Even in fraud-prone Mexico this is standard practice. It’s how I paid my rental deposit for a job a few years ago; it’s how I paid the fishing charter; and it’s how a lot of companies prefer big payments.
Granted, but I no longer feel secure with them.
In the UK, account and sort code info are NOT sufficient information to allow **withdrawal **from an account (anyone can put money in). Companies that operate Direct Debit require your signed authority and (as a company) must be vetted by the banks before they can operate in that manner. Otherwise, banks cannot move money out of your account without additional identification. These days, this info will be much more than public information (like date of birth/mothers maiden name etc). I’m hopeful that banks will start using security tokens to validate access (private code plus personal time varying code) to really make things secure.
Si
Speaking of which, I was mildly surprised the other day to see a sign in Sainsburys (one of the big supermarket chains in the UK) stating that they will no longer be accepting cheques as payment from 1st August. I guess it had to happen sooner or later and I suppose it makes perfect sense - since they always require a cheque guarantee card now, and those cards are nearly always their own means of payment anyway (they’re typically credit or debit cards).
Short answer, yes technically they can, and short of never using bank accounts there isn’t much you can do to prevent it.
The good news is that you are pretty well protected in most cases. The worst possible scenario is someone simply printing checks of their own with your info on them and signing them as was already mentioned. This requires the theif to actually perform the fraud in person though and they run the risk of being asked for ID or being caught on camera. More often than not the thieves prefer to simply use the numbers to do ACH transactions. The good news about this is that as long as you report the fraudulent activity within 60 days of receiving the statement there is nearly a 100% chance of you getting all of your money back in a very short time.
Is it possible to steal your money and get away with it? Of course it is, there is a gentleman from Ohio that has been doing it for at least 6 years across the country and will probably never get caught. I won’t get into exactly how he does it, but it does involve raiding the mailboxes of people who put those little red flags up. Even in this worst case scenario though, the customer is made whole again very quickly. (Its actually easier in this specific case because most fraud officers at major banks can recognize this particular felon’s handwriting)
So it is an issue, but I wouldn’t lose any sleep over it.
But, you’ll be no more secure with a different bank. Just sayin’.
That’s interesting. The numbers at the bottom are printed in special magnetic ink. I suppose if the machine can’t read it, it just goes to manual rather than triggering a fraud alert.
True they are printed with Micr ink which has magnetic properties, however with so many small businesses out there doing their own payroll the ink isn’t as inaccessible as it used to be. You can also enter the numbers and there are enough bank issued checks that use cheap ink so that it isn’t unusual for a cashier to manually punch in the numbers.
In January 2004, Mrs.lanelee did a “check over the phone” transaction. She gave out the account number and routing number and they had a recording of her okay the transaction. I did not know that this took place and in April 2005 a counter check was issued so I called the bank to find out how and why. I was told that Mrs.lanelee had authorized the transaction that month and the bank was shocked, shocked I tell you, to find out that Mrs.lanelee had died in June 2004.
You can buy a toner cartridge for most of the major laser printers containing micr ink, so it’s pretty easy to print real, MICR-encoded checks at your laser printer. There are several software packages to let you do this – VersaCheck is one of the biggest.
But the magnetic toner is hardly necessary. Nearly all the bank check-sorting machines now have the capability top do both MICR reading and normal OCR scans on those numbers. (Back in 1954, when MICR was designed, OCR reading was primitive & unreliable, so they went with the magnetic ink.) If it doesn’t read with the MICR, they just get the OCR read of those printed numbers. All automatic, never even noticed by the bank employees. There might be a few banks out in the sticks with real old machines, that do require manual intervention, but they pretty rare now.
Yes, I neglected to mention that banks can certainly read it regardless of the ink used. Most grocery stores and the like however, at least the ones around here, have older equipment and if the check doesn’t have the micr ink they’re forced to enter it by hand. Since they do this frequently though, it doesn’t usually raise any suspicion or concern on the merchants end.
Yeas in fact it has just happened to me in todays day of supercomputers all you need is some ones routing number and account number which are easily available but you really have to have the account number. Which some people like myself are willing to share online if we believe we are sharing with a reputable company which we may be but their site could be hacked and someone is skimming data from them without their or your knowledge. routing numbers are even easier because all banks and credit unions post them online.
Then as in my case all the thief’s have to do is generate a fake electronic check and put your email address which usually is your real email address which they skimmed with the account number and use the IP address of the server you were on. Fortunately that is the only unique piece of data that the thief’s can’t get their grubby little fingers on and is the only thing that proves you didn’t initiate the transaction making a legitimate purchase for goods or services.
Every computer has a unique IP. I have looked up my own before and others who gained entry to my Google account which is provided in the security settings a google.com if you have a google account. So as long as you don’t share you personal IP you are safe. Another tip off is when an electronic check is generated for A so called membership when the account owner has a debit or credit card which are harder to spoof due to the security code and other identifiable trackers when used.
So if you too get your bank account emptied for every dollar as I have tonight you will surely believe that it does and can happen even in todays age. Luckily the banks can figure it out and return the stolen money to you but they will never see it because chances are it has already left this country headed for somewhere over there.:o
In most cases every computer in a given location will share the same public IP. At my workplace (a small school district) that’s hundreds of computers, tablets, and smartphones. A handful of devices on our network always have the same private IP, but most will have different IPs from one day to the next, or even multiple IPs in the same day if they aren’t left on all the time. And private IPs are only unique within a subnet. You could have a block of houses with internet access and every house could have a device with the IP 192.168.0.1 or 10.10.10.1, depending what addressing scheme they use.
Chances are what you think of as your “personal IP” starts with either 192.168 or 10.10.
Printing checks is easy and account numbers aren’t hard to get. But it doesn’t matter because check fraud is even easier to catch than to commit. At the end you’re on video if you were cashing a phony. As a criminal, wouldn’t you rather buy some compromised card numbers? Get yourself a crate of Android phones you can resell, something like that. Very little exposure, not much to worry about, no paper trail that’ll be held onto nigh to perpetuity.
The security simply isn’t there yet for cards and that’s one reason I write checks and use cash when I can.
As several people have mentioned, the numbers on the bottom of the check could be more than enough to steal money from your account. The trick is getting away with it. This is the problem too with credit cards. How do you translate data into money? The holy grail of course, is to get the mag-stripe and PIN from an ATM card and take cash from an automated dispenser, far from human witnesses and disguised for the cameras.
For the routing information and account, as mentioned, you can make phony cheques - these then have to be passed. Like fraudulent credit cards, one option is to buy easily fenced goods - but then there are witnesses, and trails with serial numbered goods, etc.
From my experience, I suspect most banks barely do a cursory inspection of cheques for name, signature match, etc. However, merchants that sell valuable and easily fenced goods probably have their own anti-fraud measures. The trusting days of “Catch Me If You Can” are long gone. I would also not be surprised if the US banks apply some of the same antifraud patterns to cheques that they do to credit card transactions, looking for unusual patterns.
If you create electronic transfers - well, I typically use these for more established vendors - the city for taxes, my cable company or to pay the heating bill. They want this information for regular withdrawals, and so are not the sort to monkey with accounts.
I don’t know what criteria banks use to allow account transfers, but I suspect if we can dream this up in a few minutes, banks have thought of this and have procedures to vet accounts that want to do a lot of paperless transactions against random accounts. I doubt you can go to the bank, set up your Acme Inc. account, and transfer money from 10,000 “customers” in one month, covert it into a cash withdrawal, and disappear - without setting off alarm bells before you even got started.
I don’t even know if merchants in Canada typically still take cheques - everything is debit card or credit card nowadays. The cost for a bounced cheque is so high, that even 20 years ago one of the local restaurants I went to would have a display behind the cash register “buy back your bad cheque” where anyone could read who had written an NSF cheque. Back then, IIRC, the fee was $15 or $25 or something. There was no real upside in taking cheques when everyone had a debit card for the ATM.
Of course, the numbers are still useful to Nigerians, apparently, so most banks have procedures in place to prevent transfers to foreign banks.
About a year ago, someone in my apartment rental office lost the rent check I gave him (about $600). This was discovered about a week later when the manager called me to ask where the rent was.
I went to the bank to stop payment on the check (for which there would have been a fee, of course). They told me that if such a check had fallen into the wrong hands, anyone with those two magic numbers could suck money out of my account. The bank, therefore, insisted that I close the account altogether and open a new account – all of which they did for me without any fee at all.
I fell victim to a checking “scam” although I guess it was legal. At a kids event there was some some educational company selling a “$50 a month membership and we’ll send tons of educational books” thing. No way was I doing that, but I bought one book that my daughter liked and paid with a check. They took my email address and I later got an email. When I clicked a link in it that was supposed to go to a special offer, a page briefly said “thanks for joining” or something, then it went to their main page.
Six months later, I noticed that I was being charged $19.99 a month by some company. I googled them and found it was the book people charging for membership to their site. A lot of people were complaining about them online. If you click the link in the email, apparently the site briefly flashes info saying you’ve signed up for monthly membership, but it’s so fast you can’t read it. I never signed up or gave them a credit card or anything, they had taken the numbers from my check then planted the email link which went to a special page for my address. The email wasn’t necessary to get my money, it was just to keep it legal.
I talked to my bank who suggested I call the company and see if they’d give the money back, otherwise they’d refund it, close my account and open another, and let their fraud team go after the company. The company said they’d refund half, so I took that and let the bank handle the rest.
It happened to us too. Thief stole outgoing mail I had left on our mailbox at home (I now mail everything at work or an official post office drop box) and made checks with my husband’s account information and routing number, with her (fake) name and address. She then went on a spending spree. We had closed both husband’s and my accounts, but husband’s account didn’t get closed properly - the bank clerk meant to leave it open only for his upcoming Social Security direct deposit, no outgoing funds, but that didn’t happen somehow. It took us a while to get everything straightened out, but the money was eventually all refunded.
This topic is something that has puzzled me for a long time. I would read these stories all the time: Someone (usually overseas) agrees to pay you some money and you give them your account and routing numbers so they can deposit it. Next thing you know, all the money in your account has been withdrawn. Moral: Only give out your account info to reputable venders.
I have to conclude that these stories are just bogus, urban legends. The examples in posts in this thread (sad though they are) are of relatively small charges or involve check theft or forgery–nothing like the instantaneous draining of an entire balance. If two numbers could give someone such power then that horror would be happening all the time and be a HUGE issue. As pulykamell pointed out above (7 years ago) every one of the many checks we write displays those two numbers, and eventually someone “disreputable” would jot them down and we’d lose everything.
I’d really like to know the straight dope behind those stories and learn why that kind of large-scale theft does not really seem to happen.
I was on grand jury duty in a county in New Jersey, and one of the cases that came before us dealt with this. It appeared that a courier for a number of businesses, who dealt with delivering checks as payments to vendors, had copied the account numbers and routing codes from some of the checks. He then got checks made in his name (yes, he used his real name and address) with those numbers. He then would send in payments to the cable company, utility company, etc, far in excess of the bill amount using the fake checks. If the bill for cable was 124.37, he would send a check for 1124.37. After a bit, he would contact the cable company and request a refund on the amount he payed in excess of the bill. So he would get a clean check from the cable company for 1000 that he would deposit in his bank account.
It was fairly hard to detect and prosecute, since the business had a large amount of checks going in and out. Once the business owner detected the check fraud, he went to the police who did pretty much nothing. They said that the check fraudster probably used a fake name and address. The business guy pursued it though, and he found out what was happening with the courier and pressed charges somehow.
This is all supposed to be secret grand jury testimony, so don’t tell anyone. We voted to indict.
It occurred a number of years ago, so I think the secret is out of the bag.