Corporate Identity Theft on the Rise 193
prostoalex writes "As millions of Americans lose their identities to online and offline thieves, a new kind of crime has been cooked up by the criminals who are not bothering with doing pesky credit card charges. They steal entire companies, opening up merchant accounts for existing businesses and running up charges from aforementioned stolen credit card numbers. What's worse, is that the hole the criminals exploit seems to be built into the system. According to Bob Sullivan from MSNBC, "Many of the processing firms interviewed for this article claimed they caught on to the fraud after the transactions had cleared, but before the suspects had withdrawn the money from various checking accounts around the country. One did concede, however, that the scheme has real potential.""
Hmmmmm..... (Score:5, Funny)
Re:Hmmmmm..... (Score:3, Funny)
*strolls off singing "I'm in the money..."*
Not Credit cards (Score:4, Funny)
Yes they do.. (Score:3, Informative)
This happened to the TV show punk'd (Score:5, Funny)
seems it would be (Score:4, Insightful)
All you would need is a legit FEIN, and real or forged Articles of Formation. Maybe an operating agreement. Open a bank account and VOILA!
Re:seems it would be (Score:2)
Such a brand-new account suddenly receiving tens of thousands in a few days (the only way the scam would be worth it) followed by a quick attempt to transfer those funds would trigger an investigation and have the funds held. Ba
Re: (Score:2)
Re:seems it would be (Score:3, Insightful)
Fraud != Theft (Score:4, Interesting)
I hate it when the mass media call it "identify theft." If someone impersonates me, he's not taking away my identity, he's committing fraud.
Repeat after me... intangible and intellectual "property" cannot be "stolen." It can only be used in unauthorized ways.
Comment removed (Score:5, Insightful)
Re:Theft via deception = Theft (Score:4, Insightful)
even if the theft did not go through, one can still
prosecute it as fraud. Thus the credit card companies who repay the merchant but don't persecute
the fraudsters even with a lot of evidence are PART OF THE PROBLEM.
Re:Theft via deception = Theft (Score:3, Interesting)
the fraudsters even with a lot of evidence are PART OF THE PROBLEM
Yes, the credit card companies have it nailed down to the last dollar - Will it cost more to
a) Prosecute the fraudsters
b) Repay the merchant
They choose B in most cases. There's a high cost of litigation in this country.
Same with car insurance. I was sued in an obviously bogus manner once, AAA even admitted when I called them that the lawsuit was a total fraud. Yet,
Re:Theft via deception = Theft (Score:2)
Yes, he's right in saying it's fraud, as are you. But your comment is more accurate "it's also fraud".
You are both correct on semantic technicalities, however, the (great-great?) grandparent post is correct in its overall argument that the implied meaning of "Identity Theft" isn't "theft through fraudulant assumption of someone else's identity" but rather "Theft of someone's identity", which is a nonsensical notion that results i
Re:Theft via deception = Theft (Score:2)
>(as in you pick a lock, get in,
>take what you want, and run out)
It's called "Breaking and entering" and it's a seperate crime from theft. You get charged with B&E even if you didn't take anything or just "looked around". Even if you didn't "break" anything to get in.
If you steal stuff, you're charged with that too.
The law is pretty specific about these kinds of things. Fraud is fraud, theft is theft. They are not the same thing.
=Shreak
Re: (Score:2)
Re:Theft via deception = Theft (Score:3, Insightful)
> stolen items were obtained through fraud
No the OP believes that the term "Identity Theft" implies that the identity was stolen. Just as your "Lock Theft" implies that the lock was stolen.
There is a crime here, it's theft of property (the merchandise that was stolen from the store). The mechanism used to steal the stuff was fraudulent use of someone's credentials (identity). This mechanism already has a term (fraud) and it's already a crime to perpetrate
Re:Fraud != Theft (Score:2)
If someone assumes your identity and racks up credit card charges in your name, you lose your credit rating and good standing. I have no problem calling that 'theft'.
Re:Fraud != Theft (Score:2)
Re:Fraud != Theft (Score:2)
They never stole your credit rating, they impersonated you and tarnished your reputation.
They fraudulently acquired goods which can probably be considered stealing from some merchant in the transactional process, but they did not steal that item from you.
Remember, a verb acts on a noun!
