21 Million German Bank Accounts For Sale

anerva writes "Black market criminals are offering to sell details on 21 million German bank accounts for €12M ($15.3M), according to an investigative report (German; Google translation) published Saturday. In November reporters for WirtschaftsWoche (Economic Week) had a face-to-face meeting with criminals in a Hamburg hotel, according to the magazine. Posing as buyers working for a gambling business, the journalists were able to strike a price of €0.55 per record, or €12M for all the data. They were given a CD containing the 1.2 million accounts when they asked for assurances that the information they would be buying was legitimate." 21 million is three in four existing German bank accounts.

How to pay...

[LingNoi]

Couldn't you just buy one to begin with and then use that German bank account to buy the rest?

Re:

[OrangeTide]

Steal 10 euros from the 1.2million they showed.

Re:

[Joebert]

I think it would be much more interesting to setup a program that generates a snowball effect that starts with a dollar in the first account and makes transfers slowly until it's spread through each account in the list, and seeing how far it would get before anyone noticed.

Re:How to pay...

[Ihmhi]

And then we can beat the crap out of the office printer and dance to rap music!

Hmmm...

[RobertM1968]

You'd think they'd have gotten the police involved instead of trying to scoop a story...

Nah, guess not.

Re:Hmmm...

[LingNoi]

The police are too busy raiding game developer buildings with shotguns and listening in on Skype calls.

Re:

[Ihmhi]

Okay, I know about the Skype thing, but what's this about them raiding a game developer's building?

Steve Jackson Games raid?

[SethJohnson]

Perhaps the GP is referring to the Steve Jackson Games raid [wikipedia.org] that took place here in Austin, TX back in the eighties.

Seth

Re:Hmmm...

[Anonymous Coward]

No, they're referring to this raid on Crytek with the riot police:

http://www.quartertothree.com/game-talk/showthread.php?t=31767

Re:

[Anonymous Coward]

That's not their job or function in society.

Re:

[The MAZZTer]

That's funny, I always thought it was a citizen's (of the USA at least) duty to report crimes to the police if you witness them.

Re:

[thegnu]

Yeah, journalists are sort of exempt, and it allows them to provide the free flow of information without getting a cap in their ass for trying to talk to gangsters.
yeah.

Re:

[afabbro]

That's funny, I always thought it was a citizen's (of the USA at least) duty to report crimes to the police if you witness them.

That would be funny. Fortunately, it's not true, at least in a legal sense. You are under no obligation to report a crime you witness.

Re:Hmmm...

[swillden]

Uhm... no? No such thing as Good Samaritan laws here.

Good Samaritan laws have nothing to do with reporting crime, they're laws that shield those who try to help injured people from civil liability for anything that goes wrong. They're a response to the problem of people refusing to help because they're afraid they'll get sued.

Re:Hmmm...

[jdrugo]

You'd think they'd have gotten the police involved instead of trying to scoop a story...

From the article:

Wie so viele Kontonummern illegal in Umlauf gelangen konnten, muss in den nächsten Wochen die Staatsanwaltschaft Düsseldorf klären. Die WirtschaftsWoche übergab den Ermittlern am vergangenen Donnerstag die CD mit den 1,2 Millionen Datensätzen und Kontonummern.

which roughly means:

How that many account number reached circulation illegally is to be clarified over the next weeks by the prosecuting authorities of Düsseldorf. Reporters of the WirtschaftsWoche handed the CD with the 1.2 million data sets and account numbers to the investigators last Thursday.

So, they firstly contacted the responsible branch of jurisdiction and after that published the article.

Re:

[Anonymous Coward]

...um, they did? I didn't RTFA since I'm German anyway and have heard more about this case than I care to know already, but they DID go to the police. Getting a good scoop for your magazine or paper and going to the police aren't mutually exclusive, you know.

