- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
This is not uncommon it seems. A certain credit union I belong to works nearly the same way.
Admin
TRWTF is that they didn't require sheet of paper with a personal letterhead to establish identity!
Admin
Irish Girl recognizes the X-Men symbol.
Admin
Obviously, the bank employee recognized you.
Admin
So did you sue her? You could.
Admin
There was a time, banks did pay you for letting them keep your money for a period of time. Nowadays, they pay you 5 cents in interest and then turn around and deduct $7.95 for banking fees.
My best ID security story was when boarding a plane. I'm an Asian guy in my 20's with glasses and I was travelling with my friend who is a white man in his 40's, and doesn't wear glasses. In other words, we look nothing alike. At some point our passports got mixed up, I was carrying his and he had mine. The guy at the boarding gate was checking everyone's passports and boarding passes, and waved my friend right through. He was already halfway down the ramp toward the plane, and the security guy was about to wave me through as well. It just so happened that I noticed the mistake when I looked down at what I was carrying, and pointed it out to the security guy.
Admin
After leaving my previous employer, who was planning on filing bankruptcy the following week, I went to my previous employer's bank rather than my own to cash the check, rather than deposit it.
Long story short, I walked out with an entire months pay in cash, never having answered any questions, or shown any proof of ID other than the check I wanted cashed.
Admin
I wouldn't think suing would be an option. I'd think at the most it'd be worthy of contempt of court and an amended divorce decree. But I'm not a lawyer, just a recent divorcee. :)
Admin
You'd likely go to jail. Instead, you should take the info to your lawyer. You might be able to get the house back because of her deceit.
Admin
This should be posted to the Risks mailing list (comp.risks).
Admin
UK and USA banking systems are horribly broken in terms of security. After testing that I will never trust my money to any bank in those two countries.
In Latvia, any operation requires your passport and more sensitive operations (signing a contract or withdrawing more than 300 USD) requires the passport copy to be taken for further reference in case the passport was a cunning forgery.
The Internetbank security is on the similarly high level here - account ids that have no relation to account name and widespread use of hardware tokens that generate one-time passwords (protected by 6 digit pin code) or random access multi-use password pads in conjunction with user supplied passwords with enforced complexity.
Admin
Admin
A few years ago, my security lecturer told us all about his wife going into a branch of Natwest and getting them to issue her a new PIN - which they did on the spot with no security checks! Scary.
Then again, more recently I needed a note of how much interest I'd received in the year to put on my tax return. After a few days, a massive wad of tractor-feed paper arrived, full of names, account numbers and balances - none of them mine. That was the same Halifax Bank of Scotland featured in the main WTF here...
Then there's Barclays, whose credit card site has a bizarre password system requiring passwords to be all alpha (no numbers or symbols) with at least two different letters from each row of the keyboard, non-adjacent, plus a few other details. They don't actually tell you this, just reject every attempt at a password you enter; eventually, I called the helpdesk, which helpfully informed me that one particular word does meet all the requirements. Brillant security.
Admin
During my uni years when I went in to the local branch all the time they always used to recognise me but always checked some details like my date of birth as well as my signature. I've always left my card blank till someone points it out. I like the suggestion about writing that they should ID me on the strip instead, think I'll do that from now on.
When I said X-Men symbol I didn't spend ages shading it in and making sure my circle was exact, it was more like a continous line quick doodle. I don't really like writing a signature since my hand writing is really crap (part of the reason I got into computers so long ago). Usually when someone actually tries and compares them they say that it's wrong and I have to then repeat it a few times. One time I had to leave all my shopping in Morrisons because the checkout girl refused to accept a hand full of signatures she made me write out, thank fuck for chip n pin (trwtf!).
Admin
This is the bank that has (or at least had), in their online banking, a function written in javascript to determine whether or not the browser supports javascript. I only know this because, obviously, it got it WRONG. (Tried to do silly stuff with the user agent stuff, rather than just returning true.)
Admin
Little do you know about modern bank security. Upon walking into the bank your face, walking gate, and retina were scanned and processed by the IWGYSC system (International We’ve Got You by the Short and Curleys) which automatically matches your profile and confirms your identity. The teller was just being nice to you because she already knew who you were.
Admin
I think he's looking for 'Debit Card'
We know what you're talking about, people just need to shut up about stupid things like that.
Admin
I once had a cashier try to check my signature on a receipt against the one on the card (which I had never bothered to sign). She told me that they could not accept a credit card that had not been signed, so I signed it and gave it back to her. She checked it against the receipt (which I had also just signed, five seconds ago, right in front of her) and I went on my way.
Admin
It's not. She's a musician with a very "punk" look and lots of piercings all over her face.
Admin
I know two other explanations have already been offered, but it also could have been a "swipe-style" ATM where you swipe the card rather than inserting it into the machine. They're more rare, but they're still out there.
Admin
(FWIW, the thief was caught later by some particularly on-the-ball staff when he tried the trick at another bank in another city. And I don't think the name or location of the bank matters...)
Admin
Except that Visa and MasterCard can set their own rules, and they can declare that cards with "See ID" written on the back are not valid.