From WordNet (r) 2.0 : (Score:2)
theft
n : the act of taking something from someone unlawfully; "the
thieving is awful at Kennedy International" [syn: larceny,
thievery, thieving, stealing]
Re:Fraud != Theft (Score:2)
Stealing someone's identity is indeed fraud, not theft, that's true. However, using that fradulent identity to purchase goods falls under federal "theft by deception", and thus "identity theft" can also mean "using someone's identity to steal".
Ob Quote Re:Fraud != Theft (Score:3, Informative)
'Twas mine, 'tis his, and has been slave to thousands;
But he that filches from me my good name
Robs me of that which not enriches him
And makes me poor indeed.
-William Shakespeare - Othello the Moor of Venice (Iago at III, iii)
Look it up. Re:Fraud != Theft (Score:2)
Note the inclusion "of its use" here. It's extremely important. If you have the legal right to use something in a particular way, and someone misappropriates that use, that's theft, whether they actually take something (physical or otherwise) or not.
Copyright
All I can say is: (Score:2)
It needed to be said, what you pointed out that is.
Identity theft is just a term used to scare the crap out of people. It isn't like the person is going to start showing up at work for you and attending family functions - they are just using your bank account or credit card information.
If I steal your credit card and use it I'm not taking your identity - I'm committing fraud by acting as you. That is the way my state has always looked at it. I should know, I've known many people who've gone
Re: (Score:2)
Urggghhh (Score:2)
Fraud:
A deception deliberately practiced in order to secure unfair or unlawful gain.
or:
An intentional perversion of truth for the purpose of obtaining some valuable thing or promise from another.
Or better from the FTC site: [consumer.gov]
How can someone steal your identity? Identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes.
Re:Fraud != Theft (Score:3, Interesting)
But the mass media is very, very vested in this New Economy thing -- literally, technocrats of the first order -- and really, really want to get people to transform their lives into the most Teflon-coated fiscal state possible (the velocity of money always being of interest to the banking and merchant classes). The phrase "identity theft" does not hinge on the word "theft"
Re:Fraud != Theft (Score:2)
The 1999 $650K exemption is EXACTLY as big as it sounds. It allows over 98% of individuals (and that's just this year's pro
Re:Fraud != Theft (Score:2)
Quite honestly, I have little sympathy for a credit card company who mails out pre-approved credit card offers requiring only a few boxes worth of information and a signature (which isn't even verified) to accept.
Re:Fraud != Theft (Score:2)
Re:Fraud != Theft (Score:2)
The advantage of a pre-approved card is that (a) you know the victim is pre-approved, therefore likely to be given the credit. (b) You have the person's address, so you can watch for the actual card (which you have to activate, usually with the ZIP code
Good Idea (Score:5, Insightful)
Re:Good Idea (Score:5, Insightful)
now maybe the banks will ask the client for their goverment papers that proves they registered the bussiness.
Re:Good Idea (Score:2)
I would get home realize my mistake, walk down the street to my brother's babysitter's house, borrow her phone, call my mother, ask to borrow a few tools, open a door(I am not saying which), walk through the house get my keys, put the dog on her leash and walk the dog and return what I borrowed.
Did that a couple dozen times through out high school. Also note that I never left a trace of
Re:Good Idea (Score:2)
MP (Score:5, Funny)
Re:MP (Score:2)
It's fun to charter an accountant
And sail the wide accountancy,
To find, explore the funds offshore
And skirt the shoals of bankruptcy!
It can be manly in insurance.
We'll up your premium semi-annually.
It's all tax deductible.
We're fairly incorruptible,
We're sailing on the wide accountancy!
Hmmmm... (Score:2, Funny)
Re:Hmmmm... (Score:2)
well documented type of theft , just not reported (Score:3, Informative)
Note: IRS has a new address (Score:5, Funny)
Re:Note: IRS has a new address (Score:5, Informative)
This has actually been done before, and anyone can open an account for, as an example, "IsoRectal Spectroscopy" dba "IRS" and cash stolen tax checks.
Re:Note: IRS has a new address (Score:2, Interesting)
Re:Note: IRS has a new address (Score:2)
Note to our "friendly government lurkers" - I do not advocate, recommend, or in any other way think that this is a good idea. I prepare taxes
Re:Note: IRS has a new address (Score:2)
Impersonating the IRS and frauduently cashing tax checks? Yeah, that will probably get you in trouble. If you consider the almost certain 20 year sentence in FPMITA prison to be "trouble."
Re:Note: IRS has a new address (Score:2)
Re:Note: IRS has a new address (Score:2)
Couldn't you make the check out to "Internal Revenue Service" as well? Wouldn't that have the same effect?
Re:Note: IRS has a new address (Score:2)
Re:Note: IRS has a new address (Score:2)
How to article (Score:4, Interesting)
Re:How to article (Score:2)
Ev
Re:How to article (Score:2)
Re:How to article (Score:2)
Re:How to article (Score:2)
I was involved with a company that just did this. I had setup a website for a university to do online registrations for the frosh week packages. After dealing with all the red tape you deal with at a university, they finally got their merchant stuff setup in mid August, and we put the system
Re:How to article (Score:4, Insightful)
To me that says one thing: honeypot.
Bring on those people who roll their eyes (Score:5, Insightful)
They're everywhere. Nobody thinks worrying about security is cool or fun, it seems like a waste of money, a sign of mental instability, even a kind of obsessive behavior.
Everyone much prefers to be surprised and wave their hands when things go wrong. "It's out of control. You can't stop hackers/criminals/etc."
People have a terrible problem understanding scale. Nobody understood at Microsoft that the computer wasn't a little house in the country where you could leave the doors unlocked so occupants wouldn't have to fumble with the keys. When engineers there raised the problems they were scoffed at, disciplined. "Keep your priorities straight. Don't be paranoid." Nobody got it when the first spam was sent and we were all outraged... "What's wrong with a little spam?" How about what's wrong with 300 spam a day? It's just the "logical conclusion" - which is not logical anymore to people who don't like to be bothered thinking deeply about their responsibilities.
The many systems our financial institutions use for identifying and tracking "consumers" are ridiculously insecure. And although the victims wail and now are allowed a few minutes a month to tell their horrible tails on 60 minutes, we as a whole seem determined to close our eyes and race grinning into the brick wall of scale again. How many hundreds of thousands of people have to have their lives ruined before colleges stop making everyone spout their social security number like it's their first name, and the mother's maiden name loses its appeal? How long before companies stop letting $5 an hour employees handle "meaningless" data (with literally no background checks or security controls) that is worth millions when properly exploited?
This is a cultural change we need to kick off. We need to take security seriously. It needs to become uncool to roll your eyes and mock the security expert.
Re:Bring on those people who roll their eyes (Score:2)
It's worse than this. Someone walked into a bank in minnesota and tried to get a business loan for $18,000 using my information. Luckily, he was turned down on a technicality. I found out when I received the rejection letter almost the day I moved into my new house. He had applied for the loan using my address b
Re:Bring on those people who roll their eyes (Score:2)
Re:Bring on those people who roll their eyes (Score:5, Interesting)
If someone gets your information, you're hosed. There's only one thing you can do. It was modded +5 funny, but another post hit the nail on the head. Burn your credit rating.
Re:Bring on those people who roll their eyes (Score:4, Insightful)
You're luckier than most people, you actually know the identity of the person who took yours.
Re:Bring on those people who roll their eyes (Score:4, Insightful)
Or, alternatively, when will companies stop pretending that they can be trusted simply because of employee credit card verification checks, background checks and a piss test?
I like to look at it this way, here in Ohio (as in most states) you need to go through the most awewsome background check ever in order to take the state bar. Full multi level 10 finger fingerprint check (local, state, national) credit check, employer verification check for all jobs worked since you were 16, the list goes on and on and it may even go into your mental health history (one of the few jobs you hear of that occuring.)
In spite of all of this, the industry as a whole can be summarized as a convention of pricks.
There are limits to background checks.
FBI Not Interested? (Score:4, Interesting)
The FBI could be very interested in the Pakistan and Russian connections. However they are very unlikely to be discussing details of the case with regular civilians.
Or they could be disinterested.
disinterested? (Score:3, Interesting)
http://dictionary.reference.com/search?q=disint e re sted
mostly insider theft (Score:3, Informative)
Interesting (Score:2)
Re:Interesting (Score:3, Informative)
Who hasn't read some story or seen some report on TV about "phishing" and those evil "hackers" who sniff your internet conx looking for credit card numbers?
It's not nearly as lurid to talk about joe schmoe, who got pissed at his boss and sold 100,000 customer records to some guy in detroit. Security breaches have always been about 80% inside jobs.
Damn right the problem is built-in to the system (Score:5, Insightful)
The scum create an account, and charge a bunch of crap to it from stolen cards. They then extract the money and run.
The people bilked bitch to the credit card companies.
The card companies attempt to reverse the charges.
The poor business who was impersonated gets stuck with the bill. At best, the company can establish its innocence, and the CC company writes the cost off its taxes.
If the *credit card companies* were the ones who had to suffer the costs of fraud, rather than shifting it to the companies or to the taxpayer, then they would be a HELL of a lot more motivated to add stronger authentication to the system.
As it stands now, if somebody is committing massive credit card fraud in the form of lots of small charges, and you try to bring this to the card company's attention, they blow you off because it just isn't worth their time - it is easier to just charge back to the merchants. A friend of mine who works in the order-processing chain for a large company ran into just that - he detected a fraud ring attempting to rack up a lot of charges, he called the card company and said "I'll give these guys to you with a ribbon tied around them - addresses, names, the works." "Not interested - bu-bye!"
Re:Damn right the problem is built-in to the syste (Score:4, Informative)
Except they are the ones who pay for it. They get to deduct a business loss from their taxes, because those losses reduce their earnings.
Re:Damn right the problem is built-in to the syste (Score:2)
So why don't you? How hard is it to incorporate in Nevada/Deleware these days?
Re:Damn right the problem is built-in to the syste (Score:2)
The question is, who gives those subsidiaries the money they loan out, which got stolen. A credit-issuing subsidiary is only as important as the amount of money put in it.
Re:Damn right the problem is built-in to the syste (Score:2)
I hope he went on to discuss it with the FBI (assuming he's in the US). They're normally interested if a reasonable amount of money is involved and if someone else has already done the heavy lifting for them, it would look good on their scorecard...
Re:Damn right the problem is built-in to the syste (Score:2)
Then they would never reverse the charges onto the consumer's card. They would just say, "Oh, tough luck
(or at least you would have to hassle them to death, and after they opened an investigation they might give you the money back after a couple of months)
why bother stealing a companies identity (Score:2, Interesting)
Then you get a totally legit and above board merchant account to run your stolen cards through.
Here in the uk you can see ads for pre-created legitimate shell companies that you can buy cheaply and rename to cut out the hassle and legal niceities of creating a limited company from scratch.
Re:why bother stealing a companies identity (Score:3, Interesting)
*I* own such a company, I use it, it trades, it files tax returns.... and the palaver I have to go through to open accounts and things is bonkers.
(Instead I have to turn up with massive piles of other documents.)
Because I don't have a passport. And in Britain, to open a company bank account, all the company officers have to turn up in person and present their pass
The only way to stay protected... (Score:5, Funny)
Re:The only way to stay protected... (Score:3, Interesting)
2. Apply for a moderately difficult to get account, such as a 9.5% preferred visa card, and not a simple card to get (i.e. a 21% Sears card).
3. On the application, list a low income, a job like "writer", and stipulate your income is irregular.
4. You now have been rejected for credit, and this will stay on your credit score for at least 2 years. At this point, the companies that would have issued you a small limit - high interest card won't see the reasons you were r
Here are the facts... (Score:3, Informative)
Simple fact is, the system is not designed to prevent fraud. It is designed to detect, catch, and prosecute those that do exploit the system. Granted, the industry has slowly started trying to move toward a more proactive stance, while making it a little harder to comit fraud. But the merchants generally complain about efforts to make it harder on criminals and go out of their way to facilitate these types of problems.
Long story short, you may think you're getting away with these types of crimes, but rest assured, it's only a matter of time before you are caught and placed in jail.
Re:Here are the facts... (Score:2)
Re:Here are the facts... (Score:2)
Statistically, you stand a far better chance of being caught than not.
NOW DC will do something about it. (Score:2)
What is particularly outrageous is ... (Score:5, Insightful)
"For all of us, it's a tough business," Steinberg, of Merchant E Services, said. "It's a large, large problem."