On your marks (no pun intended)

[pin0chet]

In theory, if the banking system were known to be compromised in such a huge way, and there were no way of knowing if your own bank account was compromised or not, shouldn't there be a massive bank run? Because everyone wants to withdraw their money right away to minimize the chance that this ridiculous security leak negatively affects them, right? Such a massive erosion of confidence can completely destroy a banking system.

Re:On your marks (no pun intended)

[OrangeTide]

bank account and routing numbers never was considered secure. the only thing protecting your bank account (weakly) from fraud is a paper trail.

Re:

[henni16]

In practice, it will be the banks' problem.
Instead of running to your bank to get your money, you monitor your bank account and dispute/charge back possible fraudulent transactions.

Re:On your marks (no pun intended)

[John Hasler]

> In theory, if the banking system were known to be compromised in such a huge way, and
> there were no way of knowing if your own bank account was compromised or not, shouldn't
> there be a massive bank run?

This is Germany. There will be no bank run until it is properly planned, organized, and regulated.

Re:

[Anonymous Coward]

None of that is truly secret information in the first place. Every business prints its address, bank account number and bank routing number on each of its invoices. When you buy something on eBay, the seller will usually give you his name, address and bank account number and bank routing number: It's the information you need to send him the money.

There is a way of transferring money which is called "Lastschrift" or "Bankeinzug". Basically the recipient tells his bank that the sender has agreed to let the re

Re:

[hweimer]

In theory, if the banking system were known to be compromised in such a huge way, and there were no way of knowing if your own bank account was compromised or not, shouldn't there be a massive bank run?

In practice, this isn't much of a problem. Actually, there are two ways to earn money with this. You can commit old-school pen and paper wire transfer fraud, i.e., you fill out forms directing the bank to transfer funds from one account to another. However, there are two problems with that. First, you need to have a valid signature on the form and banks are required to check that (whether they actually do it is the banks' problem). Second, this scales not too well and if you dump 21M forms the bank will sur

Gotta love the germans

[sleeponthemic]

Even their criminality is impressively efficient :-)

May I introduce you to rule 36?

[zappepcs]

Rule 36 [encycloped...matica.com] states:

There will always be even more fucked up shit than what you just saw

Now, I've been saying this all along, but nay sayers think the sky will never fall, and that the government is not out to get them. I've got bad news for you: It will, and they are, and if those two problems are not enough there will always be people willing to steal your stuff. period. no exceptions.

The fact that they have not stolen yours yet is merely an oversight on "their" part. It will happen at some point. Security is myth. Do not trust those that want to protect you. The government wi

Re:May I introduce you to rule 36?

[Jeff DeMaagd]

OK, so you're saying that government isn't going to protect us, so the answer is to demand that financial institutions be held accountable to laws passed by a government that you said won't protect us?

Re:May I introduce you to rule 36?

[Cl1mh4224rd]

The government will never shield you, only pretend to do so. This is a harbinger of dangers to come, and reason to demand with some vigor that your financial institution be held accountable by law for the protection of your information.

Bolding mine, to highlight a serious disconnect in the parent's preaching.

You're suggesting that people demand that banks be held accountable to laws enforced by the very government you said won't protect them?

Re:

[The_Wilschon]

Rule W15 states:

There will always be a number less than 1, but greater than the number less than 1 you just saw.

Rule 36 doesn't imply that fuckedupness is unbounded above. Go make another tinfoil suit; they're about to get through this one!

Tomorrow's News

[Bentov]

This morning the entire banking system in Germany collapsed due to 3 in 4 Germans transferring money out of the country to banks in neighboring countries....

Re:

[John Hasler]

...Such as Iceland?

ohshiza?

[Stormie]

I think the taggers in this story need to learn how to spell "Scheiße"

Re:

[Killjoy_NL]

Nah, the ÃY isn't used that much in germany any more either ;)

1.2 million out of 21 million

[txoof]

It is possible that not all of the 21 million work, or are valid. If I were in the criminal's position, I would offer a CD where about 70% were valid. And then when the payment was made, provide a data set that had only a few working accounts and a bunch of garbage.

In any case, it's pretty scary to think that there might that much personal data out there.

