Hacker was an often frequent flyer

[nihil]

Smooth,....................Hi there..............

I may be wrong, but I suspect you question may be "how many sardines can we pack in a tin?" or is it just the slob like me that lets his junk encroach on your liebensraum?

I still stand by the comment, that like living space, if it is done slowly and systematically, fraud will pay off. Unless the IT community shows a bit of common sense here?............I know, the problem with common sense is that it is so uncommon

We spend man years on a financial system, and only man hours on the security aspects?

Also, I believe in "review for reasonableness" because I do not think that it is right that senior citizens get utility bills for $1,000,000. This tends to upset them?

Just my point of view

[RoadClosed]

Actually there are thousands of transactions everyday for less than a dollar. It's the nature of debit cards and stored value cards.

[Lv4]

that transaction scam was from Office Space the movie. Also there are several urban legends floating around about it, but so far I haven't been able to substatiate a single claim to that type of scam... and I work in IT security for a financial conern that deals with exactly those types of transactions daily

[nihil]

RoadClosed,

You are quite correct...............I just pulled an arbitrary number out of the air and, as I am using an English keyboard did not have a 1 cent value to hand

My main point is that you need to set these reasonableness tests to suit your environment..........if a million dollars (or greater) is too much, report it, if 50 cents is too little, report it. A human being is then required to intervene........there about five billion of us left I think?

Another thing is numbers of transactions. I do not know how things work in the USA but over here in England, our banks charge commercial customers per transaction (in or out) but banking for private individuals is usually free (from the transaction number viewpoint). I might take a view that any "private" account with more than (say) 500 transactions per month, is a small business masquerading as a private customer?


BTW I don't like Banks.............when you have no money they chase you................when you have too much they tell you off.............then ask if you want to borrow from them

cheers

Sorry Lv4,

I was typing as you posted, not bad manners on my part I assure you.

Are you questioning the English decimalisation of currency story................? I can provide substantiation if you want it

cheers

johnno

[Lv4]

nihil - nah I understand the decimilasation of currency (like I said I work with a company that does hundreds of thousands of transactions like that daily) but what I'm saying is that I have not found a story where that scam was succesfully carried out. They have "tried" to do it but it has never transfered the funds out.... we have all kinds of safeguards in place for that type of activity.

and I didn't assume bad manners at all

[phishphreek]

Programming scams
linus!sdo, March 11, 1986

> Is it really true that someone working for a bank or a large
> company diverted megabucks into his or her personal account by
> adjusting a program that figured out people's paychecks or
> interest payments so that it always rounded *down* to the
> nearest penny, never up, and then deposited the extra parts of
> pennies (mills) into his or her own account? I heard this story
> several years ago, but now I need to know if it's really true.
> So if you know the name of the bank or the company and the
> approximate year this person was caught,

Not only is it true, it has also happened a lot more than just
once. In fact, this is one of the simplest computer scams
going. One of the cleverest ones I ever heard about involved
someone working for a company (a fruit company, I believe) who
had the computer change (just slightly) the recorded times (and
prices) of the company's transactions on the commodities
exchanges. His profits came from the slight changes (say,1/16
of a point) in the contract prices that occur all the time
during a normal trading day.

I have seen several books which talk about these and other
schemes in detail. Unfortunately, the names and dates are often
not revealed as most companies are loath to have the general
public find out the ease with which these types of crimes can be
carried out, as well as the difficulty of discovering them once
they have occurred. One of the most revealing items is the fact
that computer criminals are almost always caught only because
discrepancies in their lifestyles are noted (e.g. buying a
40-foot yacht on a $20k salary). In fact, the longest running
crime I heard about, which involved a programmer (I believe) in
a prominent New York bank, went on for close to 10 years. The
culprit escaped detection so long because he had a $30,000-a-
month gambling habit and was losing his illegal income as fast
as he got it. He was finally caught when his bookie was
arrested as part of a police 'sting' operation, and his name was
found on the books as one of the largest customers.

As for finding more out about such things, all the information I
have came from browsing through the MIT engineering library for
a few afternoons, so I imagine that any good college library
should have at least some material on this. Good luck in
finding out some actual names and dates, however!

http://www.rickadams.org/warstories/warstory1.html

[Lv4]

ok, once again I'm going to go on record here saying that I have still not seen proof of this. No names, no cases, no companies named. It's always, some guy (in New York if I remember correctly) that does something to round off 1/16th of a cent (or along those lines) and did it for 10 years and never got caught. Even snopes.com has nothing concrete on this. FWIW this is known as a salami scheme and has been known about (at least theoretically) for a long LONG time now.

While it may, I repeat, MAY have been possible when the trasition from physical bookkeeping to computer bookkeeping occured there are SO many safeguards put in place now that it is almost impossible to pull off successfully. Trust me on this, we have already busted one programmer a couple of years ago that was trying to do this. He was even fairly slick about it, but we still caught him.

Now, I'm not going to say that it can't be done but I will say that it's next to impossible to pull it off. I would gladly retract my statements if someone can provide me with concrete proof that this scheme has been pulled off successfully (that's the stickler here)...

[phishphreek]

Lv4:

I agree with you. I don't think that it would be possible in this day and age to pull that scheme off. I too work in a financial institution and we have all sorts of checks and balances in place to make sure of it. We can pull up a report on just about anything you can dream up. Not to mention the daily reports that are hundreds/thousands of pages long that might show suspicious activity.

I'll look for more info on that scheme. I've heard it time and time again that it had happened...
I'll email security and audit and find out some more info.

[nihil]

I understand the cynicism and Urban Legends stuff................I am going back to 1972 with my instance........there were no PCs as such then.............I worked for an outfit called Pric**Water*****

Trust me, it happened over here

Cheers

[Juridian]

Originally posted here by Lv4
that transaction scam was from Office Space the movie. Also there are several urban legends floating around about it, but so far I haven't been able to substatiate a single claim to that type of scam... and I work in IT security for a financial conern that deals with exactly those types of transactions daily

If you want to trace it back further....Superman 3. Richard Pryor had the same scheme going on...