No Shit, Sherlock. It may be a large, large problem, but it is your responsibility to solve it. If you can't solve it or handle the losses, you shouldn't be in the business. Period.
Any suggestions on how to keep the losses on the banks and service providers, instead of the businesses?
`millions of americans'' (Score:2)
They're not even trying to look like they aren't shoveling bullshit.
Scary to think (Score:2)
This is an OLD, OLD technique... (Score:2)
I remember back in 1996 when I was setting up my company to process credit cards, they had to come and photograph our business, photograph myself, just to PROVE that we were a legit business that would process cards, and all this was sent in with our applicaiton by a trusted THIRD PARTY.
This type of scam was around before identity theft was huge because all the criminals needed w
"Credit card merchant providers" are near-crooks (Score:3, Informative)
If you're a legitimate business, and want to accept credit cards, you go to your bank and open a merchant account. They check your financial history, may demand a deposit (on which they pay interest), want to see you in person, may visit your premises, and make you sign a painful contract. Then they charge you about $100 per month, plus 1-3% of the transaction cost. This is the way real companies do it.
If you're a less legitimate business, there are services for you, too. Charge-It-Now [charge-it-now.com] is a more or less legitimate one. "Now you can be approved to accept credit cards in as little as two hours and have a live merchant account in 24 hours. Applying online for our Internet processing software has never been easier. The entire application process is done online in less than 10 minutes and with our digital signature approval process; we do not need a physical signature. We deposit funds directly into your existing bank account. ... We accept 98% of applicants". At this tier, the rates are higher and the merchant is more likely to be doing something dodgy. These outfits aren't regulated as banks. They're resellers of banking services. They need to be better regulated.
Further down in the muck, there is the "high risk merchant account" [rapidmerchantaccount.com] business. "Has PaySystems or other merchant providers shutdown your company, virtually stopping you from processing credit cards? ... Good Credit / Bad Credit okay! ...
We pride our business on the fact we can place just about any business type. Even if you've experienced problems in the past with other processors or have a low credit rating."
This is where your mid-grade spammer gets credit card processing. Most of those operators need to be kicked out of the credit card system.
Down at the bottom, there's "offshore high-risk credit card processing". [121merchantaccount.com] "Merchant account service for bad credit, high risk, gambling, and adult related business." This is the land of 15% fees, long holdbacks, and processors who disappear suddenly. Here we find companies operating from undisclosed locations, a criminal offense in many jurisdictions. These outfits help crooks and spammers launder their money, evade taxes, and hide from law enforcement. These operators are essentially part of organized crime.
That's nothing new... (Score:2)
Re:As long as... (Score:5, Insightful)
-- james
Re:As long as... (Score:5, Insightful)
Problem is, they do target ma and pa businesses. Indeed, apparently their scheme only works if the victim does not yet have a merchant account on his own (or else the fraudulent account would be easily flagged as duplicate...). Thus the perfect victim is a company too small to be accepting credit cards. Sorry, Microsoft will unfortunately never be the target of these gentlemen;-(
Re:As long as... (Score:2)
Re:As long as... (Score:3, Insightful)
A crook's a crook, no matter his target.
Re:As long as... (Score:2)
Muggers are immoral people. It is wrong to rob people at gunpoint. Sometimes they even kill their victims. If one plugs OJ Simpson, however, I won't cry.
Relative morals is when I decide to steal from these companies, and try to justify it. I don't engage in that. Stupidity is when I sympathize with crooks who are ro
Re:As long as... (Score:2)
How about you try again.
Re:As long as... (Score:2)
Re:Stolen? (Score:5, Insightful)
Like credit cards with SOMEONE ELSES name on them? Like SOMEONE ELSES money or "physical" merchandise? Theft is when you steal something of value. Websters gives examples of both tangible and intagible theft.
Besides, what's your point? Just trying to be argumentative, or perhaps justify something darker?
Re:Stolen? (Score:2)
Re:Stolen? (Score:2)
Re:Stolen? (Score:2)
Sadly, thanks to the failed "your social security number won't be used anywhere except to pay taxes" promise, most of us would find our social stamped across old school records, with our date of birth listed right below. Heck, going through some old boxes of tax records
Re:Stolen? (Score:2)
Re:They have a website (Score:2)