Re:

[Hoi Polloi]

Or, release "honey pot" numbers to the criminals. Mix them in with the real ones (they already know that info so you aren't comprimising anything). Anyone who accesses those dummy accounts must be a criminal and can be targeted for investigation.

Ach, oh kein erstes kamen sie fur meine Bankkonten

[Orion Blastar]

dann kamen sie fur meine Kreditkartennummer- und Provider-Kennworter.

Ich zahlte 10 Euro und aller, den ich erhielt, war Orion Blastar' Konto-LOGON und -kennwort s-Slashdot.

Just kidding, Babelfish doesn't translate it quite right.

Who wants to bet...

[emptycorp]

...they analyzed the bank accounts and the combined total in them is less than $1 million?

Re:

[Jesus_666]

You mean there's less than 500 Euros in those 21 million accounts?

How to use???

[It doesn't come easy]

21 million is a lot of accounts. No one person or group has time to abuse all 21 million accounts in a timely fashion. More likely, one would need to rely on the lackadaisical attitude most people have when it comes to security coupled with a low volume approach to the number of transactions to an external account in order to profit from purchasing all 21 million accounts.

The purchaser would also have to consider just how many accounts would be accessible and for how long. It might not be practical to expect to make significantly more than 12 million euros even with 21 million accounts, since most accounts would probably have low balances or have their passwords, etc., changed rather quickly if the account had a high balance.

So to use this many accounts, one would need to set up a number of new accounts in other banks (a few at a time and more than one so that the number of transactions to a given account would not be too high), then siphon a little bit of money off a few stolen accounts to some of the new accounts, withdraw the money, then close the new accounts almost immediately. The amount withdrawn would need to be random and small enough to escape detection for at least a few days. Anything faster would surely raise suspicion and cause automatic transaction blocking (at least, if the banks have some kind of working fraud prevention), especially since the announcement of the stolen data up for sale. I can also imagine adding a fraud check for a slurry of never-seen-before transactions to new accounts. Wire transfers would be quickest, yet they would also stand out more (since a bunch of new wire transfers from accounts which had never made a wire transfer before would be unusual -- the likely case for most accounts).

The 12 million price tag seems like a number arrived at by the thieves after taking into account the difficulties to be faced in exploiting the 21 million accounts while they are still exploitable. It seems likely that any purchaser would in turn sell them again in smaller blocks (a lot safer that way, relatively speaking).

Wonder if we'll ever find out what eventually happens?

mmm... that means that ...

[Jerry]

the Linux desktop market share in Germany is only 25%.

I did it last week

[ZiggyM]

I live in Lima Peru. Last week a teller at my bank made me wait 10 minutes while she waited for the safe to open to give me some cash. In the meantime I went to a computer terminal without a keyboard, and access to only a webpage with the bank rates (windows, no start menu, no access to desktop etc). The machine was supposedly locked so that you couldnt navigate away or do anything except scroll the page and click a few links. Well, they forgot do disable right-click. 7 steps later I was able to access their internal network, and had access to a lot of internal information on individual machines. I went to the branch manager and showed him. He was surprised and embarassed, and took note of the steps I took. It was amazing how easy was to do it. The 7 steps were clever, but not impossible.

Re:

[Anpheus]

It's probably a lot easier with Internet Explorer, because typing C:\ takes you... guess where?

And if they have some trivial block on using that path mapping, you can always just do \\127.0.0.1\C$

Re:

[DirePickle]

It does the same thing in Firefox.

Re:

[karmatic]

If you lived in the US, you would be sitting in a jail cell right now facing felony charges FYI. Never help anyone with their computer in the US. It's not worth it.

Eh, that's not always true.

I was stuck in a Wells Fargo branch for a bit 3-4 years ago, and their kiosks would only go to wellsfargo.com. Being the enterprising person that I am, I immediately typed the HTML for a hyperlink into the search box, it worked just fine.

When I got home, I whipped up a quick Proof of Concept that abused JavaScript to d

Hmm...

[sootman]

21 million is three in four existing German bank accounts.

I have for sale EVERY VISA NUMBER EVER ISSUED! From 4000 0000 0000 0000 to 4999 9999 9999 9999! (Note: some numbers may not be valid.)

I will sell them for US $1,000,000 MILLIONS US DOLLARS. Contact me via this website.

Act now and I'll throw in every Master Card ever issued. (5000 0000 0000 0000 to 5999 9999 9999 9999) (Same disclaimer as above.) And no identity thief would be complete without a REAL SOCIAL SECURITY NUMBER to go with it, eh? Guess what? That's right--I'VE GOT THEM ALL TOO! (001-01-0001 to 999-99-9999)

It's not just numbers, ya know!

[cpghost]

I have for sale EVERY VISA NUMBER EVER ISSUED! From 4000 0000 0000 0000 to 4999 9999 9999 9999! (Note: some numbers may not be valid.)

Well, do you also have the personal data belonging to those VISA numbers? Like, say, owner, expiration date, etc? Because that's what this 21M bank account list is all about: it contains not just account numbers, but also all associated identifying data (names, addresses, dates of birth, in some cases even a balance).

Armed with that, criminals can easily charge those accoun

Re:

[the_other_chewey]

Armed with that, criminals can easily charge those accounts and EVERYONE in Germany MUST now check their accounts at least every 6 weeks and issue reverse-charges if they discovered fraudulent activity.

No. Charges without an "Einzugsermächtigung" (a permission by the account holder to the charging entity to do such charges)
can be reversed indefinitely. Some banks like to hide this fact from their customers, but every single case that went
to court was won by the customer, and most of the time it is enough to insist on that fact.

Re:

[Thaelon]

Biometrics are foolish.

Today, if someone gets your credit card information, they can make charges in your name. To resolve this, you inform your credit card company that someone is fraudulently using you card. Typically they'll just nix the charges and issue you a new card with a new number.

Throw in biometrics:
Someone gets your biometric information [www.ccc.de], they can make charges in your name. To resolve this, you inform your biometric-enhanced credit card company company that someone is fraudulently using you b

Reporters?

[PPH]

In November reporters ... had a face-to-face meeting with criminals

So, where were the cops? How do you say "Denny's" in German?

Seriously, most of our local police force is working undercover at the local titty club, buying lap dances.

The source is government

[erroneus]

I would find it to be completely unsurprising to find that the source of this information is someone within the German government, an employee, had collected and made available to criminals this information. It would seem an information pool this large could only come from such a source. Other data compromises, in my view, would seem individually unlikely to product a rate as high as 75% of all.

If I am right in this guess, it would show a strong reason why any government should not be collecting this kind

Re:So what

[Anonymous Coward]

Yah, ho hum. I mean, I bought my first 21 million German bank accounts YEARS AGO. Nothing to see here folks.

Re:

[Fluffeh]

If you talk to the Russians, I reckon they would say they "eat 21 million German bank accounts for breakfast". I guess it's only news because it's a western European country.

It's not like getting valid numbers is hard these days though. I mean just google for tons of pages describing it [google.com.au] and you can effectively have all the valid numbers you want.

Re:So what

[joocemann]

lmao.

buying bank accounts in bulk is soo..... 2007...

Re:So what

[henni16]

Who wants a mass list anyway, you can't target spam at people just because they're German and they have a bank account, and stealing that many identities begs the question, "why?"

Yeah, who could have use for the equivalent of 21 million valid direct debit cards.

Re:

[RedWizzard]

Who wants a mass list anyway, you can't target spam at people just because they're German and they have a bank account, and stealing that many identities begs the question, "why?"

Yeah, who could have use for the equivalent of 21 million valid direct debit cards.

How do you propose to obtain the 21 million valid direct debit cards? Ring up the banks and get them to change the address of every account to your address?

Re:

[RedWizzard]

Sorry, I missed the "equivalent of". But an account number is not the equivalent of a direct debit card. It's not that easy to withdraw money from an account when all you have is the account number.

Exactly

[tomhudson]

But an account number is not the equivalent of a direct debit card. It's not that easy to withdraw money from an account when all you have is the account number.

Every time you write a check, you're giving the recipient your bank address, bank account number ... AND a specimen of your signature. OMG! Quick - millions of people compromised their bank accounts today!

Re:

[trjonescp]

In 2008, checks are the sort of thing that would be used regularly only in an ass-backward country like the United States.

Re:

[Sir_Lewk]

Trust me, nobody even uses them here.

Re:

[Bugsville]

just the old lady in front of me at the grocery store.

Re:

[b0bby]

Checks are such a pain that our bank gave us a check scanner (optical recognition for the amounts, magnetic for account / routing numbers) so we do the processing ourselves. We scan them in through a web connection, then file them away for a month or so before shredding. The bank never touches them, and we never have to go into the branch anymore.

Re:Exactly

[Lumpy]

Checks have to be hand processed. Mailed in checks haveto have a Person paid to open it and key it in and then hand carried to a bank.

Yet when I pay electronically on the internet where NO costs in labor are had, I am CHARGED a convience fee for doing so.

Only because of Fradulent tactics by businesses and banks are paper checks still in heavy use. If these companies were not blatently trying to rip me off, I'd pay via online all the time. Instead I send them a paper check that costs them more money to process.

Paying my Gas bill is more expensive online with a bank card payment than me sending them a check or even the bill WITH my bankcard info on it for them to process. I refuse to pay $10.00US convience fee to make their life easier and cheaper.

Re:

[dave562]

I used to think that too until I was educated on the subject. Most of the checks are all processed mechanically these days. They have machines that cut the envelopes open and sort the checks and statements. The checks are then scanned and processed electronically. My reason for sending checks in is that I wanted to keep as many people employed as possible. Now granted, opening envelopes and keying in numbers may not be the best job in the world. However at least it was a job. It kind of burst my bubb

Re:Exactly

[Jesus_666]

I know nobody who uses checks anymore. That's what wire transfers are for. In theory you can order checks from your bank but, well... I haven't seen a real checkbook in at least a decade.

Re:Exactly

[enrevanche]

A wire transfer typically costs $25 outgoing and $12 incoming and you need to know the receiver's bank account # & routing number. I seriously doubt that it is used that much by most people.

You probably mean direct deposit/automated withdrawal. Sometimes, these can be a real pain to cancel once authorized. For a "reputable" vendor, I suppose it is OK, but using a VISA/MC debit card is a lot easier to fix.

Re:Exactly

[Corporate Troll]

No, he means exactly that. Wire transfers cost nothing in Europe (at least not in my country) and international wire transfers only require you to use an IBAN account number (which are already standard in some countries) and the SWIFT/BIC code. All this information is typically provided on every bill you get.

National transfers, you only need the account number that you with to wire money to. In most countries, the "bank code" is part of the account number. It most certainly is encoded in the IBAN. (Can you tell, that I implemented the IBAN code for a major bank?) IBAN is a wonderful system: a bit reading material [wikipedia.org]

Re:Exactly

[dropadrop]

Wire transfer does not cost anything in Europe. I have a close friend from the US living here, and can't stop wondering at how the way your banks work are so 1980...

Re:Exactly

[Chatterton]

It take 1 or 3 days because they make interests on your money during this time.

Re:

[Corporate Troll]

Like, from Switzerland to Germany.

Ah! The example that confirms the rule ;-) Intra-EU, it's free... The other poster is right about the reason why it takes three days, by the way....

Re:Exactly

[Cytotoxic]

Three day transfers are not called wires in the US. They are called ACH transfers. They are free - treated the same as checks, using the same clearing house that checks route through. Wires are instantaneous bank-to-bank transfers - you send the money at 9:47 am and it arrives at 9:47 am, usually costing a ridiculous amount of money, $5-$75 depending on your banking relationships.

