Banks and how to cheat them?

Nikolas · Mon 24/10/2005 13:15:11

Ok. Three little stories:

1. I got the bill from PowerGen (the electricity company). I never bothered to tell them my name, as I have just move and will move in a little while again, so the bill was for a New Customer. I take the bill and my debit card along to NatWest, where I have an account. I give both of these to the clerc who scans my card and gives it to me again. Then I get a small paper, sign the wrong name, or rather a kind of different signature and return the paper. And I'm done. I've paid 73 GBP. My concern. The clerk, didn't notice the differnt signature, didn't keep the card to check for the signature, had no name on the bill to check that indeed it was me. So I thought, all I have to do is steal a card and start paying bills like that. No one will notice. And not only bills. The same thing happens to every petrol station. Even in Tescos. And if you can't remember your PIN you can sign for it.

2. I wanted to subscribe to a magazine. So I called to an 0800 (free phone), gave them my accounts details (account number and sort code), and I debited my account. Just like that. So anyone with a bank statement can do that. Even if the bank statement is not his. And let me tell you that here in the building I live, the letter are left in the entrance, thus I can take any letter I want, and since the bank statements don't come exactly every month (on the 5th), no one is going to know it's missing.

3. I was to Virgin Megastore, in Tothenam Court Road, and wanted to buy a Bass. It costs 400 GBP. I give them my card and after a while I'm experiecning a weird problem that I have to verify the transaction. This is done apparently because I'm not spending that much money normaly so it seems kind of weird to the bank. Fair enough. Well after a while in the telephone the clerk ask me my password! I tell him that I want to speak myself to the telephone and tell them the password myself, since it is a password and I don't want to give it to anyone. He refuses! So in the end, I tell him the first and the third letter of the password, which is enough for the bank. And afterwards I went to Natwest and changed the pasword to another one.

All these have striken me as weird. I know that in Greece, you can't set up direct debit unless you go to the bank yourself. For every transaction you must have your identity card with you, so they can check if it is you.

I was wondering two things. First of all, Am I being irrational? Is this too much? The second. If not, how do these things work in other countries, Japan, Australia, USA, Germany, etc... And anyway, your thoughts, please?

Nikolas

auhsor · Mon 24/10/2005 13:23:32

I can see a flaw with the second point. If you steal someone elses information and have a magazine or whatever delivered to your address, the person beind debited is probably going to see that and it can be traced back to you.

TheYak · Mon 24/10/2005 13:24:25

They all sound remarkably similar to experiences I've had when dealing with financial institutions, aside from the utility bill. I'd have to sign up for Power & Gas before I ever received them so they'd, of course, have my name and address.

There is an horrible plague of arbitrary security running rampant. I've had to provide 2 forms of picture ID (which I don't normally even have), a thumb-print, and parents contact information in order to start a bank account before, yet I've approved transactions with little evidence that I was who I said I was. I seldom give ID for large transactions and they go through okay. I had a $620 US transaction once where all I did was give a credit card number/ expiration /name over the phone. The bank let that go through just fine, however the next day, I pumped $11 US in petrol only to have the transaction declined. My account was locked down and I had to contact the bank security personnel. I thought I might've reached a grand total of some sort, but they said it was because I had 4 different petrol fuel-ups in a week at different locations. (It wouldn't have anything to do with driving 84 miles a day would it?)

Nikolas · Mon 24/10/2005 13:31:19

To all three of them, there can be traces back to yourself. But I'm sure that if somebody tries to find a way to stealing money, it sounds rather easy to do... Especially the 1st point. I mean I could have any Natwest card. It wouldn't do any difference. And something I forgot to mention is that it was the first time that I was in that branch. They had never seen me before.

Actually I did file a complaint and the manager will look into it. But wtf, this is happening everywhere all the time...

Mr Jake · Mon 24/10/2005 14:02:49

Anyone with half a brain cancels their card when they lose it. Anyone with part of a brain at all can spot a Â£700 expense they didn't make.

SSH · Mon 24/10/2005 14:26:20

Presumably Powergen know your address, too, so that would be traceable too. One thing that bothers me with chip & pin is:

a) How do you know that its a genuine pin device they give you to type your number in and not a card duplicator?

b) When you sign for things now, no-one checks the signature anymore (e.g. They have Chip&PINs in Canada and France but its a different system so incompatible, so you have to sign)

c) Banks have secured themselves but not their customers. Really online banking should use Secure tokens with one-time one-minute passwords and cards should have photos on them

Nikolas · Mon 24/10/2005 14:41:30

Quote from: SSH on Mon 24/10/2005 14:26:20
Presumably Powergen know your address, too, so that would be traceable too.

I think you're right. I never thought of that. But still, I'm willing to bet that I can take money out with my wifes card (different name and surname), without her knowing. Really. I'm willing to bet on it.

And the fact remains, that it seems soooo easy to take, little money, like 10-50 GBP, or $ or whatever. No one will even bother to check if 10 quid are missing. I certainly don't. And the thing that bothers me most is that the goverment knows about it.

There are adds in the newpapers and in the tely saying, protect your personal information. Why would they spend money to make such a commercial? Because they know that it's easy to steal! And this btw (a little bit off topic), reminds me of the add about protecting your home from fire and to check every week the fire alarm. In th Uk, it is illegal to have a house without a fire alarm. Why is that? Because apparently houses here are easy to burn?

Once more, I have to say that all these mentioned above (in this post only), are not facts. But I have a feeling that it's true.

It seems that it's easier to try to protect someone about a problem, than cure the problem itself...

Which seems the case with the banks...

@SSH: They know my address but not my name. As I said I'm a New Customer. I don't think that the bank, after paying the bill, keeps refference of the address the bill was sent to. Again, I'm not sure.

Excuse the whole "I'm not sure" attidute. I just don't want to create any misunderstandings but surely I find some things weird...

Mr Jake · Mon 24/10/2005 14:49:32

Yes, but the balance sheet with read an expense to "Powergen Co." (or something to that effect) from the account, they check which customer this relates to, and have your address.

Houses everywhere are easy to burn.. You know, wood, material, paper, curtains etc? I don't want all my furniture to be made out of stone.

And its not really all that easy to take little money... How would you take it? If you stole their card chances are it would be cancelled, plus you'd need to know the pin to just withdraw the money anyway.

SSH · Mon 24/10/2005 14:58:20

The 1991 Smoke Detectors Act, requires that all new houses that have been built since 1992 must, by law, have a smoke detector installed. The minimum requirement being one smoke alarm on each level of the building.

Older houses are not covered by the legislation, however, your house insurance may require that you have smoke detectors and not pay out if you don't. Not to mention the possibility of being prosecuted for negligence in the event of a fire where someone is hurt.

Banks have sophisticated analysis programs that detect potentially fraudulent transactions, which is why they sometimes ask for extra checks from retailers. Retailers sometimes just ignore these requests, though...

Ashen · Mon 24/10/2005 15:00:29

QuoteI'm willing to bet that I can take money out with my wifes card (different name and surname), without her knowing. Really. I'm willing to bet on it.

I used to do that with my mum's card all the time. It really depends on the person, and how obsessive they are about tracking their finances - some people wouldn't notice if hundreds where taken out, others would be all over Â£5.

QuoteIf you stole their card chances are it would be cancelled, plus you'd need to know the pin to just withdraw the money anyway

But if you were quick enough you could go to a supermarket, claim you've forgotten your PIN (this would definately work in the UK at the moment, don't know about elsewhere, or the future), buy a few groceries and get cashback with it. Now assuming the clerk doesn't check the signature too closely (and they never do), you should be fine.

That said IF anyone actually bothered to check signatures, I personally would feel better signing for stuff, than just typing in my PIN - it just seems more secure.

SSH · Mon 24/10/2005 15:04:50

Chip and PIN reduced card fraud by 80% when introduced in France. The jury's still out here. I think the main reason it's better is social rather than technological: the security check is AUTOMATIC and therefore cannot be skipped by a till operator in a rush and also there is no feeling bad about suggesting someone is a criminal by saying "THat doesn't look the same": the blame is on the computer and so the till operator feels less like an accuser (and less like someone holding up the queue).

Kweepa · Mon 24/10/2005 15:09:30

Quote from: SSH on Mon 24/10/2005 14:26:20
Really online banking should use Secure tokens with one-time one-minute passwords and cards should have photos on them

When I was living in Belgium the on line banking account came with a little calculator thing that I used to generate a password - the web page gave me a number, I typed it into the calculator thing, and it told me what the password was.

Potch · Mon 24/10/2005 17:35:14

I live in the US, and this kind of theft runs RAMPANT here, although the penalties for doing it are fairly high. It is trackable though, and also, if you have your card stolen, most banks will recommpensate you for the money as long as you report it to the police. I experienced this first hand. My purse was stolen a few months ago. It was stolen at about 3 in the morning. I found out at about 9, and reported it to the police. From the time that it was stolen, until the time I reported it, the person spent 300 dollars of my money. The money that he spent was my rent money for that month. He used it at gas stations that did not require a pin number and at McDonalds, who did not require him to sign anything or show ID. Now, luckily, my bank was very understanding and reimbursed me for the money, and I was able to pay my rent.

The man was caught the next day. When I realized the card was stolen, after speaking with the police, I immediately called the bank and reported it stolen. When the man tried to use the card the next day, he was apprehended. He is currenly in jail, still awaiting sentencing and will most likely spend quite a bit of time in prison. He had stolen several other cards and used them as well.

I don't know about others, but I keep track of the purchases I make. I check my bank statement every few days online, and if there is something on there that I did not make, I report it right away. Maybe some people are rich enough that they don't have to do that, but not me! I knew exactly which puchases were the thief's and not mine.

I was lucky in my situation. Others are not so lucky. People all over the world lose thousands of dollars to criminals like this everyday. It's a very sad thing. Many people don't know what to do when they are robbed, and they wait too long to report things.

I personally think that there should be more requirements when using a charge card or a checkbook. You should ALWAYS have to show ID for one thing. Some cities in the US have that law, but many don't... including mine. When purchasing over the phone or online, there should be a series of questions that need to be answered before being able to make the purchased.

IM NOT TEH SPAM · Mon 24/10/2005 17:47:56

The problem about some people is that they get a bit too paranoid on occasions. I live in the US too, on long island, but every weekend I work with my parents going to parts of New York, New Jersey, and Connecticut. We sell handmade jewlery at craft shows, and alot of the time people charge us with credit cards. Now, they purchase a two-stone earing in Montauk. My family lives in New Hyde Park, so the money goes to us in NHP. However, the person sees they're charge for a pair of earings in NHP, thinks "Oh no, bad stuff!" and reports it. Most of the time we have to call them up and tell them we live in New Hyde Park, and that's why the charge goes there (not because of credit card theft or anything) so they cancel their report. It doesn't happen too much anymore, since now we make it a point to tell them we live on long island in NHP, not wherever we are at the craft show.
Now, of course, this would all be avoided if they just read the business card, "We work out of our home in New Hyde Park, New York", but there are so many commercials on TV about credit card theft that when they see something like this the first thing that comes to their mind is that.

I'm not sure how relevant that is, but it seemed like it at the moment.

mätzyboy · Mon 24/10/2005 18:00:12

Regarding the first issue you were talking about... http://www.zug.com/pranks/credit/

Eggie · Mon 24/10/2005 18:17:00

There's a fairly small online DVD merchant; http://www.loaded247.com/ who had a two Â£7.99 DVD's for Â£14.
I bought two of these DVD's and the site changed both their prices to Â£7. They sent off the first one but not the second, I'ver ordered stuff from these guys before, they do this. Somwetimes it takes a few weeks, sometimes a few months, I wasn't worried.
Here's the thing, after they'd shipped the first DVD and charged my account for Â£7, I didn't have any money left. I was cleared out (I wonder why my parents keep telling me I need a job)
They tried to send the second DVD but my card number was denied, so the order was cancelled.
Meaning that I've unwillingly cheated this company out of 99p. I guess I should feel guilty, but knowing that I don't deserve it just makes watching that copy of Osmosis Jones that much sweeter.

Pumaman · Mon 24/10/2005 19:39:06

Credit card fraud is very easy indeed to perpetrate -- as you say, you only need someone's card number to spend money from their account.

Things will get better in future -- from March 2006 you won't be able to sign with your credit card any more, the PIN will be compulsory (in the UK at least). And online merchants are gradually introducing systems like Verified By Visa to reduce online card fraud.

But there are still plenty of places like porn sites and pay-at-pump petrol stations where all you need is the card number, no questions asked. However in these situations the retailer is liable when the card is used fraudulently so eventually you'd hope they will all start requiring more ID.

But if you really want to cheat the banks out of money, this might have been worth a shot:
http://www.theregister.co.uk/2005/10/21/phantoms_and_rogues/

SSH · Tue 25/10/2005 08:05:37

Quote from: Pumaman on Mon 24/10/2005 19:39:06
But there are still plenty of places like porn sites and pay-at-pump petrol stations where all you need is the card number, no questions asked.

Hah! So you admit it, you dirty old man! You could only know this if you yourself indulge in the filthy habit of:

Spoiler

filling a car with petrol

[close]

shbaz · Tue 25/10/2005 09:55:08

There are cameras at every filling station I've ever been to with an automated credit card system not requiring pins. To get away with this relatively small amount of extortion you'd need to use fake plates and a disguise every time, and you'd risk felony charges.

I wouldn't say the risk is worth it, nor would most people, so it's a relatively benign security flaw. Besides, when a card is lost you'd be an idiot not to cancel it ASAP. You're only liable for $50 of unauthorized transactions, no matter how high, in the US. and according to that article, in Britain too.

Nikolas · Tue 25/10/2005 10:08:33

You know, anyone would be really stupid not to cancel their debit/credit card, ASAP.

Of course, there is a way to catch you if you do something like that. My point is though that the banks don't seem to give a shit about all of this. And I would've expected this from som petrol statio clerk, but not from a bank clerk. And of course if I was to do something like that I would chose to do my "job" from an ATM machine, and all I had to do is figure out the PIN number. Plain and simple, I wouldn't risk my ass in going to a bank myself.

The fact still remains that the way they treat people and their finances in the banks is plain wrong.

And everything is being done over the telephone. And of course if I subscribe to a magazine they will eventually get to me, but what the heck. I can do it, but won't because they'll find a way to get to me? Does this sound right? The only reason I'm not doing it is because they will find out who I am? Other wise nothing else prevents me? This sounds bizzare the least...