Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Glut In Stolen Identities Forces Price Cut

samzenpus posted about 8 months ago | from the cheaper-by-the-dozen dept.

Crime 152

CowboyRobot writes "The price of a stolen identity has dropped as much as 37 percent in the cybercrime underground: to $25 for a U.S. identity, and $40 for an overseas identity. For $300 or less, you can acquire credentials for a bank account with a balance of $70,000 to $150,000, and $400 is all it takes to get a rival or targeted business knocked offline with a distributed denial-of-service (DDoS)-for-hire attack. Meanwhile, ID theft and bank account credentials are getting cheaper because there is just so much inventory (a.k.a. stolen personal information) out there. Bots are cheap, too: 1,000 bots go for $20, and 15,000, for $250."

cancel ×

152 comments

Sorry! There are no comments related to the filter you selected.

Wait... (1)

Anonymous Coward | about 8 months ago | (#45479099)

$300 get me a bank account with $70k to $150k in it!?! Count me in!

Why is this junk even on slashdot?

Re:Wait... (1)

negRo_slim (636783) | about 8 months ago | (#45479103)

but wait what about

to $25 for a U.S. identity, and $40 for an overseas identity

Is that 25 FOR? or it's lessened by 25... So cunfused how math?

Re:Wait... (2)

ifiwereasculptor (1870574) | about 8 months ago | (#45480685)

"The price of a stolen identity has dropped [...] to $25 for a U.S identity [...]"

Seems pretty clear.

Re:Wait... (-1)

Anonymous Coward | about 8 months ago | (#45479143)

$300 get me a bank account with $70k to $150k in it!?! Count me in!

Why is this junk even on slashdot?

Because $250 for a botnet gets me top rank on Battlefield, you fucking faggot!

PHEER ME NUBZ

Re:Wait... (1)

Joce640k (829181) | about 8 months ago | (#45480501)

How many bitcoins could you mine with a $250 botnet?

Re:Wait... (2)

TheCarp (96830) | about 8 months ago | (#45480799)

Ahhh but then, how many botnets could you get for 70k-150k?

Re:Wait... (1)

Joce640k (829181) | about 8 months ago | (#45481383)

If a $250 botnet is profitable then the sky's the limit. All you do is reinvest the profit in more botnets and you bank balance will go up exponentially. You'll be buying up islands in the Pacific in no time.

Re:Wait... (3, Interesting)

benjfowler (239527) | about 8 months ago | (#45479863)

It's interesting for what it implies:

Stealing personal data is easy and cheap. Cashing out certainly isn't, and is where banks' "defence in depth" security strategy pays off.

Re:Wait... (1)

TheCarp (96830) | about 8 months ago | (#45480867)

And especially pays off for anyone who can get it out...especially if they can do it while leaving someone else (or many other people) holding the (empty) bag(s). I still laugh about this one:

http://www.nytimes.com/2013/05/10/nyregion/eight-charged-in-45-million-global-cyber-bank-thefts.html?_r=0 [nytimes.com]

two precision operations that involved people in more than two dozen countries acting in close coordination and with surgical precision, thieves stole $45 million from thousands of A.T.M.'s in a matter of hours.

Change your passwords ASAP! (5, Informative)

DigiShaman (671371) | about 8 months ago | (#45479117)

Seriously! If you even suspect that the machine you're working from has ben compromised by malware, CHANGE YOUR PASSWORD to the accounts you've used via a known clean computer. Then proceed to nuke the drive from orbit and reload the OS and apps. Botnets are known sources of dropping key loggers and harvesting user data to a central database.

Re:Change your passwords ASAP! (0, Insightful)

Anonymous Coward | about 8 months ago | (#45479199)

Don't reload the OS. That's stupid. You'll end up in the same situation again- Change your OS to something *not retardedly easy to compromise*.

* my apologies go out to the mentally challenged

Re:Change your passwords ASAP! (0)

Anonymous Coward | about 8 months ago | (#45479221)

Change your OS to something *not retardedly easy to compromise*.

I lost my BeOS CD... can you send me a copy?

Re:Change your passwords ASAP! (1)

MaskedSlacker (911878) | about 8 months ago | (#45479437)

BeOS came on CDs?

Re:Change your passwords ASAP! (2)

LoRdTAW (99712) | about 8 months ago | (#45480371)

Not to be a pedant but:
Sure did. Still have my R4 cd. Starting with R5, the personal edition or PE of BeOS was a free download with only a developer edition available on CD.

Re:Change your passwords ASAP! (0)

Anonymous Coward | about 8 months ago | (#45479685)

Near enough: https://www.haiku-os.org/

Re:Change your passwords ASAP! (1)

TheRaven64 (641858) | about 8 months ago | (#45480707)

BeOS 5 is not easy to compromise remotely because the network stack crashes under load, or after a few minutes of low load. Does Haiku have the same feature?

Re:Change your passwords ASAP! (3, Insightful)

Anonymous Coward | about 8 months ago | (#45480223)

I guess that leaves Linux, Windows, and OS X out.

Re:Change your passwords ASAP! (1)

the grace of R'hllor (530051) | about 8 months ago | (#45480743)

Change your OS? Only after shredding the mainboard and getting a new PC. If you're paranoid or in a high-money environment, that is. There is malware that nestles in the BIOS, and can install keyloggers or network sniffers before the OS is even allowed to boot up.

Re:Change your passwords ASAP! (4, Informative)

ifiwereasculptor (1870574) | about 8 months ago | (#45480751)

I don't know how it is in the US, but here banks seem to deeply dislike OSs not retardedly easy to compromise. I have accounts in two banks. One of them started working in Linux only about four years ago, the other only did so last year. They both regularly splurt errors because of openJDK incompatibility - they want Sun's Java. And one of them hilariously has its https certification broken for almost a year now. Airlines are even funnier. At least one of them still only works on IE.

Re:Change your passwords ASAP! (1)

ewieling (90662) | about 8 months ago | (#45481403)

If a bank can't keep their SSL cert up to date why should you trust them with your money?

Re:Change your passwords ASAP! (4, Funny)

sycodon (149926) | about 8 months ago | (#45479239)

We need a bounty on cyber criminals. How about $25 per ear?

Re:Change your passwords ASAP! (0)

Anonymous Coward | about 8 months ago | (#45479287)

We need a bounty on cyber criminals. How about $25 per ear?

They'll just buy their way out.

Re:Change your passwords ASAP! (0)

Anonymous Coward | about 8 months ago | (#45479917)

Your suggestion that we punish a non-violent crime with body mutilation seems contrary to your signature. Not arguing either point, they just seem dissonant to me. Perhaps you can introduce me to new information that will resolve the two.

Re:Change your passwords ASAP! (2)

swillden (191260) | about 8 months ago | (#45480325)

Your suggestion that we punish a non-violent crime with body mutilation seems contrary to your signature. Not arguing either point, they just seem dissonant to me. Perhaps you can introduce me to new information that will resolve the two.

There is a simple but deep philosophical perspective shift you need to make to resolve the apparent dichotomy between the statements. Put simply, you need to realize he was joking. I'll leave it as an exercise for you to determine which of the statements was a joke, or if perhaps both were.

Re:Change your passwords ASAP! (1)

sycodon (149926) | about 8 months ago | (#45480993)

Yet...

I am not completely convinced that just because someone doesn't attempt to perpetrate violence upon you, that you are not justified in responding to the non-violent crime with violence.

Re:Change your passwords ASAP! (1)

swillden (191260) | about 8 months ago | (#45481229)

Well, technically, kidnapping and imprisonment are violent acts, and we have our police and courts do those to non-violent offenders all the time. Mutilation is a little beyond the pale, though.

Re:Change your passwords ASAP! (1)

sycodon (149926) | about 8 months ago | (#45480897)

Actually, I'm suggesting that we kill them first. THEN, cut off their ears.

And this situation and the sig are not related at all. We aren't talking about saving Humanity, we are talking about exterminating rodents.

Re:Change your passwords ASAP! (1)

swb (14022) | about 8 months ago | (#45481339)

A friend of my wife just went through this TWICE in a week because she presumably didn't scrub her computer.

She had her total identity stolen -- addresses changed, a mortgage applied for, thousands charged to her credit cards, bank information stolen (although they didn't actually take her bank account yet).

She changed everything -- new cards, new bank account, etc, and a few days later had it all stolen again.

What I find strange is that she was re-targeted. Given the apparent low cost of an identity with a lot of money, you'd think ID thieves who "lost" an identity they were trying to steal would move on to another one unless they one they had stolen was worth healthy six figures plus. This woman wasn't that -- she's a single parent with a kid in college.

Hurry up and sign up for ObamaCare (2, Insightful)

Legal.Troll (2002574) | about 8 months ago | (#45479121)

because it's important that your health history and comprehensive financials be digitized ASAP by incompetent bureaucrats.

Re:Hurry up and sign up for ObamaCare (2)

AK Marc (707885) | about 8 months ago | (#45479275)

Too late, I have had private insurance for years.

Re:Hurry up and sign up for ObamaCare (4, Funny)

Anonymous Coward | about 8 months ago | (#45479775)

Don't you know private industry is the epitome of security and efficiency? That's why the private sector is never plagued by budget overruns or mismanagement.

Why do you hate America, you filthy communist?

Re:Hurry up and sign up for ObamaCare (1)

benjfowler (239527) | about 8 months ago | (#45479873)

... as opposed to the lowest (private sector) bidder. Great choice.

Re:Hurry up and sign up for ObamaCare (1)

Legal.Troll (2002574) | about 8 months ago | (#45481381)

Of course, there's no way a mandatory government programâ"requiring a nationwide database of digital health data to be provided to, and managed by, incompetent, viciously partisan bureaucratsâ"could be worse than the existing private-sector arrangement run by insurers who lack the power of a Roman emperor and don't require you to deliver your medical records to packet-sniffing Romanian criminals, conveniently packaged with the records of the other 300 million people in this country. SO YOUR SARCASM IS WELL TAKEN GUISE.

those numbers seem unsustainable (2)

ffflala (793437) | about 8 months ago | (#45479125)

Purchasing $150,000 for $400 (vary currency as necessary) would seem to be a loophole that would quickly undermine the world economy. Perhaps "price" of a stolen identity isn't a proper measure of "value".

Re:those numbers seem unsustainable (4, Interesting)

ATMAvatar (648864) | about 8 months ago | (#45479135)

Exactly. You aren't going to successfully withdraw all $150k in one go. Withdraw $100 once or twice a week, and there's a decent chance the owner may not notice for some time.

Re:those numbers seem unsustainable (1)

AK Marc (707885) | about 8 months ago | (#45479289)

I've moved $60k in a single overseas transfer. Though, they wouldn't move it without me showing up in the branch in person. I could have transferred the same amount domestically from online.

Re:those numbers seem unsustainable (3, Insightful)

MaskedSlacker (911878) | about 8 months ago | (#45479439)

Moving $60k online doesn't do you any good. You move it from their bank account to...what? Another stolen account that you can't withdraw from? Or one that has your address? Or one with a stolen SS#, but that has you on security cam footage? You move that kind of money out and you are going to be caught.

Re:those numbers seem unsustainable (1)

AK Marc (707885) | about 8 months ago | (#45479493)

You move it from one they have direct access to, to an intermediate account, which they can't immediately block you from. You get days from when the loss is discovered, rather than hours. Then you can transfer it to another account, or withdraw it at a more leisurely pace.

Re: those numbers seem unsustainable (1)

tleaf100 (2020038) | about 8 months ago | (#45479997)

well enough folk around the world everyday get away with it,if this data had no value,the price just would not drop,so they must have some worth in the real world,if we go by average police catch rate of say 33% for this type of crime,thats a lot of cash or goods that are from other folks account. you have to use your imagination.

Re:those numbers seem unsustainable (3, Informative)

Sique (173459) | about 8 months ago | (#45480339)

That's where the real valuable asset comes in: the money mule.

Money mules are people tricked into agreeing to whitewash the stolen money by accepting the money withdrawn from the stolen account and then transferring it via wire transfer to the plunderer.

When the original owner of the account sees the transfer, he will call the bank and reverse it. At this time, the money mule will already have withdrawn the money from their account and transferred it. This leaves the money mule with the debt incurred, because they now lose the money from the stolen account, and are thus effectively paying the plunderer from their own money.

This puts the value of a stolen account to about the amount of money the money mule will be able to cough up until their own bank takes action.

Re:those numbers seem unsustainable (1)

TheCarp (96830) | about 8 months ago | (#45481139)

Yup. And the thing is, there really isn't much you can do about this loophole in humanity. Hell a while back (maybe someone has a link to the story) there was an investigation done where someone tracked one of these people down through a scam.

This guy has met a woman online, on a dating site. She told him she ran an international business and needed help doing shipping in the US, next thing you know, packages are arriving at his door and he is accepting them and forwarding them on.... often out of his own pocket!

I could see similar here... Hows this "Hey baby, I wish i could come back to the US soon, but they have totally screwed up my VISA, and I have an ATM card at an American bank and they will kill me in fees if I try to bring the money here, if I send you the card, can you withdraw the money and send it to me? Keep a few hundred for yourself, you will be saving me more than you know"

Insert that after a week or so of online flirting, from a profile of a busty woman, and I bet you could drain several accounts a week.

Re:those numbers seem unsustainable (0)

Anonymous Coward | about 8 months ago | (#45480419)

Bitcoins, due to their irreversibility.

Re:those numbers seem unsustainable (1)

Big Hairy Ian (1155547) | about 8 months ago | (#45480387)

Convert it to bitcoins :)

Re:those numbers seem unsustainable (1)

Anonymous Coward | about 8 months ago | (#45479151)

Well, to be sure it's supply and demand. But what does it say if the identity of a US citizen is about 1/2 that of a Nigerian prince?

Re:those numbers seem unsustainable (5, Insightful)

artor3 (1344997) | about 8 months ago | (#45479163)

I think it goes without saying that when someone sells a $150k bank account for $400, it's because they know they can't withdraw more than $400 without getting caught.

Re:those numbers seem unsustainable (0)

Anonymous Coward | about 8 months ago | (#45479353)

That, or it's simply a question of specialization. Withdrawing more than $400 without getting caught may be possible, it might just not be the kind of thing that the people who harvested the account specialize in.

Re:those numbers seem unsustainable (0)

Anonymous Coward | about 8 months ago | (#45479843)

Yeah, there is also the risk factor. I'd imagine selling the account to someone using some hard-to-trace form of currency is almost risk free when compared to trying to get your hands on that $150000. Also that $150000 might be overseas in a bank that mostly operates in some funny language.

Re:those numbers seem unsustainable (1)

Joining Yet Again (2992179) | about 8 months ago | (#45479831)

Risk/reward, homecat.

It's like selling toxic debt for 10% of the amount of the debt. The new creditors know that they're going to have little luck with maybe 3/4, and the remaining 1/4 will take money+time to cough up.

Re:those numbers seem unsustainable (5, Informative)

AmiMoJo (196126) | about 8 months ago | (#45480389)

Usually the plan is not to withdraw money from the account directly. Too easy to get caught, owner of the account usually notices pretty quickly. Instead the account is used to open other accounts or take out loans which are then defaulted on.

This is pretty common in the UK. We have these shitty pay-day loan companies that charge 5000% interest and do only the most basic checks before handing over the cash. People give them someone else's name and bank account, so the first thing the victim knows about it is when Wonga starts taking internet payments by Direct Debit.

Re:those numbers seem unsustainable (3, Insightful)

sjames (1099) | about 8 months ago | (#45479179)

Criminal activity often involves taking a great deal of value from the victim and converting it to a much more modest value for yourself.

In economic terms, the difference represents the risk taken. The guy who grabs the ID info sees little risk in that, but there is considerably more risk in actually using the info, so it sells at a steep discount.

This sort of thing actually is undermining the banking system. How long will it be before a transaction is as likely to be fraudulent as not?

Re:those numbers seem unsustainable (2)

AK Marc (707885) | about 8 months ago | (#45479279)

That, and how can we verify this? Where are the links to the online marketplaces?

Re:those numbers seem unsustainable (0)

Anonymous Coward | about 8 months ago | (#45479705)

https://silkroad.gov/ [silkroad.gov]

Re:those numbers seem unsustainable (2)

hodet (620484) | about 8 months ago | (#45480613)

Or maybe the $150,000 is not the real prize. If you can access an account with that much money in it you can use it as part of your new "identity" to leverage even further into another account. The person whose identity has been stolen would be none the wiser and the thief could make off with 10 times that amount. If you try and access any of that 150k the bank would shut it down immediately after you pulled out the first $500. If a different bank really thought you were the owner of the account you can take your sweet time, maybe even make a couple of payments back to the bank to drag out the process.

Re:those numbers seem unsustainable (4, Informative)

Jason Levine (196982) | about 8 months ago | (#45481061)

Exactly this. When my identity was stolen, the thieves didn't use it to find and break into my bank account. Instead, they opened a credit card in my name (with my address, SSN, and DOB, but NOT with the correct Mother's Maiden name - red flag #1). The only reason they didn't get away with it was that they 1) paid for rush shipment of the credit card and 2) then immediately changed the address (red flag #2). So the card got shipped out quickly to my address and THEN the address was changed. The card arrived at my doorstep instead of theirs. Of course, that didn't stop them as they tried to get a $5,000 cash advance before even activating the card (red flag #3).

And the credit card company's response to me? "Are you sure your wife didn't open the card in your name without telling you? No? Well, we can't give you any information on the account because if you go and kill them then we're liable." They stonewalled me and when I got the police involved, they directed them to a number that was never answered. To them, they just closed the account and the problem was solved. Actually helping to catch the people who did this would involve effort that they weren't willing to put in. That's why Capital One credit card's are not and will never be "what's in my wallet."

Re:those numbers seem unsustainable (0)

Anonymous Coward | about 8 months ago | (#45480959)

It's not always about accessing money in a bank account. Sometimes it is about using someone's good credit. With that much money in an account, this person would likely have a decent credit score. That is what recently happened to my wife. Somehow (we are still trying to figure it out) a group of thieves got a hold of pertinent information for my wife and used it to open up lines of credit at various stores and credit card companies. Before we were able to shut everything down (best thing you can do is place a freeze on your credit at the 3 credit bureaus), they were able to use one line of credit at a store immediately and purchase ~$2000 of gift cards. So for $400, coming out $1600 ahead with relatively little work seems like decent "value" to me.

Get rid of spam? (5, Funny)

SB9876 (723368) | about 8 months ago | (#45479147)

So, if I'm to follow the reasoning of this article, if we all use weak passwords , the market gets flooded and they all go out of buisness?
SWEET
password:password, here I come!

Re:Get rid of spam? (1)

Zargg (1596625) | about 8 months ago | (#45479167)

Oops, commenting to remove accidental mod. Hit overrated, meant funny!

Re:Get rid of spam? (1)

Anonymous Coward | about 8 months ago | (#45480425)

you know you lose the mod point all together when you comment...

Re:Get rid of spam? (1)

Arethan (223197) | about 8 months ago | (#45479267)

passwordistaco

enough said.

Re:Get rid of spam? (0)

Anonymous Coward | about 8 months ago | (#45479309)

Seriously. I've got half a bitcoin that apparently could pay for itself several times over, here.

Capital Crime (1)

Z00L00K (682162) | about 8 months ago | (#45479165)

Identity theft should be a capital crime.

Re:Capital Crime (0)

Anonymous Coward | about 8 months ago | (#45479197)

if someone steals and assumes your particular identity, you would be committing suicide!
seems harsh

Re:Capital Crime (5, Insightful)

sjames (1099) | about 8 months ago | (#45479219)

'Identity theft' should be recognized for what it really is, bank fraud.

First the crooks defraud the banks by performing transactions in someone else's name. This is aided by the banks insistence on not implementing secure authentication.

Then the banks defraud you by insisting that you are responsible for the transactions in spite of not having a single shred of evidence that you made them.

The credit agencies compound it by repeating the bank's financial gossip with a wanton disregard for the truth.

The 'justice system' then aids and abets by not telling the banks to pound sand and by not convicting the credit agencies for libel./p.

Re:Capital Crime (1)

jhol13 (1087781) | about 8 months ago | (#45479471)

How do you make secure authentication in banks?
You do know people in UK refuse to have ID cards of any kind, therefore in bank a gas bill is considered "identification".
In Finland a (very old) driving licence suffice - the picture usually is so bad as to pass if you look even a bit like.

Banks are not always the culprit.

Re:Capital Crime (1)

cayce (189143) | about 8 months ago | (#45479539)

In Mexico you can't make any kind of transaction without your voter registration card. Which is fairly secure and the country's de-facto method of identification.

Having a country "mandatory" registry goes a long way to avoid identity theft and minimize fraud.

Re:Capital Crime (1)

lxs (131946) | about 8 months ago | (#45479877)

Cue the YES BUT THE EVIL GUBMINT crowd.
Sometimes identity cards are a good thing. If the mailman brings me a valuable package he'd better check my identity and not leave it on the stairs or give it to the first fool who manages to scrawl something illegible on a rain soaked piece of paper or touchscreen.

Re:Capital Crime (-1, Troll)

jmac_the_man (1612215) | about 8 months ago | (#45480203)

In Mexico you can't make any kind of transaction without your voter registration card.

Mexico has voter registration cards? That's interesting, because in the US there's a political party that says that Americans of Mexican descent are too stupid or feeble or something to obtain voter registration cards, and thus supporting any "You have to show ID when you vote" law is racist. I wonder what the difference is between people of Mexican descent in Mexico and people of Mexican descent in the US.

Re:Capital Crime (1)

L. J. Beauregard (111334) | about 8 months ago | (#45480363)

You must also think that literacy tests were about ensuring that voters could read the ballot and that poll taxes were about raising revenue.

The purpose of "voter ID", which is the least of the shenanigans that the Plutocrat Party is pulling, is job security for the scumbag politicians who are trying to push it through.

Re:Capital Crime (1)

cayce (189143) | about 8 months ago | (#45480893)

About the voter registration: http://tinyurl.com/7y484fn [tinyurl.com]
Mexico has about 95% of eligible voters on the registry (US is 66% at best), not as good as other countries, but it's not mandatory or enforced by any government agency. Argentina has a 100%, but their ID practices would be considered fascist by US standards.

Second generation Mexican-Americans have an average of 4 more years of school than their parents. http://www.pewhispanic.org/ [pewhispanic.org] is an excellent source for statistics about Hispanics in the US.

Re:Capital Crime (2)

sjames (1099) | about 8 months ago | (#45479581)

The 'victim' or 'identity theft' certainly isn't the culprit. The banks COULD take a photo of the person when they sign up and issue them a smart card with a unique key pair. They could check to see if you answer the home phone and give them an agreed upon code word to verify that you really live there. They could insist on mailing the smart card to your current address (but not activate it until you call them with the a code word and read off a unique serial number).

The point is that it's on them, to verify the identity of people they hand out money to. They are the only ones with any ability to control the process. I cannot even know if a fraudster talks to a bank I have never heard of, much less control the outcome. They have no right to make their problem into my problem. If they don't want to do any of those things, that's fine too as long as they are willing to eat the losses.

Unless there's a law requiring the banks to accept a gas bill or a poor quality photo ID, it's still on them because it's their policy that is causing them trouble.

Re:Capital Crime (2)

aheath (628369) | about 8 months ago | (#45479829)

There is no requirement to carry identity cards in the UK or the US. Ration cards were used as a national identity card during the second world war. My grandfather committed an act of civil disobedience when he was stopped for speeding after the war. He refused to show his ration card because the war was over. His act of civil disobedience was debated in parliament and is one of the reasons why there are no national identity cards in the UK. British Identity Cards: Arguments For and Against their Retention and Use 1945-1952 [statewatch.org] Doesn't mention my grandfather but does provide a good overview of the postwar debate about national identity cards.

Re:Capital Crime (1)

onepoint (301486) | about 8 months ago | (#45480485)

I'm not sure about the statement of Identification in the USA. I know some states require you to have some sort of ID. But then again I am not a lawyer so what do I know.

Re:Capital Crime (0)

Anonymous Coward | about 8 months ago | (#45480103)

"How do you make secure authentication in banks?"

Make the banks responsible for fraudulent withdrawls.

Chip n Pin was merely a way to move the blame over to the customer: "Only someone who knows the number can access your account and it's YOUR responsibility not to let anyone see it! But they must have! They didn't get it from us!". Even when it's shown how to get the number.

Re:Capital Crime (1)

IamTheRealMike (537420) | about 8 months ago | (#45481003)

A lot of banks outside the EU already are pretty secure, using hardware second factors to authorize logins and wire transfers to unknown/new destinations.

If you see bank details being sold that only have a username/password, it's probably an American bank. The 2-factor auth system used outside the USA is based on EMV (it's a variant called CAP). In the US they never deployed EMV aka chip and PIN so the banks don't have any pre-existing secure hardware issued to end users they can auth themselves with.

Re:Capital Crime (1)

green1 (322787) | about 8 months ago | (#45481591)

Canadian banks all have chip and pin now too, but it is used only for debit card transactions.(Bank machines and in store purchases). I am not aware of any Canadian bank that uses anything more than account number and password to use online banking, and I know of one that required (at last check) a 4 digit purely numeric password. I am quite disappointed in the complete lack of any security for online banking and purchases in this country.

Re:Capital Crime (1)

Jason Levine (196982) | about 8 months ago | (#45481091)

Given my experience with identity theft, I'd say a step in the right direction would be not allowing someone to sign up via a web form, get the mother's maiden name wrong, and STILL issue them a credit card.

Of course, that's just me. Credit card companies and credit agencies actually don't care about identity theft. When it happens, they just shift the cost to the person whose identity was stolen and call it a day. If it does impact them, it falls under "cost of doing business", not "severe threat to profits" so just raise everyone's rates and you're good to go.

Re:Capital Crime (1)

Sockatume (732728) | about 8 months ago | (#45479755)

Identity theft is usually prosecuted as bank fraud. Laws against identity theft in and of itself do exist, but usually the fraud is what people get done for. However you still have to demonstrate that you did not perform the transactions and therefore have been defrauded by some John Doe.

Re:Capital Crime (1)

Anonymous Coward | about 8 months ago | (#45480275)

However you still have to demonstrate that you did not perform the transactions and therefore have been defrauded by some John Doe

The victim of the fraud "identity theft" is not the person whose identity got stolen. The victim is the bank: Hey BoA, I'm Sockatume. Give me $1,000. And BoA gives me $1,000. You are not involved in this fraud at all. But after this fraud, BoA will try to steal $1,000 from you. That is a second, unrelated fraud.

Re:Capital Crime (1)

Z00L00K (682162) | about 8 months ago | (#45479949)

And in the process they destroy the life of the people they did steal the identity from, therefore the means of capital crime is justifiable.

Re:Capital Crime (1)

Bob the Super Hamste (1152367) | about 8 months ago | (#45480737)

I would also accept interstate wire fraud in most cases as well.

Re:Capital Crime (1)

sycodon (149926) | about 8 months ago | (#45479243)

We need a bounty on identity thieves.

Open season year round!

Re:Capital Crime (0)

robbiedo (553308) | about 8 months ago | (#45479431)

Graffiti should be a capital crime.

Re:Capital Crime (5, Insightful)

Joining Yet Again (2992179) | about 8 months ago | (#45479839)

Calling for something to be a capital crime should be a capital crime.

O shi-

Re:Capital Crime (0)

Anonymous Coward | about 8 months ago | (#45480293)

but fraud all ready is a capital crime.

I want to cut out the middle man (5, Funny)

the_Bionic_lemming (446569) | about 8 months ago | (#45479191)

I'd like to cut out the middle man and sell my Identity.

40 bucks buys a few cases of beer - just sayin...

Re:I want to cut out the middle man (0)

Anonymous Coward | about 8 months ago | (#45479409)

Where can I sell my bank account credentials? Probably by moving money around I can do extra 3-6k a week. :)

Re:I want to cut out the middle man (0)

Anonymous Coward | about 8 months ago | (#45479853)

Thanks, I'll now proceed to pay myself :-)

velocity limits (2)

db10 (740174) | about 8 months ago | (#45479231)

Credit cards have velocity limits to minimize exposure. Max amount per time period, max number of withdrawals per time period, etc. Hence, the risk isn't worth the reward.

Re:velocity limits (1)

ColdWetDog (752185) | about 8 months ago | (#45479625)

You haven't seem my wife with my credit card. The velocity limit appears to be on the order of 186,000 miles/sec.

Card Theft (3, Funny)

nuckfuts (690967) | about 8 months ago | (#45479675)

Reminds me of the time my brother had his wallet stolen. When I asked him if he cancelled his credit card, he said "Hell no! The thieves are spending less than my wife usually does".

Take Mine For Free (5, Funny)

Anonymous Coward | about 8 months ago | (#45479463)

Here, take my identity, please!

You get to assume a recent bankruptcy, a child support obligation, a spotty employment record, a sub-500 credit score, three maxed-out credit cards, a beater car, and a psychotic ex-wife.

Clean arrest record and a good tech education, though. Maybe you could apply to a NSA contractor.

Re: Take Mine For Free (1)

tleaf100 (2020038) | about 8 months ago | (#45480031)

ahh,one of the advantages of being poor,no worries about id theft,i'm hoping someone does my id and feels sorry for me and puts some cash IN my account!!!. thats what need,online version of tv program called secret millionaire,but done anonymously..

Re:Take Mine For Free (5, Interesting)

Jason Levine (196982) | about 8 months ago | (#45481157)

Clean arrest record and a good tech education, though

Sadly, there's more than just financial identity theft. There's criminal identity theft also. Here's how it works:

1) Criminal arrested for some crime.
2) Criminal gives your name/SSN/DOB/etc to the police.
3) Arrest goes onto your criminal record and not the real criminal's record.

Now you go for a job interview and your potential employer runs a background check. Suddenly, they find out that you've committed felonies across three states and were arrested nine times. You don't get that job offer - or any other one. Plus, if the local police stop you for any reason, they'll find out you're a "felon" and will treat you as such. No matter how many times you try to clear this up, if even one database still links you to the crimes, it will flow back over and start again.

At one point, I was following the blog of someone who had this happen to him. He couldn't find a job, was being harassed by police, and nobody would help him. All this.despite the fact that the photo of "him" at the arrest was clearly not really him. People just trusted what was "in the system" even if the system seemed wrong. Last I heard, after years of struggling, he had finally gotten some people to listen and begin the process of clearing his record.

It's insane that one criminal with a stolen identity could ruin someone's life like this but it does happen.

No NSA joke? (3, Insightful)

Sockatume (732728) | about 8 months ago | (#45479761)

It's time to get the government out of the identity theft business, as it is clearly wildly distorting the market.

Can I have; (0)

Anonymous Coward | about 8 months ago | (#45479783)

Potato.

Need To Flood Market With Fake Identities (5, Interesting)

retroworks (652802) | about 8 months ago | (#45480217)

It should be easy enough for someone here to harvest phonebook or other records from 70 years ago, refresh and randomize birth dates, and begin to flood the identity theft market with fake personalities and random government identity records. That would greatly increase the amount of work for identity thieves, who actually benefit from passwords (which provide evidence it's bonafide identity they are stealing). For years I've promoted "camouflage" rather than invisibility. I now think the reason it has not taken off (disappearance of AntiPhorm?) is that it's equally a threat to Google, Bing, and advertising-based search engines. We can be less careful of our "identity needles" if we construct bigger "digital haystacks".

See article on digital haystacks and cookie camouflage http://retroworks.blogspot.com/2010/09/simpler-ideas-cookie-camouflage-digital.html [blogspot.com]

Oh, by the way, I'm not really Retroworks. I find I get higher mods if I steal a /. identity rather than to submit AC

Re:Need To Flood Market With Fake Identities (0)

Anonymous Coward | about 8 months ago | (#45481555)

> a threat to Google, Bing, and advertising-based search engines.

When they promised me ever-improving search tools,
in return for cluttering my lovely text-based Internet with GUI,
  I thought they meant they'd help me find what I wanted,
but instead they're helping strangers search for _me_.

EEEE (0)

Anonymous Coward | about 8 months ago | (#45480647)

Once the NSA drops the ball they'll be under a buck.

Forgot My Password (1)

Anonymous Coward | about 8 months ago | (#45481621)

This is great news, I forgot my banking password. Now I can get it back at bargain basement prices!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>