Comments on: Checks: The Most Dangerous Transaction

By: Are You Giving Away Your Identity? « Sugar Baby Daily.

Are You Giving Away Your Identity? « Sugar Baby Daily. — Tue, 22 Nov 2011 03:06:54 +0000

[...] Issue a demand draft (“paperless check.”) This is what happens when you pay by phone with your checking account number, or use an automated bill pay service, or send money via PayPal. Using your routing number and account number, money is simply removed from your account and put into someone else’s. No authorization or authentication is used, your name is not even required. Yes, really. Anyone can do this from any account to any other account. For a while, you used to be able to do this from a web site. – PerimeterGrid [...]

By: Jon

Jon — Mon, 31 Oct 2011 18:41:28 +0000

This dosent happen in europe either, the US Banks arent secure and anyone can print checks with numbers… If a criminal need security paper he can get it at the local Office Depot or buy online

By: Decius

Decius — Sat, 07 May 2011 06:02:18 +0000

Wait, what’s the protection against a dictionary attack against checking account numbers? The routing numbers are publicly available, as is the format for check numbers.

So, any ‘legitimate’ business could claim that they had a series of attacks, in which random numbers were submitted to them by ‘prospective customers’. Bonus: once the attack succeeds, they can demand information about the victims (name, address, copy of id; purely to prove who they are and facilitate correspondence, of course) provide a full refund (makes the victim happy… for now) and move on.

Credit cards have several different factors: name, number, expiration date, ccv code. They multiply the difficulty of a brute-force attack. Easy fix for demand draft: multi-factor authorization. Call the merchant, make the order, the merchant proposes a draft to the bank. Call the bank, verify the draft, bank transfers the funds. This can still be compromised by someone capable of impersonating the user, but renders the brute-force attack useless.

By: BD

BD — Tue, 26 Apr 2011 14:23:19 +0000

This is scary…i dont believe this happens in US. The money in our accounts is definitely much safer in India!!! US banks need to pull up their socks and make checking accounts safer for customers. Restrict info on cheques ! Create more barriers than only a routing and account no for payments. Wake up US!

By: Palma Manko

Palma Manko — Thu, 10 Mar 2011 20:54:02 +0000

This is why I go to your site for my information. Thanks!

By: Anil Sharma

Anil Sharma — Wed, 12 Jan 2011 16:53:02 +0000

I don’t know if people are still using checks today. That is because most of the transactions now are online. Anyway, thank you for reminding us about the risk of using checks.

By: karen white

karen white — Sat, 18 Sep 2010 22:47:32 +0000

this happened to me, they used my routing number and checking acct number–i no longer use checks at all!! shreaded all checks…it could have been anyone I gave a check to–they had a credit card, then used my money from my account to pay for it!! everyone should know that checks are no longer safe people…..use a credit or debit card—-

By: Vickie Tisdale

Vickie Tisdale — Tue, 04 May 2010 05:52:32 +0000

Many people who think nothing of handing over their credit card or writing a check when at a store or restaurant hesitate to use the same card online, regardless of communication protections.so people should more warn about their credit card when they use in restaurant,shopping and another work.

By: Charlie

Charlie — Wed, 24 Feb 2010 02:00:58 +0000

Just to relate my own recent experience: I dropped a check in the mail (at an official blue US mailbox in fact) – a large check of $8000 to pay off a car loan. All of a sudden, I started to see large withdrawls out of my checking account to places I had never heard of before. Obviously, I went to the bank right away and they were very good about closing my account and restoring the lost money. It took perhaps ten days or so. The sum of the missing money (done in a couple of transactions to different accounts) was nearly exactly equal to the amount of the large check I had written, which had never been received by the bank that had the car loan.
The guy who works at the bank heard a rumor that the mailbox I mailed the check at was vandalized and mail was taken.
So, yes, checks are scary things!

By: Grant Bugher

Grant Bugher — Mon, 22 Feb 2010 03:38:01 +0000

Kenneth,

Essentially, they just print out a check with your routing & account numbers on it, print “Signature on file” for the signature line, and give it to their bank. The bank then has your bank debit your account and put the money into theirs. These days it’s usually done electronically rather than by “printing” anything.

Since I originally made this post, it’s gotten a little harder, as the bank issuing the draft is now liable for fraud, rather than the bank paying it. You still have the fundamental problem that the money is already gone and you have to get it back, but at least banks are putting more effort into preventing the fraud as they’ve started to lose their own money to it. There’s a statement from the FTC here that tells a bit more about how it works.

It’s a fraud that requires some setup time — i.e. you need to set up a fake business, get some bank accounts, process some legitimate drafts, and then commit the fraud. You can’t (anymore!) just go to a web site, enter somebody’s account number, and take all the money out. Checking account numbers are, however, still much riskier to give out than credit card numbers, and it’s still a much bigger pain to get the money back.

By: kenneth

kenneth — Sat, 20 Feb 2010 09:10:34 +0000

i dont really get this, how can someone remove money from my account with just the routing number and account number…its making me nervous because ihave given no less than six people this info

By: Bonnie

Bonnie — Thu, 03 Sep 2009 16:44:51 +0000

I am 62 years old and have used checks since I was 18 years old.
I never had a problem.
I don’t use credit cards and don’t want any. I simply do not trust any credit card issurer.
I had a debit card until recently when there was fraudulant activity on my account, in spite of how careful I was using it.
The bank said they would send me a new debit card which I said I don’t want.
I will only use an ATM card now so I can get some money out of my account.
I do agree with your last tip to keep as little as possible in
your account.
I’ll keep cash on hand in spite of people telling me it is dangerous.
I have never had my purse stolen, but I sure have had thieves invade my bank account using my debit card !

By: Chris

Chris — Fri, 24 Jul 2009 16:14:20 +0000

Excellent writeup, but I wanted to make two corrections which further enforce your argument. It’s actually a 60 day window, not 30, to report fraudulent charges. And if you still have your card (only the number was compromised) you have no liability at all. The usually-waived $50 liability is for physically stolen cards.

Source: http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre04.shtm

Using a credit card online is incredibly safe.

By: Ed Smith

Ed Smith — Sun, 19 Jul 2009 19:31:06 +0000

As far back as 1989 some neighborhood teenagers stole A batch of checks out of my mailbox then one of them got a fake I.D. and went around to stores claiming
he was my son, fortunately a got a call from a store early on so I was able to call the bank and they started checking the signatures before any of them where
paid. Normally even back then they didn’t verify signatures for most checks.
Back 1984 I had an elderly relative that had $7000 transferred from her checking account (forged signature on a letter requesting transfer of 70% of the account balance) to a a bank offshore. The bank reimbursed her.

By: Jay Godse

Jay Godse — Sat, 27 Jun 2009 06:14:30 +0000

Wow! I didn’t realize that cheques were so dangerous. Thanks for the heads-up on the various risks.

By: Jack Hamilton

Jack Hamilton — Fri, 05 Jun 2009 04:34:40 +0000

@Walter

I beg to differ. They may not be able to be washed as well as back in the day, but they can still certainly be washed. Back in 2000-2002 I worked as a teller and service manager for Wells Fargo. We would get washed checks all the time. Some we’d catch, others not–and we’d find out about them in our fraud reports. And since most tellers are really just kids in their first or second jobs who don’t have much experience, it wasn’t difficult to fool some of them when cashing–they just wouldn’t notice the fade, especially on a Friday with a high check cashing volume from non-bank holders cashing “on-us” checks. But when we did notice the fade, we’d call the cops. I had at least 2 arrests made during my stint at the bank.

By: Dr. C

Dr. C — Fri, 29 May 2009 18:27:03 +0000

Having owned and managed the largest check recovery firm in America I must report that the instance of merchants and professional practices receiving fradulant checks is minimal compared to debit/credit cards and the merchants can virtually make taking checks as safe as accepting cash, with the added advantage of creating a paper trail. The costs, both to the merchants, and the user of cards are HUGE compared to checks. The risk of a ‘bad person’ stealing your card (which often times leaves your sight at resturants,etc) is infintenitly more likely than having your check book stolen. The most important plus is that it’s harder to go into debt.

By: Joel

Joel — Wed, 27 May 2009 09:49:45 +0000

I think the bank mails checks to any person who is not in their system I agreed with Hackers stealing credit card information online often steal entire databases.

By: Walter Reason

Walter Reason — Fri, 01 May 2009 17:09:45 +0000

All of those things you claim can be done with paper checks are largely fiction.

Checks can’t be “washed” since 1960′s. Try it some time. All of them have chemical protection against this sort of thing.

Even large corporate checks are printed on tamper proof paper. Try washing those some time. The larger the corporation the more tightly controlled the check stock, and the higher the quality. Even el-cheapo Quicken checks have enough protection to defeat washing and lifting.

Lifting laser printing is also fiction. You can’t really do this and not have it immediately detectable to the naked eye.

Physical reproduction with high quality copiers is a greater risk. Some of these are good enough to reproduce currency. But all of those that ARE good enough embed identifying information into every printed image.

Mountain. Mole-Hill.

By: Grant Bugher

Grant Bugher — Fri, 13 Feb 2009 17:24:32 +0000

Dave: The problem with things like signature verification is that you don’t actually need a physical signature to issue a demand draft. In addition, only the bank has the signature on file to verify (I could sign any scribble on a check and have a merchant take it), and even they only check it if they have cause to think it’s suspicious.

I can’t really speak to the security of noca.com, since they state that they “undertake an appropriate level of identity verification” but don’t actually say what that is. That’s where the security, if any, would need to come from — the whole problem with checks as a payment system is the fact that demand drafts normally come with no identity verification.

While credit cards have their issues (high transaction fees, etc.), they’re still amazingly secure from the customer’s perspective due to the fact that you can contest charges before the money’s gone. Checks and debit cards don’t offer that luxury — instead, you have to try to get the money back.

Alfonzo: There are a variety of ways. One is to just use a demand-draft system that doesn’t require identity verification — qchex.com used to let anyone do this online, but they seem to have shut down after the FTC sued them for enabling millions of dollars in fraud. There may still be similar systems on the Net in other countries. Lacking a public system, someone with a merchant account at a bank could do it, too (they’d just need to go to the trouble of setting up a fake merchant account, which obviously would require some effort since banks do verify the identity of their account holders.)

Alternately, a thief could simply order checks online with your routing number and account number, then buy stuff with them. The checks are “real”, so electronic verification systems will pass them, and they’ll get processed and the money sent. Of course, you can dispute the transactions later, and the signatures probably won’t match, so you’ll eventually win your case and get your money back from the bank. However, you’ll still have had to go through the hassle of doing it — probably with an empty checking account all the while — and the thief will already have gotten away with whatever he bought with the check.