Scan Your Way to Check Fraud - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Scan Your Way to Check Fraud

  1. #11
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Quote Originally Posted by Negative
    If you steal a check from me, nothing prevents you from simply scanning the check, editing the image a bit (the payee field), and printing it out. Bank clerks don't know what all other banks' checks look like, so having non-matching paper is more than likely not an issue. They would probably indeed notice the edit if you would take 5 unnecessary steps like you are describing - not so when you take the easy route, though (that doesn't go for going to the issuing bank, of course).
    I suppose this is where the American and Canadian banking systems show a real difference...we essentially have 5 banks... the various checks are quite distinguishable... even to the average person on the street who doesn't look at them regularly... Also checks have security features... security features that you can't get simply by printing the check...

    Also, I think you need to consider that those units are highly personalized: when you fraudulently scan a check in the way you describe it, it's obvious to anyone that you are the one who committed the fraud (as you are the owner of the equipment). As soon as the victim notices that a check got cashed that he didn't write, the trail goes straight to you.
    Who said anything about units? They are talking about using a scanner and a software package... there's nothing personalized about that...

    I don't really see the difference. In both cases, fraud is pretty easy - but in both cases, you'll get caught as soon as the victim notices.
    I don't think it's that cut and dry... The only record of the check is electronic... who's to say it's real or not...
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #12
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Thanks HT~ you might have actually gotten me some extra work.............. I made a couple of calls to contacts about the concept, and they were very interested that I was investigating this technology. Might get some short term "technology evaluation" work out of this.......... anyways, good opportunity to "stay in touch" with them? many thanks again.

    One thing I might add to the conversation perhaps?.................. getting the transaction through is one thing................ actually getting your hands on the cash is another day's work............
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #13
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    HTRegz

    I suppose this is where the American and Canadian banking systems show a real difference...we essentially have 5 banks... the various checks are quite distinguishable... even to the average person on the street who doesn't look at them regularly... Also checks have security features... security features that you can't get simply by printing the check...
    There must indeed be a difference between the two nations' banks then, yes - there are literally thousands of different banks here. And I still have to see the first teller who actually looks at security features (but maybe that's cause I look so trustworthy ).

    HTRegz
    Who said anything about units?
    The bank that already has a functioning implementation of the concept - the concept is hardly new...

    HTRegz
    They are talking about using a scanner and a software package... there's nothing personalized about that...
    From the press release you posted on your blog:

    "[The] offering is an Internet solution delivered through existing online banking applications, ensuring widespread customer availability. It uses the financial institution's existing online banking portal, leveraging existing security methods for login IDs, passwords and data encryption during image and data transfer."
    (emphasis added).

    It's not like the bank won't know where the scan came from...

    Nihil
    One thing I might add to the conversation perhaps?.................. getting the transaction through is one thing................ actually getting your hands on the cash is another day's work............
    That, I believe, sums it up entirely

  4. #14
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Quote Originally Posted by Negative
    The bank that already has a functioning implementation of the concept - the concept is hardly new...
    Agreed... The banks have this technology... it is different from the way it will be implemented for the end user.. End users won't have units to utilize.


    From the press release you posted on your blog:
    It's not like the bank won't know where the scan came from...
    I think we'll see this tied in with phishing scams that steal online banking credentials... and in a number of other places...

    I guess we'll have to agree to disagree
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #15
    AO Řbergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    In the us there is a hold put on a check that is deposited. Depending on what kind of customer you are and the type of check, the hold can be from one to five days. The hold is to ensure that the check is legit. If the check doesn't clear or a flag is raised, they'll pull the deposit out faster than it went in. The hold will allow you to write checks on the amount held, but not withdraw it as cash. The reason you can write checks on it is due to the hold that other banks place on the checks when it's deposited. Normally, before a large check is cashed, the payee must have enough in their account to cover the check if it is bad. If the payee goes to the issuing bank, the funds must not be on hold and must be available as cash.

    The deposit part of it is just done remotely. The rest of the checks and balances are still in place. The scanner isn't the typical flatbed scanner that most people can pick up for $100. The scanners are $1K for the nicer ones and $500 for the cheaper ones. See http://www.paninina.com/solutions/products_overview.php for a better idea.

    These services are offered to new and existing business customers. It doesn't make sense to offer them to anyone other than business customers. They're the ones getting the most checks. Most consumers deal in cash and debit/credit cards.

    HT, banks don't want to loose money. Trust me on this one. If there was any more risk in using these services than traditional services, they wouldn't be offered. The banks are just making it easier for people to give them money.

    I don't know how you think that this is going to increase fraud in phishing or etc. Who wants to go through all the trouble to counterfeit a check when its much easier to skim credit card numbers from vuln databases or right off gas pumps?

    As far as credentials to online services, most banks are using multifactor authentication. You can't just logon and move around large money with just a userid and password. They require one time passwords and tokens now.
    Last edited by phishphreek; February 12th, 2008 at 12:02 AM.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  6. #16
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    Nihil; conglomerate?
    As in "A conglomerate of bankers."
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Dň landet her kvilte i heilag fred og alle hadde kjŠrleik ň elske med.

  7. #17
    Senior Member Ouroboros's Avatar
    Join Date
    Nov 2001
    Location
    Superior, WI USA
    Posts
    628
    Just to add to the conversation...

    The bank that I use (actually a Credit Union), has certain failsafes set up for me, at my request.

    -No ATM withdrawls and/or store purchases larger than $100 in a single day. If an attempt is made to violate it, the card is suspended, and I get a phone call to verify my ID (secret questions, SSN final digits, etc)

    -No written checks larger than $500 in one month. Once again, verification is necessary to override the limit. (I keep my checkbook under lock and key anyway, since the only checks I write are to my landlord once a month)

    -When I need more cash than that on-hand, I go to the bank and withdraw it personally.

    It may be a pain to drive and stand in line or authorize things over the phone during the workday, but you won't hear me sighing in disbelief that my accounts have been drained by a crook any time soon.

    O
    "entia non sunt multiplicanda praeter necessitatem"

    "entities should not be multiplied beyond necessity."

    -Occam's Razor


  8. #18
    Senior Member Info_Au's Avatar
    Join Date
    Jul 2001
    Location
    Melbourne
    Posts
    273

    Talking

    I sometimes go into banks just to get free ballpoint pens ........... they are better quality than the ones you get from betting (gambling) shops, and have jokes printed on them.

    By Nihil

    I guess our Convict history will never leave us.....All the pens in banks and post offices's here are on a chain or string.
    No Trust....hehehehehehe

Similar Threads

  1. Nmap 4.0
    By Irongeek in forum Security News
    Replies: 9
    Last Post: January 31st, 2006, 09:24 PM
  2. Card fraud grows online
    By Paws in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: November 8th, 2005, 03:22 PM
  3. FAQ: Identity fraud uncovered
    By Black Cluster in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: October 30th, 2005, 01:18 AM
  4. Proxies unleashed
    By The|speštral_ in forum AntiOnline's General Chit Chat
    Replies: 11
    Last Post: September 1st, 2003, 03:49 PM
  5. A basic NMAP tut.
    By Pooh-Bear in forum Security Archives
    Replies: 4
    Last Post: December 13th, 2001, 08:25 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides