|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Stanford Hack Exposes 10,000
Thus spake "Jon Lewis" <[email protected]> > How hard is it for a university to generate their own student "serial > numbers" as students register? Generating them is trivial. Getting students to remember them is difficult. > Personally, I'd like to see much harsher penalties for identity theft > though (and I'm including simple credit card fraud / use of stolen > credit card info in "identity theft"). This is happening so much, and > is so often just brushed under the rug by the big credit card > companies (banks), that kids do it with impunity, knowing that > odds are they won't be looked for, much less caught. My credit card number was stolen a couple months ago; they went on quite a shopping spree across several states before I discovered it and got the number cancelled. Here's my experience: I filed (or tried to file) police reports in each jurisdiction where the charges occurred, since my bank required the report numbers to process the charge disputes. Two cities simply refused to accept my report since I wasn't a resident, and another required that I file it in person (hundreds of miles away). All but one of the cities that accepted my reports stated flat-out that they wouldn't even attempt to investigate unless _I_ provided _them_ with a suspect. One PD, from a rural town in Oklahoma, was actually very helpful. They went out, pulled all the video tapes, interviewed cashiers and waitresses, etc. and the best they could do was provide a description of the man and his car. I tried forwarding this new info to the other PDs involved, and they uniformly said they still wouldn't investigate unless I provided them with the _name_ of a suspect. Since most of the items purchased were gift certificates from department stores, I called the various stores' loss-prevention departments to give them the transaction numbers and suggest they cancel the certificates before they were redeemed and try to check ID on the perp. Over half refused to talk to me, saying they needed official contact from the local PD (WalMart went so far as to say they'd destroy the tapes if they didn't hear from the cops within 24 hours). The ones that did were happy to provide tapes to the local PD of the person who had already redeemed several certificates, but they had no means to inform a cashier to check someone's ID when they presented the remaining ones which had been cancelled. Of course, the redemption stores were all in different cities than the purchase stores, so when I tried to get the local PDs involved, they refused saying "no crime occurred in our jurisdiction", and the stores wouldn't send the tapes to the PD where the certificates were purchased. All told, about $2300 worth of certificates was redeemed and about $1000 of liquor, food, and gasoline was purchased -- in under a week. Who says crime doesn't pay? > Put a few credit card frauders up in front of a firing squad, and see if > things change. But that would require actually picking them up first, > which LE doesn't seem to be motivated or have the time to do. As long as the card networks are willing to chalk the fraud up to a "cost of doing business", nothing will change. When it starts getting out of hand, you can be sure they'll see to it a special task force in the FBI is started. And it won't help, because the vast majority of fraud is isolated incidents by opportunists, not the rings of professional criminals the FBI understands. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov
|