They get your online banking access (virus that allows them to see the password you type?). Then they drain your accounts.
They geta bunch of info about you. Collect enough info - name, address, birthday and location of birth, phones, workplace, bank account numbers, email access, etc. - then identity theft becomes a possibility. they apply for credit cards, get copies of ID, try to get your phone transferred to them, (So they can bypass 2-party authentication) or in extreme cases, pass themselves off as you to get a mortgage on your house (and disappear with the money).
From the reports I have read, identity theft usually requires access to incoming mail. If you have a communal mailbox like in an apartment block, or a dishonest person with access to your home mail, they can intercept the letters from CC companies etc. and use them for their own nefarious purpose.
AFIK all of these transactions depend on snail mail communications to set up, so while not impossible, I think it would be very hard for someone in another country, or even another State to acquire your identity without you making some gross error of judgment.
It gives that ability to the person you gave the check to. Which means that, yes, it pretty much does give it to anyone. Anyone with your numbers could print out a check in whatever amount they wanted, and how would the bank know that it wasn’t you that wrote it?
Our banking system is, objectively speaking, pretty screwed up. In the past decade, there has been some effort to put some security in the process (note: “some”, not “more”), but there’s still a long way to go. The fact that theft isn’t rampant is just because most people aren’t thieves.
Yes, the banking system exists very much on trust. (Aside - this is where the system almost collapsed in 2008 - banks trust that when they send a request for cash to another chartered bank, it will be paid. In 2008, that confidence evaporated.) The system adapted to tricks. Note the Catch Me If You Can author exploited one loophole, that the wrong routing numbers at the time delayed cheques clearing long enough for him to abscond - but he also exploited the fact that many businesses accepted and even cashed cheques based on the apparent reliability of the person with the chequebook. Faking this was a common crime of the day.
Banks were generally less stupid - they would “hold” the funds until assured the cheque had cleared. A counterfeit cheque might make it past the initial clearing, but had the same problem as most transactions, from credit card to bank robbery - it was difficult to scale up to making a regular living, and the more a trick was used, the more likely it was flagged and guarded against.
In my case, it was the utility that was trying to steal from me.
They changed out the meter at my house & reset it wrong, 100 units off so I ‘used’ as much gas in Sept as I did the previous Feb. I called them up & they said, 'Yup, it looks wrong. Don’t pay that bill, we’ll send you an adjusted one & send someone out to fix the meter." I got & paid the adjusted bill but they never sent someone out to adjust the meter so in Oct, I used 99 ccf of gas more than the previous year (100 + a slight usage difference). Lather, rinse, & repeat two more months (4 in total) until I threatened to file a theft complaint with the regulators. Amazingly, a guy was at my house w/in 24 hrs.
I’m sure you’ve also heard of those stories that someone goes on a foreign vacation & ends up with a multi-thousand dollar cell phone bill due to int’l roaming charges. If they take that, do you have enough leftover to pay your mortgage?
Nope, I pay my bills electronically but I push the money out instead of letting them come in & take it.
This is just possible, but the ink is special, and no check is valid without your signature. The point is, checks have been used routinely for paying all bills etc for pretty much all of the 20th century, and that never became a problem.
Also note that I just bought a used car with a check. And my bank contacted me when the check was submitted and asked if I wrote it.
So theoretically, maybe. But not in reality. It just plain didn’t happen.
The ink used to be special. Like in the 1960s when the check scanning machines were first invented. See MICR which stands for Magnetic Ink Character Recognition. When consumer laser printers first came out in the late 80s you could print your own checks, including the routing and account numbers using a special iron-heavy toner cartridge. Not long after that the special toner carts disappeared because the banks had switched to optically reading the magic numbers even though the MICR font survives to this day.
No human and no computer checks that sigs are present, much less that they match the account owner’s sig on file.
Do some banks sometimes call about some some checks? Sure. Does that happen very often as a percentage of all checks written and deposited? Nope.
The entire banking industry operates on the thinking that losing billions to fraud every year is cheaper than upgrading their processes to reduce or prevent that fraud. Forged checks are a very big business.
Yeah. It’s funny to me that they can add sig-checking to a phone app usdd only for low-value cpnsumer-consumer checks, but not to the mainframe systems that view millions of high value checks per day.
It’s a problem quite frequently. You’ve never heard of check skimming? The system tries to deal with it when it happens, when anyone notices, but puts almost no effort into preventing it from happening in the first place.
Check skimming: The fraudster takes a customer’s payment check and deposits it into their own bank account. To avoid suspicion, their account is probably under a similar name to your company (e.g. Cool Candles, Inc. instead of Cool Candles Co. or Joe Snith and Associates instead of Joe Smith and Associates).
That’s not at all like printing fake checks with someones acct number, etc , writing a check and doing stuff with it.
Sure, but for most of the 20th century, I couldn’t pay my bills online with just a routing number and account number. Someone can’t get into my bank account on the bank’s website without the login details but there are loads of payments I can make via “electronic checks” which means providing the routing number and account number. I can transfer money from an account in one bank to another with just the routing number and account number. If someone uses my banking info to pay a bill or transfer money , I ultimately won’t be out the money. But it’s unlikely to be fixed instantly and will cause me inconvenience and aggravation at the very least. A few months ago, I got a bill for a cellphone account I didn’t open. It didn’t have anything to do with my banking info but I spent so much time making and getting a copy of a police report and dealing with the cell phone company and the credit bureaus that it almost would have been easier to pay the bill and close the account. ( “Almost” because there were at least three more account openings that were stopped because of the alert put on my record.)
Yes, your account number isn’t all that secret. But still with the number of eBay horror stories I’ve read over the years I would strongly suggest opening a sacrificial bank account for eBay. eBay will be both depositing and withdrawing from your account and you don’t want them screwing with an important account that you use to pay bills if there is some sort of problem or dispute.
The problem with skimming is - if the business is big enough to have a AR dept. then its accounts are computerized. How long before a cheque is missing? The real opportunity I suspect would be with sales receipts - under-report them. Typically the authority to cancel a due amount is not delegated to the persons processing payments.
Our accounting lecturer worked for a major accounting firm. He mentioned the one case - the thief was the VP of a construction firm, who was tasked with approving payments for various sites. He made up extra companies allegedly working those construction sites, then approved their invoices. He got caught -typical story - when he went on vacation. The clerk went to one of the engineers - “you worked at this site, this invoice is due and the boss is on vacation. Can I pay it?” The engineer noticed 'WTF? There’s no company by this name at the site." Rather than go after the guy, they fired him and put the estmated theft amounts - $500,000 - as income on his tax form. Let the tax department take care of it.
A friend who was an accountant mentioned another problem. The easist skim was one nobody was expecting. The government would remit Canadian wholesale tax quarterly based on certain criteria in the days before GST. It was a decent amount, but not that significant in the overall business he worked with. Since it was an irregular amount that nobody else saw, it could go unnoticed. She’d pull cash out of the sales deposit and slip in the cheque, thus the cheque was cashed to the business account. He was reviewing the books and noticed and unusually large cheque in the weekly receipts. Then he went back and determined she’d done this for at least 2 years. The boss’s wife said “She couldn’t be - must be a mistake! She’s my friend! She’s in our home all the time.” My buddy sarcastically replied “She’s a thief. She’s probably stolen your jewels and furs too.” He said the wife’s face dropped, he’d probably hit too close to the mark.
The trick with these shenangans is not faking a cheque. It’s covering up the missing money in the accounting system. If someone prints a fake cheque for $1,000 or more and submits it I’m sure going to notice it’s gone. What are the odds the fellow printed something perfectly matching my real chequebook? I suspect the banks have AI-type programs that analyze behaviour and flag unusual transactions. Opening a new account and then depositing lots of cheques suggests a kiting scheme at the very least, if not fake cheques. Someone will investigate.
Unless it’s a petty thief with no hope fo the future, the other trick is doing it in enough volume to make a living. One item I recall about a fellow who was embezzling to feed his Vegas gambling addiction, mentioned the guy told police it was almost a relief when he got caught. He’d been getting in deeper and deeper for about 2 years, and knew it was hanging over his head that eventually he’d be caught.
In the UK this is known as “Long Firm Fraud”. Companies and government organisations with weak accounting systems that allow an individual to both order services and authorise the subsequent payment are susceptible to this.
It works best with services because there is no visible product coming into a goods-receiving department. I am the IT manager and call in repair companies as and when needed. They submit an invoice, I authorise it and they get paid. So long as I don’t get too greedy, I am unlikely to get caught.
In his case, he relied on the fact that the work site people had very limited interaction with the head office accounting. He was the person who approved invoices from the work site, supposedly verifying the work was done per specs. If he made up a secondary piece - say, “additional plumbing installation” - and nobody at the worksite saw the invoices, he got away with it. With a multi-million dollar project, a few extra thoudsands here and there was not noticeable, it probably fell withing the contingency range. It would take an intensive audit to cath it. (The other issue is who is authorizes to set up companies as contractors so they could submit invoices and be paid.)
When I worked in a large IT department, people used to joke about “set up a few phony employees”. What they didn’t realize is that employees are assigned to supervisors, and each supervisor has to answer for their budget. In the wonderful world of Wall Street consultants, there’s not a lot of wiggle room to add a nonexistent employee, let alone several. Plus, every employee on payroll has to produce a SIN (Social Insurance Number) in Canada, I assume an SS number in the USA. Mandatory deductions are submitted to the government every month along with relevant data. The tax department will quickly flag incorrect numbers. This is why phony invoices and contractors are the way to go.But there’s the added complication that companies now need a GST number (goods and services) and that number also becomes relevant in tax data submissions. (Presumably, “faking it” can lead to fraud charges over falsifying data, compunding the offenses)
As always one of the best internal controls is to ensure that no one person has control of enough pieces of the puzzle that they can assemble an alternate reality.
Everybody watching everybody is the order of the day. That’s part of the genius of VAT: no police force necessary. Each entity is encouraged to snitch on their suppliers because the alternative is to pay their suppliers’ taxes.
At my work we had a fraudster get caught by exactly this system. He setup a fake company, then bought lab equipment from the fake company at an unreasonable markup, and pocketed the difference between the normal and marked-up price. And he’d have gotten away with it too, if wasn’t for the meddling accountants who had to approve the purchases.
Large purchases (over $5000, if I remember correctly) require sole source justification. That isn’t too much of a burden if there really is a reason to need something specific, but it is very difficult to get sole source justification to buy one piece of commodity hardware that is interchangeable with another. Weak sole source justifications prompted further investigation, which resulted in uncovering that the vendor was a shell company owned by a member of the fraudster’s family.