Tuesday, January 30, 2007

Credit card scammers: the story continues

In late 1998 I was one of thousands defrauded in the $40 million Netfill credit card scam. I wrote up a web page, helped track down the baddies, was even on Japanese TV. My fame was very minimal and very fleeting, but the problem didn't go away. A system that was designed for person-present brick-and-mortar transactions has deep flaws on the web, but, absent legislation, banks have very good business reasons not to fix things.

Reading this Wired News story brings back old memories ...
Wired News: I Was a Cybercrook for the FBI

.... The full scope of the problem is hard to judge, but nonetheless staggering. U.S. banks lost $546 million to debit card fraud in 2004, according to banking research firm Dove Consulting, and credit card fraud losses were estimated to be about $3.8 billion globally in 2003 according to The Nilson Report. The Federal Trade Commission estimates that 10 million Americans are victims of identity theft each year. The financial impact of identity theft remains untold."
That's a lot of losses, and I bet less than half of the losses are ever detected, so total unrecovered losses to consumers are probably about equal to this number. In addition, outside of North America, banks are notoriously bad at covering losses, so any number based on bank losses is really an underestimate. Speaking of unresponsive financial services ...

The Schwab [brokerage] case illustrates a running theme in Thomas' dealings with the FBI. Although Thomas says he provided his handlers at the Seattle FBI with logs depicting desertmack's scheme, the bureau apparently never acted on that information -- the Oregon FBI only learned of the theft because Campbell, the victim, reported it himself after it occurred. "If we had left it up to Schwab, they might never have gotten the FBI involved at all," Campbell says...

Schwab, too, was less than responsive. Campbell got his money back from the company only after several calls to the firm pointing out the obvious security flaws in a system that failed to flag a wire request made on an account a day after contact information on the account was changed. "Schwab was pretty bad with customer service," Campbell says. "For a long time they wouldn't tell me they were going to take responsibility for it and return (the money)." (Schwab had no comment).

No comments: