Scan Your Way to Check Fraud
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Scan Your Way to Check Fraud

  1. #1
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914

    Scan Your Way to Check Fraud

    Original Posted Here

    An article from the NY Times entitled, 'Scanning Your Money to the Bank' recently came to my attention. The gist of the article is as follows: There's an Act (Check Clearing for The 21st Century) that allows for the exchange of electronic images of checks rather than the physical checks... Numerous banks and big business are already doing this, and one bank, which serves the US Military, has also implemented this. A company called Fiserv has recently announced that they have a way to bring this ability to online banking customers. I find this to be very, very frightening...
    The remainder of the blog post is my thoughts on the subject... and why I find it scary... I'm curious to know if this worries anyone else? I don't think that home users scanning checks should be allowed... It opens the door to multiple new methods of check fraud that are much easier and more significant than anything that's been seen in the past.

    Thoughts?
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    It opens the door to multiple new methods of check fraud that are much easier and more significant than anything that's been seen in the past.
    Not really, It just provides one more vector for the same old fraud. It is made somewhat easier because you have removed the need for the tamper proof ink and the magnetic numbers, but that is about all.

    I don't see it as a problem, as I don't really see it as much of a benefit to the individual. All it would do is save them the cost of the postage, and that hardly seems worth the effort.................... how many payments do you make by posted cheques each year? All I can think of is taxation and a few charitable donations.

    The only people who stand to gain from it are the banks, as manually processing paper transactions is the most costly form of payment they have to deal with.

    It might depend on your local banking laws, but over here, if your bank acts on fraudulent instructions it is they who are liable, not you. So it is the bank who have been defrauded, rather than the individual.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    In the UK there is nothing to say a cheque actually has to be a properly formatted cheque issued by the bank - it can be wrote on the back of an envelope if the person feels like it, as long as the wording is correct (can't remember what it is though). I remember reading some thing about it years ago in the local paper - a guy got messed around by the bank one day so started writing cheques on eggs or something, eventually the bank started accidentally dropping the eggs and they guy got a real cheque book.

    Will try and find if it is on-line somewhere.


    But scanning a fraudulent cheque, or taking a fraudulent cheque into the bank....what the difference, the bank still lands up with a fraudulent cheque, one just takes longer to get there..
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Yes, under UK regulations all a cheque consists of is a written instruction to your bank to make a payment.

    The standard format cheque numbers sort codes account numbers and the like were introduced for ease of processing and later to facilitate automation of processing.

    The tamper proof ink and magnetic printing were to reduce fraud, with the magnetic ink also aiding automation........OCR was pretty primitive back then.

    Years ago, I did hear of a farmer writing a cheque on the side of a cow (or maybe its ass ) That one even got on TV!............... obviously it was a publicity stunt regarding some grievance the farmers had, but they had a chap from the Institute of Bankers, who confirmed that it was legal.

    //off topic:

    Q: What is the correct collective noun for a number of bankers?

    A: A "Wunch"
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    I work for a financial institution and we offer this service. I'm familiar with "check21". We market this service to businesses. The costs associated with implementing this are too expensive for the average user. However, it's less expensive than daily trips to the bank for deposits and paying a courier. It's all done over an SSL VPN with multi factor authentication.

    The remote deposit portion of it is just the "delivery". Normal checks and balances take place after they've been scanned into the system. The merchant gets a hold placed on the deposit just like any other deposit.

    I don't see any huge risks associated with this in terms of "check fraud". No more than usual, at lest. It works very similar to a debit or credit card transaction.

    The part that worries me is the security of the actual scanning workstation...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmmm,

    I hadn't really considered cheques received. Certainly, private individuals in this country don't receive that many, and certainly wouldn't be interested in such a service. The majority of their transactions would be for cash or would be conducted by electronic transfer.

    The same would hold for most businesses I would imagine.

    Over here banks have things called "night safes" you get a key and a number of bags. You make up your deposit and dump it in the "night safe" outside of business hours. The bank employees then open the bags and process the contents, just as they would with a regular over the counter deposit.