Re:Exactly

[ArsenneLupin]

A wire transfer typically costs $25 outgoing and $12 incoming

Even Fortis isn't that expensive... Try more something more like â3. And you have the appropriate plan ("Global Club"), you get a number of free wire transfers per quarter.

and you need to know the receiver's bank account # & routing number.

Which surprise most people do. Bank routing numbers (BIC) are published by the banks themselves, and account numbers of people wanting to receive such transfers (shops, charities, admistrations ...) are public too. And if it's family or friends, they can give you their account number easily. Oh, and usually the account number is only enough if you want to put money on an account. If you want to remove money from an account, you'll need something more, such as a password, a signature plus id, etc.

I seriously doubt that it is used that much by most people.

Well, here in Europe, it is used very commonly, for all kinds of things.

Re:Exactly

[svunt]

I manage a team of payment processing staff who do work for superannuation companies, local councils, payroll companies, etc, and we process around 17,000 cheques every evening, which is roughly three metric fucktons. We're one of nine offices in the country, one of many such companies, and I'm in Australia, which has a population of about eighty people, I think. There are lots of cheques, they're just not part of most slashdotters' lives.

Re:Exactly

[RMH101]

Conjecture: you have information on 21M bank accounts. Presumably this includes account number, sort code and possibly other more sensitive information such as date of birth.
You then arrange the stealing/pickpocketing of cards. More likely, you request freshly stolen cards from a specialist. Some of those cards are going to marry up with the information you already hold, and may be enough to leverage funds.
Don't believe criminals are this organised? An example from personal experience. Turns out a machine at my other half's work was compromomised with a keystroke/screenshot recorder infection. First we haerd of it was when all our accounts were cleared out - someone had been organised enough to patiently continue recording "please enter X and Y character of your password" long enough to piece together the full password. They'd then used this on a saturday before a bank holiday to transfer all of our funds into another account at the same bank - this clears instantly and has less restrictions. They had then coordinated with someone in the UK who could provide them with a stolen debit card issued by the same bank, transferred our money into that account, and got a stooge to go into the bank just before it shut on saturday and take all that money out in cash - within hours of initial transfer.

End result? We were cleaned out, some innocent who had their card nicked had their bank account abused, and the criminals got our money in cash, untraceably. 6-8 weeks later, we were refunded but it was a long and unpleasant experience that taught me several things:
1) Don't assume your bank has a coherent identity theft/fraud department. Expect to get bounced around outsourced call centers that don't communicate with each other or the police. Don't expect them to be interested in IP logs or anything else you think might help them catch the hackers, either
2) "Organised crime" isn't just a phrase. They're quite advanced now, even outsourcing the donkeywork on the ground to other organisations
3) Two-factor authentication is a Good Thing with online banking
4) Don't do online banking on someone elses' computer

Re:So what

[henni16]

You have to keep in mind the differences between countries.
In Germany, the most popular way to order stuff online is to give your bank account number to the merchant who will then charge your account.
It works just like a credit card number and stores rarely check if the number (account) really belongs to the person that's making the order.

The only time I have encountered such a check was with Paypal:
they do two small test transactions (just Cents) and you have to ..I actually don't remember right now..either enter the correct amounts into a form on Paypal's site or to send the cents back to prove that you really have access to that account.

Re:

[RedWizzard]

You have to keep in mind the differences between countries. In Germany, the most popular way to order stuff online is to give your bank account number to the merchant who will then charge your account. It works just like a credit card number and stores rarely check if the number (account) really belongs to the person that's making the order.

So what protection do you have if a merchant charges incorrectly? If bank account numbers can be used like credit card numbers then bank accounts should have the same sort of fraud protection as credit cards.

Re:

[trampel]

You can reverse the charge within a 6-8 week timeframe with no questions asked, which then puts the burden on the merchant to prove that the charge was legit.

6 weeks reversal

[krischik]

As trampel pointed out: you have a 6 weeks reveal time frame. What trampel missed is: A real fraudster will have moved the money onwards by then. Which puts the loss to the bank.

Of course: As with riding without a ticket in the end we the honest customers will pay through higher bank/ticket changes.

Re:

[xaxa]

If they can't, because it's some other bank or because the business would be able to fight it, they ponder what's more hassle: Duking it out with you or with them.

Now guess who's less likely to be able to mount a lengthy legal battle, you or the other bank.

I'm British, but Germany is similar.

We have consumer protection laws that prevent that kind of thing. And also a legal system that isn't quite so in favour of big businesses.

Re:

[spoco2]

Seriously? That's a bit backwards.

In Australia you give someone your BSB (bank identifier) and your account number, and all they can do with that is put money INTO your account.

Therefor the worst someone can do with a whole host of these is to go on a mass donation binge.

Re:So what

[EvilIdler]

Wow, that's so behind. In Norway, there's no way to charge an account without full ID. This means either approving a direct debit by showing up at the bank with your picture ID, or logging on through the (relatively) secure website.

Just allowing anyone to put a charge on a bank account number like that opens up for all sorts of abuse. Tiny transactions can go unnoticed for a long time.

Of course, debit cards in stores aren't really any safer. Nobody has ever checked the signature on one while I've used them. A signature is required when the system for some reason can't contact the bank and verify the PIN. I've used other people's cards just fine (with permission, of course, but the banks might find me signing my name a bit funky ;).

Anything but cash is broken, obviously :(

Re:So what

[scubamage]

Plus, in Norway there were Vikings. And Vikings rank only slightly behind Pirates and Ninjas on the Cool-O-Meter (tm, patent pending).

Re:

[the_other_chewey]

Wow, that's so behind. In Norway, there's no way to charge an account without full ID.

Yes there is. I've been quite scared to learn that it is possible to charge my account using my Maestro card
without its PIN code in Norway. I've been asked "Do you have a PIN code for that card?" regularly when
paying with it all over Norway - apparently, it is quite common for norwegians to have cards without them. In
such a case, the store clerk is supposed to check the ID. Guess how good or how reliably this works, especially
with foreign IDs...

Re:

[TCM]

In Germany, the most popular way to order stuff online is to give your bank account number to the merchant who will then charge your account.

You must be pulling that out of your ass.

The vast majority of online stores want to be paid in advance or with pay-on-delivery. Stores charging your bank account are really the minority.

Re:

[ben0207]

I live in Germany. It really is like that here. Some shops (Beate Uhse is one I can name off the top of my head) even give you 14 days to transfer the money.

I just bought a new MacBook from Apple.de using Bank Transfer. Took a day or two longer, but I'm typing it on it now :)

Re:

[Anonymous Coward]

No, it's very common in Germany since credit cards are actually pretty uncommon (people can pay with debit cards in stores and you can get cash in forgein countires with German debit cards at Maestro-enabled ATMs).
And debit cards don't have a particular key-card number so these don't work for such transactions.

Furthermore, the payment from the account is actually pretty risk-free. You have several weeks to issue a "charge-back" with no conditions or costs attachted. The transaction fees for these charge-bac

Re:

[ModernGeek]

PayPal normally makes two deposits into your account for a few cents, and you then report to paypal how many cents were deposited so that you can verify you are the account holder. I think slashdot found a solution to the age old four step profit formula:

Step 1: Open a PayPal Account
Step 2: Verify Account Information
Step 3: Repeat Step 2 Many Times
Step 4: Profit!

Re:

[Jesus_666]

Actually, not all merchants offer this and I'd only give an Einzugsermächtigung (direct debit authorization) to a company I trust to not abuse it, like one of the big tradidtional mail-order companies. I know I can issue chargebacks but still.

