7/02/2010

07-02-10 - Bank Fraud

In the last month I've been the target of fraud twice. It's quite ridiculous how poor the security of our electronic banking system is. To do an ACH out of someone's bank account, all you need is an account number. !? WTF !? No password, nothing. In theory they require a signature, but in practive they don't actually check that. Furthermore, the signature only authorizes someone to do ACH's - it doesn't specify a limit or a specific transaction! So once you authorize someone they can keep running more transfers after the fact.

This is a ridiculous load of shit. The credit card companies are almost as bad. The "verified by Visa" shit is a vaguely decent start in the right direction, but it's still just pathetically easy to get someone's credit card number and use it at will.

The insane thing is that it would be so easy to fix. I've mentioned this idea before, but the simplest one that occurs to me which would work in the current system is to have temporary one use only account numbers. So when I want someone to do an ACH withdrawal, I ask my bank for a temp account number which will expire or is conditional, and I give that number to the merchant. Same thing for credit card numbers. But no. They say some bullshit about how it would be too expensive to retrofit more security into the system, while they swim in piles of our money.

It blows my mind how many people don't carefully check over their bill from everyone. At the grocery store, from your phone company (phone companies are such massive scamming lying crooks that the only viable option is to not have a phone contract at all IMO), from your bank, etc.

No comments:

old rants