They could probably confiscate these cards if they chose to, since the cards remain their property. But they probably wouldn't do this, since it would piss off too many people.
But writing "See ID" on the back is NOT the best practice.
Admin
As was linked to above, the merchant can ask you to sign the card on the spot if it says "Ask for ID" on the back; if you refuse, they have the right to keep the card. Visa/MC makes the rules, not you.
Admin
Admin
Just for fun, I thought I would post Visa's rules for merchants:
Unsigned Cards
While checking card security features, you should also make sure that the card is signed. An unsigned card is considered invalid and should not be accepted. If a customer gives you an unsigned card, the following steps must be taken:
Check the cardholder’s ID. Ask the cardholder for some form of official government identification, such as a driver’s license or passport. Where permissible by law, the ID serial number and expiration date should be written on the sales receipt before you complete the transaction.
Ask the customer to sign the card. The card should be signed within your full view, and the signature checked against the customer’s signature on the ID. A refusal to sign means the card is still invalid and cannot be accepted. Ask the customer for another signed Visa card.
Compare the signature on the card to the signature on the ID. If the cardholder refuses to sign the card, and you accept it, you may end up with financial liability for the transaction should the cardholder later dispute the charge.
“See ID”
Some customers write “See ID” or “Ask for ID” in the signature panel, thinking that this is a deterrent against fraud or forgery; that is, if their signature is not on the card, a fraudster will not be able to forge it.
In reality, criminals don’t take the time to practice signatures: they use cards as quickly as possible after a theft and prior to the accounts being blocked. They are actually counting on you not to look at the back of the card and compare signatures—they may even have access to counterfeit identification with a signature in their own handwriting.
“See ID” or “Ask for ID” is not a valid substitute for a signature. The customer must sign the card in your presence, as stated above.
[...]
Although Visa rules do not preclude merchants from asking for cardholder ID, merchants cannot make an ID a condition of acceptance. Therefore, merchants cannot refuse to complete a purchase transaction because a cardholder refuses to provide ID. Visa believes merchants should not ask for ID as part of their regular card acceptance procedures.
[End of quoted rules]
Although merchants and cardholders might not like these rules, merchants have agreed to them, as a condition of accepting Visa and MasterCard cards.
Admin
It gets better... There's a few people have referred to their "PIN Number" being a word in some of the other article comments. So they not only call it a personal identification number number, but they also don't know what a number is.
Admin
That's the case when using a cash machine (ATM); however, under the Chip-and-PIN (http://en.wikipedia.org/wiki/Chip_and_PIN) scheme, a retailer won't confiscate the card if the PIN is entered incorrectly three times.
Presumably, this is because it would lead to an administrative nightmare - there are significantly more Chip-and-PIN retailers than cash machines, and there are also more factors involved (different staff, multiple points of sale, etc.)
Furthermore, the inconvenience of having your card confiscated, possibly taking up to a week (if you're very lucky, and the Royal Mail don't lose it) to get back to you, is much greater than having to walk to the nearest cash machine and re-activate the card (which can be done by entering the PIN correctly and then selecting the appropriate option).
Admin
The signature or lack thereof does absolutely nothing. I've got half a dozen various credit/debit cards in my wallet right now, and not a one of them is signed. (They don't say "see ID" or anything like that; they're completely blank.) In all the purchases across the world in the decade or so that I've spent accumulating the cards, I have never once been asked to prove the cards were mine based on the signature (occasionally there will be a place that checks my ID as a matter of their policy, but they're just checking to make sure the names match). No one has ever even commented on it, and I can't recall anyone ever turning the cards over to do a simple check.
It's getting worse too. I can now legitimately use my card at gas stations, fast-food restaurants, and even large retail stores without ever handing it to another person, and in many cases without ever signing anything.
Admin
I actually appreciate people pointing things like that out. A while ago someone (possibly in this forum) pointed out that my use of apostrophes was terrible. That was probably the last day I wrote "its" in place of "it's" and vica versa. In the original thread for this Halifax malarky someone pointed out that I totally messed up "could of" and "could have", I googled the difference and got it for a few days but it didn't really sink in yet. I'll check it out again now that I remember.
The machine was a proper "hole in the wall" job where my card goes fully into it and then gets slowly dribbled back out after I'm done, no swiping type system. I was surprised to have my card blocked instead of swallowed, don't think that's ever happened to me before. I just call it a "bank card", tis a Visa debit card to be precise.
Admin
Or maybe they meant that their personal identification number number fits into 16 bits?
Admin
At the large electronics store I worked at we required ID. Iff the customer could not provide ID we would check the signitures. Iff the card was not signed, we turned them away. Yes, I have, at the request of my supervisors and managers, turned away customers because their card was not signed and they had no valid ID.
Places that don't deal with multiple $5,000 purchases a day are a bit less careful about fraud. After all, who would commit credit card fraud over a $25 dollar purchase at Burger King?
You just need to see what happens if you don't give your ID. They should check signitures.
Admin
I believe this falls into a "law of averages" situation. I think a lot of tech savvy people who are aware of internet/computer security forget that in a lot of human cases, security measures are a massive pain in the ass to the individual.
For example, games that require you to keep the CD in the drive all the time, or software requiring long serials, activation procedures, or apps that have to have an internet connection so they can constantly phone home. And lets not even start with DRM'd music and movies.
Sure, the bank may have to deal with a few reimbursements here and there, but I'm sure someone's done the math and its probably easier to just suggest security measures like "check the signature" than actually enforce them strictly.
After all, if someone really wanted your money, they'd be able to easily get past all these supposed security measures with ease. Get your PIN, Forge your signature, steal/forge some ID, all of this is pretty standard fare for most frauders.
Admin
And yet somehow the world keeps turning. I guess everyone isn't a criminal after all.
Admin
I recently closed an account at Wachovia. After signing my name, the teller told me I needed to sign it more like I did when I opened the account.
I told him I had no idea what my signature looked like back then (because I usually just scribble randomly.)
So what does he do? He prints out a copy of my signature and tells me to copy it.
Needless to say, I'm glad I closed my account there before someone else walked in a closed it for me.
Admin
Admin
Admin
i don't worry too much about the bank security; i worry about the secuity of the family; having an affair is becoming easier. one of the popular dating site called: millionaireloves.com really works for lots of people...
Admin
A couple of years ago I went along with a buddy to his bank so he could deposited his Federal tax return check on the way to lunch. We get up to the teller and the teller asks him for his ID.
Me: Why? Who cares who if someone is depositing money? Teller: It might be a fraudulent. Me: Ok. So verify if it is and if not then ask for his ID. Teller: Well, I can't verify if it is valid right here. Me: You cannot verify whether a United States Treasury check is valid? Um Ok. Then why ask for his ID? As I said, who cares who deposits money to your bank? Teller: Oh, we have to know. Me: Excuse me, who are you kidding? He could mail the check from Yemen and it would clear the next day and he’d have less hassle than he is getting now walking up to the teller.
The banking system is based on the sheep effect of people thinking that they are secure.
Admin
Admin
Less possible combinations = Less time needed to hack it
Admin
I routinely get cold calls from my bank. They start out wanting to "verify they are speaking to the right person" and proceed to ask me "security questions". None of the callers have been able to grasp the stupidity of that.
Then again, in Denmark they are so helpful that you can get a government worker to divulge all sorts of information and even change your official address just by calling them.
A more amusing security feature that I bumped into was when I wanted to get removed from the electoral roll. They didn't want to do that over the phone (good), but wanted me instead to send an e-mail with my signature in it. I immediately assumed she was referring to some sort of official digital signature. No, she wanted me to scan my signature and attach that to my e-mail. WTF?
Admin
Of course, they removed that when they introduced chip card technology, as the chip was "more secure".
Nevemind they left the magnetic strip in place and that many merchants still don't accept the chip...
Admin
The real WTF is the bank employee's use of the term "co-worker".
This is England. We have colleagues, not co-workers.
Admin
I moved from Germany to Canada a year ago.
I still had some money on my bank account in Germany which I needed transfered to another account to pay some old bills. I didn't have my TANs (http://en.wikipedia.org/wiki/Transaction_authentication_number) and I couldn't wait for them so send me new ones to Canada (would have taken a few weeks).
So I called them and told them to transfer my funds. Which they did.
There is so much wrong with this. I called FROM ANOTHER COUNTRY, I'm not sure I even said my name, much less any kind of identification. Just my account number and the target account infos. That was all.
I can't get over this. I called from another country, without any identification and was able to transfer all my money on that account (around 800 Us$).
Admin
I once paid with a new card at a Walmart (which is a WTF by itself) which had no signature on it. I signed the bill and when she (the cashier) tried to compare it to my card she complained that my card had no signature. So I had to sign my card in front of her. So, obvious this is not as it was meant to be.
But she was a real jewel: She then really compared those signatures...
Admin
This is why I sign every bank or credit card slip with " VOID " or " INVALID ".
I also enjoy random custom support phone calls from my bank, they normal like this: <b>
It always goes downhill for them from here…… ;)Admin
I have no idea what whoever started this sub-thread is looking for though - I just call them cash cards.
Admin
The reason it is called a debit card (in the UK) is that the amount is immediately debited from the associated account, rather than a credit card where you are "loaned" the money to be repaid later. Nothing to do with the use - whether you use the card to pay at a shop, withdraw money (possible as part of a payment transaction with a debit card in most UK supermarkets etc.), or paying for those "interesting" websites, the money is debited at the time of the transaction.
So I suspect a card limited to only withdrawals from ATMs would still be referred to as a debit card if it was associated with a bank account.
Admin
It wouldn't be "Barclays" would it?
Admin
This sounds familiar, i had the same thing with a bank. I had no idea of my pin-code, entered the bank. Explained that i had no clue about my pin-number, no idea how much was on the account but wanted to get all money from the account and a new code send to my address.I walked out not having id'ed myself nor having signed anything.
I closed the account later that day for obvious reasons.