple made the business decision to have the instant credit provided by a 3rd party. There was a lot of money to be made in this channel and Apple is sitting on billions in cash so why did Apple not provide the credit directly? Because they knew this would be abused and they couldn't put a solid number on the potential downside. There are probably some interesting emails to be subpoenaed by an enterprising attorney on this subject. I would guess the Apple CFO would have been for offering the credit directly and the CMO against it.
  Probably because banking regulations get hairy, quickly. Offering credit isn't an easy thing (especially if you want to legally be able to collect the money owed) and there will be plenty of edge cases that Apple needs to handle. Plus, with legislation varying between states, that's a nasty furball.
  Sure, Apple could do it, but they have no experience in the area, no way of being able to tell good risk from bad risk, having to deal with pulling credit reports, late payments/bankruptcy/nonpayment, and even tricky ones like overpayment and refunds.