The default mode of operations for smaller mail-order/online-order companies is advance payment through wire transfer (or sometimes PayPal) or payment-on-delivery. Advance payment is what I usually use; it doesn't grant random companies access to my account and

Re:So what

[MPolo]

Yep. That is essentially the system. It is your responsibility to check each month that the charges that were made were in fact authorized. As I understand, they are very good about chargebacks (suprisingly), though I have never had to actually do this. I have used this method of payment primarily with Amazon and with airlines, but it's very often an option. Germans don't particularly like credit cards (partly because German banks don't really "get" them -- most "credit" cards actually automatically suck the full amount of the bill out of your account on the due date... which means you're not worried about exhorbitant interest rates, but you're only barely buying on credit. It's actually more of a delayed debit card.)

Re:

[Random Walk]

I don't think it's that Germans don't "get" them.. it's more that they were invented to circumvent the 17th century backwardness of the US banking system. There wasn't ever any need for them in Germany, and the high charges (for the merchants) are not suited to make them popular if better solutions exist.

Note that you can overdraw your account anyway, so there is no need for the "credit" functionality either.. and since the account is balanced by the next payment from your employer, you are on average le

Re:

[the_other_chewey]

??? WTF? A bank allows ANYONE to debit from your account WITHOUT any authorisation?

No. At least not in theory. The person/corporation/entity charging yout account has to get your permission
to do that first (called "Einzugsermächtigung"). Then, everyone wanting to do such charging has to get it approved
with their bank, which is not completely automatic - non-commercial entities need a very good reason to be
allowed to do that.

However, the existence of such an "Einzugsermächtigung" is not checked by the banks, so if you claim to have one, the default is
to believe you. But th

Re:

[bickerdyke]

Thats only used for money transfers initiated by the costumer. And as there is proof that it was indeed the account owner transfering the funds (he used his secret TAN&PIN) those transfers are really hard to reverse.

It's the other way round with those Lastschriften (direct debit) easy to initiate by anyone, easy to reverse by the account holder.

Re:

[Killjoy_NL]

Bank: Deutsches Bundesbank, good morning, how may I help you?
You: Yes good morning. I'd like to order some debit cards for some accounts of mine. I hope you have your coffee, this is gonna take a while. :D

Re:So what

[jabithew]

"Hi, me and my friends want to buy this aircraft carrier. Can we split the check evenly over 21 million debit cards?"

Re:

[Anonymous Coward]

Nice combo-post there. You start with a subtle misunderstanding of the topic, move to a non-sequitur, then finish with a classic "begs the question" dismount.

Re:

[actionbastard]

That's 20 (twenty) million and nine hundred ninety nine thousand and ninety nine accounts, douchebag.

Re:

[dakameleon]

Yep, AC hits the nail on the head here... if 21 million is allegedly 3 in 4 German bank accounts, then there's only 28 million accounts in Germany and the remaining 82,369,552 [cia.gov] Germans (minus the 14% under 15, say) obviously keep their cash in their mattresses.

Re:21 million is 3/4 of accounts?

[quarrel]

I had the same reaction re the number of accounts. It is small.

However, Germany isn't all that small.

So some back of the envelope calcs:

They claim 21/.75 = 28M bank accounts in Germany

It's got roughly 80M people. Assume something like 2.2 people per househould (dunno what it is in Germany), and you get 36M. You gotta figure each household has at least one. I don't know how things really work in Germany, but I assume they're like the rest of the developed world and you essentially can't function without a bank account.

Then there are businesses. Even very small businesses will run several accounts.

I think the 28M bank accounts is just bullshit. It's gotta be heaps higher.

Surely 100M wouldn't be that big a figure even?

--Q

Re:

[Anonymous Coward]

The article says 3 in 4 households, not accounts. Take the exaggeration factor of a newspaper into account and it works out.

Re:

[Xelios]

Because as TFA says it's "3 out of 4 households" that might be affected, not 3 out of 4 accounts.

Re:

[Anonymous Coward]

Need an automatic screenshot taker? Try here. [16software.com]

Is your PrntScrn key broken?

Re:

[cyphercell]

Dude, I don't think Microsoft would stoop that low? Really?

Re:

[Jesus_666]

Yes, we switched to Linux. All of us. We can tell because all Germans share a hive mind. That's also why we all use the same bank account (plus 20,999,999 business accounts).