    Credit and debit card transactions are the most popular form of payment. The only times I have made cheque payments in the past 5 years have been to tradesmen working on the house, taxation, and charitable donations.

    Where you are dealing with sole traders or small businesses, it is frequently an advantage to pay cash................................. not that they would be anything less than forthright with their submissions to our equivalent of the IRS

    I have just dug out my cheque book............... the first one was written in May 2005 and there are still 4 of the 30 left in the book. OK I don't know how many my wife has written as well, but it won't be that many I would imagine.

    I know I am talking about payments rather than deposits there, but I am thinking that a cheque I have written is one that someone else has received?

    Another thing over here is that you can't just walk into a financial institution and open an account.............. they are far more cautious than that, as they tend to have to meet the cost of any fraud.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    I do my business banking through Capital One, and I was offered that service (called Remote Deposit at Capital One), but decided it wasn't worth it. Pricing for low-volume (200 checks per month) is somewhere around $50 a month plus 15 cents per transaction, and the scanning unit has to be purchased (starting at around $450). Keep a high enough balance, though, and you get it all for free...

  8. #8
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Interesting Neg~

    Capital One operate in the UK but I haven't seen that service offered by anyone over here.

    I don't visit banks that often............. perhaps once per week, so I don't have that much experience, although I would mention that my visits are at random times of the day (fools the security guards ). We don't seem to have much in the way of "teller queues" over here, in fact they are much lighter than our Post Offices. Also we tend to have a similar operation to the "night safe".............. you just go to a special window and hand in your "bag"

    Incidentally, our Post Offices provide a full range of personal banking services as well............

    I sometimes go into banks just to get free ballpoint pens ........... they are better quality than the ones you get from betting (gambling) shops, and have jokes printed on them

    To be honest, there are not that many people (who would want the service) in the UK who are not within easy access of a financial institution.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  9. #9
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Maybe I'm going crazy, because I don't grasp how people don't get this... I even sat down and ran it by someone this morning to make sure I wasn't going nuts.

    If I steal a check from you (by taking it out of the mailbox after you've mailed it (mailbox fishing)) and take it to the bank, it's not in my name... I can't cash it.

    If I steal a check from you (same method) and take it home... I scan it, then I take a blank check associated with the same bank and place my name on the Payee field... In Photoshop I cut out the Payee field and overlay it on the original image... Because they are the same check they will align properly and you won't notice that they were edited... I submit this check online. It is cashed... In the bank, they would notice the edit because I couldn't do it as cleanly as I can when we're talking digital graphics (i.e. physically you would have paper pasted over other paper and it wouldn't look like an authentic check)
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  10. #10
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    If you steal a check from me, nothing prevents you from simply scanning the check, editing the image a bit (the payee field), and printing it out. Bank clerks don't know what all other banks' checks look like, so having non-matching paper is more than likely not an issue. They would probably indeed notice the edit if you would take 5 unnecessary steps like you are describing - not so when you take the easy route, though (that doesn't go for going to the issuing bank, of course).

    Also, I think you need to consider that those units are highly personalized: when you fraudulently scan a check in the way you describe it, it's obvious to anyone that you are the one who committed the fraud (as you are the owner of the equipment). As soon as the victim notices that a check got cashed that he didn't write, the trail goes straight to you.

    I don't really see the difference. In both cases, fraud is pretty easy - but in both cases, you'll get caught as soon as the victim notices.

Similar Threads

  1. Nmap 4.0
    By Irongeek in forum Security News
    Replies: 9
    Last Post: January 31st, 2006, 09:24 PM
  2. Card fraud grows online
    By Paws in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: November 8th, 2005, 03:22 PM
  3. FAQ: Identity fraud uncovered
    By Black Cluster in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: October 30th, 2005, 01:18 AM
  4. Proxies unleashed
    By The|speçtral_ in forum AntiOnline's General Chit Chat
    Replies: 11
    Last Post: September 1st, 2003, 03:49 PM
  5. A basic NMAP tut.
    By Pooh-Bear in forum Security Archives
    Replies: 4
    Last Post: December 13th, 2001, 08:25 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides