Wait, I don't get this. The Amex agent called the old phone number on the account. The person who answered gave some indication of being the account owner, but didn't answer quite as many questions correctly as the thief.
So what scenario is the agent hypothesizing? The person at the old number was actually the identity thief, and used the account for maybe several years without any challenge, before the actual owner changed the number back? That makes not the slightest bit of sense to me.
I think if the phone number has recently been changed, and you call the old number, and the person who answers can answer any question at all about themselves, you have to figure that's the account owner. Who else could it be???
While I agree that AMEX should have just locked the account for fraud, one possible explanation that would create this scenario is a relationship breakup.
Man breaks up with his partner, and moves out of their shared home. He changes his phone number to be his new home.
Amex calls the old number, gets the old partner who is particularly vindictive and decides to answer the questions as well as he can.
When I worked in banking we had all sorts of issues about how we handled change of address with respect to relationship breakdown.
If a husband and wife share and account and share an address do you send them separate statements, or combine them? If the husband tells you he has changed address, do you assume the wife has changed too or assume that she's still at the old address? If he's on the phone, you can ask him but do you assume he's telling the truth?
If one member of a relationship chooses to change their mailing address, for security reasons, you might want to send a notice to their old address in case the change was fraudulent - but if they've changed their address because they're fleeing an abusive relationship then you can't send anything to the old address that indicates what the new address is. And just because someone at the old address raises an objection to the change that doesn't mean it was wrong, just that you need to do more investigation.
Those sorts of incidents were rare, but our procedures needed to plan for them.
And in this case, the correct action would be to lock the account and escalate to a superior.
The problem it creates is that you lose customers.
People want the ability to have joint accounts. A joint account generally has a credit limit set by the income of the higher-paid (or wealthier) of the two but allows both people to have a card and make payments. Imagine a simple scenario: one spouse works, the other does not; the one who doesn't work often does the shopping.
Others have mentioned the importance of joint savings accounts for married couples, and for businesses.
They're also very important for mortgages. If the mortgaged asset is jointly owned (and that's typically the case in a marriage) then you, in practice, need all owners to be a party to the loan. The house is security on the loan - if I only own half the house then I can only borrow against my half. And my wife can borrow against her half. But if I default on my loan, then how does my bank foreclose on me and sell their asset when there is another owner who may not wish to sell.
There are other solutions, but the easiest, and the one that banks will typically insist on is a joint asset requires a joint loan
People rarely think of this in advance, but joint debts of any kind usually become a problem in divorce. One former spouse will stop paying and ruin the other spouse's credit, to say nothing of causing foreclosures. It doesn't matter what the family court orders (this spouse will pay that debt, etc), because that won't change the underlying obligation as far as the creditor is concerned.
Joint credit cards, which aren't attached to any asset, don't have much benefit compared to this downside. What people are typically told is happening is that the credit card still 'belongs' to one spouse, but the other will be also authorized to 'use' it. While this is possible, the paperwork presented to sign often makes the other spouse jointly liable for the debt instead. I'm convinced even the bank representatives don't know they are setting up things this way and are just following a script. You have to read the paperwork to see what it does.
This is exactly where I was leading with my questions. Joint accounts might simplify the sharing of cash between household partners, and thus simplify household operations, but it complicates everything else.
I suppose a temporary convenience now is worth a very complicated situation in the future. Thus is also why we traditionally forego prenuptial agreements.
No, it's for having a shared pool of money. Both regularly deposit some amount of money into it, and it goes for shared expenses like food, house maintenance, gas...
I'm going to add that it's also really nice for budgeting. If you want 2 people to get on the same budget you have to show the benefits of the budget.
Also I don't pay 1/2 my mortgage and my wife pays the other 1/2 we pay it all together (from the one account). We actually turned down an account with Plastic because no shared accounts.
We each have an individual credit card but that's more for tracking if we are meeting our own budgeting goals. But those are still linked to the other person.
Also, joint accounts make a situation where something happens to your spouse MUCH easier to handle. If something were to happen to me I'd want my wife to still be able to pay for Daycare, Mortgage, etc for as long as our savings would allow.
This is part of why divorce is hard on so many levels. The paperwork alone is crazy.
Once a business is incorporated, it is its own legal entity and needs to have its own pool of funds that is legally separate from the owners' funds.
There would be one or more accounts held in the name of Super Secret Labs LLC and in most cases that business account would have rules about who was allowed to approve the transfer of funds out of the account, and to what limit. In many cases it may require approval from 2 account holders.
Prior to incorporation, the call on funds would typically be much lower, so it's probably going to be a bit ad-hoc, and might just use an account held by one of the founders with everyone throwing their share when needed. If you can't trust your cofounder with $2k, then don't start a business with them.
Cardholder changes his phone number, but telemarketers keep calling the old number. The person who now has that number receives a bunch of calls asking for the cardholder, collects a fair amount of information about him, and figures he could impersonate him.
Yeah, that sounds a bit far-fetched. But remember that when people change their phone number, they usually don't remain available at their old number for long. So someone at the old number claiming to be the cardholder could have been a red flag, too.
In fact, in the couple of years since I've had my current phone number, I've managed to learn a fair amount about the person who had that number before me, mostly via telemarketers. Where they lived, where they were planning to relocate to, where they used to shop, what their interests were, etc.
Anyway, Amex should have called the new number on the account to see if they get the same person. Unfortunately, they seem to have trusted caller ID too much, even when it was obvious that at least one of the people they were talking to was an impostor.
I think underlying all this is the assumption that they actually called the old number on another line. This was asserted by Dmitry; however there's no evidence that it wasn't just the typical put-you-on-hold repeatedly scenario where the rep keeps going to the supervisor. Maybe he just mentally over-remembered the situation?
While Amex clearly dropped the ball there: It wasn't a computer making the decision, it was a person. It shows how powerful this guys personality must be to have that kind of effect on a persons judgement.
That jumped out at me, too. I assume the person must have simple-mindedly assumed that the best answers win (or maybe they had some dumb policy to that effect)?
If they freeze your account and wait for you to receive a piece of paper, they lose the opportunity to profit from your purchases for the next couple of weeks. If you get pissed off and/or take it as an opportunity to start using another card, they might even lose all of your future purchases.
If they don't freeze your account and end up with fraudulent purchases, they probably won't lose any money anyway -- they can either charge it back to the merchant or have insurance pay for it.
The best part of the story is how he hacked the US immigration system to be able to stay in the US after serving his time:
> Factoring in time served and a reduction for good behavior, Naskovets got out in September 2012. He faced a deportation order that would have sent him back to Belarus. Representing himself in immigration court, he argued that he risked torture if sent home, based on his run-ins with the KGB. As a signatory to the U.N. Convention Against Torture, the U.S. cannot send someone back to a country knowing he’s likely to be tortured. An immigration judge sided with Naskovets. The government appealed.
Here’s where Naskovets’s optimism proved justified. While he was buffing floors in a county prison in Pennsylvania, his case had caught the attention of Stephen Yale-Loehr, a law professor who runs an immigration clinic at Cornell. With the help of Yale-Loehr and his students, Naskovets fought Immigration and Customs Enforcement in court for two years—and in October 2014 the agency decided to let him stay.
That is how immigration law is supposed to work so it is not a hack. [1][2]
I represented many, many individuals who were in removal proceedings (deportation) or where otherwise immediately detained while entering the US without authorization/documentation. In many instances there was a real threat to the lives of my Clients if returned to their home countries (Haiti and Columbia) that they would be killed/tortured by the political opposition and/or FARC. But they didn't hack the legal system, they availed themselves to it.
who says what crime doesn't pay? He stuffed away about $0.5M and got an immigration to US in less than it takes most professionals. All the downside is 33 months in US prison. And no, Belarus wouldn't torture him, he isn't a dissident, though some in the KGB/police there would probably try to press him to pay the "tax" from his profits - such possibility isn't a valid cause of asylum in the most Western countries.
On the other side - that Boston gangster, "Whitey", was allowed even to kill people as long as he was informing for FBI, so immigration is just a peanuts compare to it.
Deferring to the torture risk in Belarus is such as an obvious bullshit. The only way they can torture there is by forcing you to eat their organic condensed sweetened milk.
Belarus is subject to US sanctions for “undermining democratic process and constituting an unusual and extraordinary threat to the national security and foreign policy of the United States”.[25] It is also subject to sanctions imposed by the European Union for human-rights violations.[26] Belarus has been determined to be a habitual violator of international human-rights laws and accepted norms of international behavior by the UN, the US, the Organization of Security and Cooperation in Europe (OSCE), the OSCE Parliamentary Assembly, the Council of Europe, the Parliamentary Assembly of the Council of Europe, the European Council, the European Parliament, the European Commission, and the NATO Parliamentary Assembly. As stated by the UN Special Rapporteur on Belarus, “it is impossible to believe that all these people are wrong or biased.”
I hate that you're being downvoted. There's a real gamification of immigration and welfare benefits in the US by shady lawyers that serve the corrupt and steal resources from those who actually need them. These stories are endless.
The big problem with building a pro-immigration welfare state is that there's often no check on fraud. Bureaucrats like bigger budgets, expanding, etc and would rather just rubber stamp everything 'yes' than tackle things like fraud. Judges don't want to be labeled racist or anti-immigration, especially if they are voted in like they are in my state.
Now we're in this ugly position where we've imported all this unskilled labor and are simultaneously building automated solutions that'll make them redundant. Where will the taxi drivers and janitors go when robots replace them? Why are we importing in so much labor when U6 unemployment rates are still above 10%? What evidence do we have that this man is actually a torture risk? In Russia's sphere of influence pretty much everyone is a torture risk. That's what? 150m people?
What? Belarus is the North Korea of Europe. Have many relatives who tried doing business there, all of them ran away after police and different agencies tried extorting money for protection. No different, or probably worse than Russia in my opinion.
Commit crimes, get relatively short term sentence and pay 200$ fine, stay in the U.S.
Crime does pay. Sucks pretty hard, identity theft is really nasty if it happens to you.
That being said while slightly exaggerated the claim of torture in Belarus isn't far fetched. Dude in charge is pretty much a crazy dictator.
I remember during the (last?) elections his main opponent was mysteriously beaten up and he said in an interview that he shouldn't whine about it like a little girl.
p.s.: How do these arrests happen, is interpol involved or can the FBI negotiate with the Czech government and just roll in there?
The idea that you arrest someone to serve time in your prison because he broke your laws, and then you cannot send them back because of another law is just mind-blowing.
How so? That's sort of the whole point of law and the government. You may not follow the law, and you may be punished if you don't, but they are always supposed to. You don't forfeit all your rights just because you break the law.
Well, yeah, but this guy gained whatever rights he has in the US just by breaking US law and being kept in prison there. Not only didn't he forfeit rights just by breaking the law - he gained his rights that way! Sounds a tad buggy and something a lawmaker might want to fix to avoid this kind of thing next time.
Anyone have any idea whether this could have been prevented if banks in the US required PIN to process a transaction? Would fraudulent transactions go down significantly if stolen cards couldn't be used without PINs?
It might help (depending on just how hard they make it to reset your PIN over the phone) but it probably wouldn't happen. Credit card companies make money when you use your card. As such, they want you to use your card as much as possible. Anything which increases the friction of a card transaction reduces how much people use their cards, and thus directly impacts their bottom line.
Not requiring a PIN is an example of this. If your customers have to memorize and enter a PIN, this added friction will cause at least some of them to pay cash (or whatever other payment method) instead. That's lost revenue.
Similarly, it shocks many people to learn that credit card merchant agreements forbid requiring customers to show ID as part of the transaction. Seems like a sensible way to fight fraud, right? But it also adds friction, which reduces credit card use rates, which hurts card company profits, so they don't let you do that.
This stuff is all a careful tradeoff. They know how much they lose to fraud, and how much they gain in legitimate transactions from making things easier. The goal is not zero fraud, but rather whatever level of fraud is optimal for their profits, which is almost certainly not zero.
Quick question : would you pay extra fees for a credit card that only allows transaction from whitelisted stores and if used online, the shipping address could be only to a whitelisted address ?
Why should there be extra fees for that? If anything, the fees should be LESS because there's less risk on the credit card company's side of things of having to refund invalid/stolen transactions.
Because credit card companies are run by imbeciles who don't understand security. Instead of actually solving their security issues, they just crunch the numbers and mitigate their risks with accountants. They are still raking in buttloads of money (like 3% of every transaction), so even with all the theft, they are insanely profitable.
I don't know that they are stupid. Security is a tradeoff, and if their optimal profit level is one where fraud happens at a decent level, is that really wrong?
This reminds me of the Potato Paradox article posted on the front page. Imagine if the card company comes up with some way to cut fraud by 50%, while the added hassle has a minor impact on legitimate transactions, reducing them by 1%. That's likely to be a significant net loss for them, because of the relative proportion of legitimate to fraudulent transactions in the first place.
Percentages are percentages. If you gain 1% in profits from lower fraud, but lose 1% of transactions due to the security measures on the credit cards being harder to use, you are still basically breaking even.
They would also be saving tons of money from being able to reduce their fraud analysis and recovery staff, and they would build goodwill with not only their merchants but also their customers. I know plenty of people who still dislike using credit cards because of the potential for fraud and having their number stolen.
When you think about it, it's pretty insane how many people you probably hand your credit card to every week. Any one of those people could have a smart phone or something with the camera on, capturing the numbers on the front and back of the card. Credit card numbers are so insecure right now, it's ridiculous. If you are going to use a credit card as a consumer, you pretty much need to keep a non-stop eye on your statements. And when you actually DO get your number stolen, you have to deal with the hassle of disputing the charge and going back and forth.
Who knows? Maybe they would actually have a big upswing in credit card usage (and the resulting transaction percentage profits) if they released a "new, more secure card"?
Recasting fraud reduction as "1% in profits" is extremely misleading, because fraud is a tiny proportion of overall activity. Reducing fraud by 1% of profits would require a huge improvement in your ability to fight fraud, whereas reducing legitimate transactions by 1% of profits is much easier.
And it's not like card companies do absolutely nothing. The US is finally moving to chips, which will cut down a lot. Notably it's just chips, not chip-and-PIN, because they want to keep that friction low. But when they are able to fight fraud while still keeping friction low, they do it.
I think the market is competitive enough that if people wanted more security, someone would offer it and it would gain in popularity. We do see this to an extent, with security features like sending transactions to your phone as they happen. In fact, a very few banks will issue you a chip-and-PIN card right now if you want it. Or you can get a debit-only card, with no credit features, so that a PIN is always required. Mostly people don't seem to care, though.
I didn't know that is the new way to get residence in the US...
Hey, FBI guys, next time maybe you send thieves like this one to spend some time behind bars in their home country, so they will truly get what they deserve.
I can't really argue with you but I have lots of sympathy for the kid despite him being a criminal. It's probably because I was born in a country occupied by Russia until the 90s and his is still and I can't bring myself to wish this unto anyone. It's probably not a good idea to trust a con-man but I think he's likely to become a net positive asset to society.
I'm also from a former soviet colony, but I have no sympathy for him, he'd be doing the same thing if he hadn't been caught.
Yeah, he'll be a cybersecurity consultant and he will help the US government to improve its security.
Ah, yes. Back in the communist era my country was also an independent democracy (with electoral turnout of almost 100%, more democratic than the rotten west!) who just happened to be gloriously "cooperating" with our soviet brothers... and then there was reality.
You should read more about Russia-Belarus relations, like tensions regarding Eurasian Economic Union or Belarus's refusal to recognize independence of South Ossetia and Abkhazia or Crimea reunification.
And, by the way, it's been more than 25 years since the dissolution of Soviet Union in case they haven't told you that after unfreezing you.
So what scenario is the agent hypothesizing? The person at the old number was actually the identity thief, and used the account for maybe several years without any challenge, before the actual owner changed the number back? That makes not the slightest bit of sense to me.
I think if the phone number has recently been changed, and you call the old number, and the person who answers can answer any question at all about themselves, you have to figure that's the account owner. Who else could it be???