Scammers apparently generate random routing and account numbers, into which they try to deposit one cent ... Once the one-cent deposit clears, the perpetrators know the account is active and begin to withdraw funds from the account.
... Because the transfers clear electronically, people are not asked to verify the transactions. However, they may dispute the transactions once they notice what's happening.
"For Automated Clearing House or ACH transactions, the customer can fill out a dispute form, and we can reverse the transaction," ...
To enter a coupon code in your post please enter the following info:
Coupon Code:
Coupon Offer:
Merchant:
Expires (optional):
Restrictions (optional):
saving...
Quick Summary is created and edited by users like you... Add FAQ's, Links and other Relevant Information by clicking the edit button in the lower right hand corner of this message.
I'm not sure how smart a scam this is... the cops/banks will be able to see the account the money got ACH'ed into as well. Seems like an easy money trail to follow.
I don't get it. If all it took was a routing number and account number then all a thief would have to do is work in a place that takes a lot of checks.
If they are "randomly generating" both the routing number and checking account they aren't even going to know the name(s) associated with the account that you would know from a check. If it was a trial deposit they wouldn't know the amount.
xerty said:I'm not sure how smart a scam this is... the cops/banks will be able to see the account the money got ACH'ed into as well. Seems like an easy money trail to follow.
I agree. However I also think we're just seeing the start of it. I think the only solution is to be vigilant with your bank account, checking the balance every day.
xerty said:I'm not sure how smart a scam this is... the cops/banks will be able to see the account the money got ACH'ed into as well. Seems like an easy money trail to follow.
1) The crooks are using stolen identities to open bank accounts. They use those accounts to pull the scams.
2) They dupe idiots into doing the dirty work for them. For example, they get a sucker to "accept payments" for their business, in return for a cut of the payment. You would be amazed at how many people fall for scams like this. They think they are processing payments for a legitimate business, and forwarding that money to the legitimate business... until the cops come. You may have seen a varation of this on Dateline a few months ago, where scammers were using people to receive and forward goods that were purchased with stolen credit cards. Same idea, but with money.
ScootyPuffSr said:I don't get it. If all it took was a routing number and account number then all a thief would have to do is work in a place that takes a lot of checks.
If they are "randomly generating" both the routing number and checking account they aren't even going to know the name(s) associated with the account that you would know from a check.I don't think the thieves need to know the name of the account owner. In the course of a routine ACH transfer, I don't think the account owner's names are validated in order for a successful transaction to occur.
For example, if I went to my credit card or cable or utility company's web site to make a payment from a checking account, and I accidentally or deliberately typed in a stranger's valid account number, I have a feeling it would go through.
I'm no expert on this matter, but I've often thought about this subject and based on what I've read and observed, I am inclined to believe that the ACH system is very insecure and is protected only by the vigilance of account owners to catch and report fraudulent transactions.
Anyone wanna test my theory and try to pay their credit card or utility bill from a a stranger's valid routing and account number?
OK, I'll leave some change in my soon to be empty HSBC Direct account after I transfer the rest to FNBO. I'll give you the routing+account number and you can pay one of your bills. I bet it will work
At least in some cases, the name is validated. I tried to ACH money from a TDAmeritrade account into a friend's account, and it rejected it. Going into my account worked just fine.
At least in some cases, the name is validated. I tried to ACH money from a TDAmeritrade account into a friend's account, and it rejected it.
It may not be true for all cases. My son has a paypal account, and recently I started using it for kiva. I was able to link my bank account and Paypal.
Scammers apparently generate random routing and account numbers, into which they try to deposit one cent
Random number thingy does not sound reasonable. The scammer's ACH processor would charge a fee. Typically 29-59 cents/transection.
However, if they can got hold of your check they can verify the account.
This would become more important in future. Banks are pushing the technology which will allow a merchant to generate an ACH pull from your paper check. I think WalMart does it and they even return your check back to you. However, many other merchants may not return the check
On the other note, do the banks allow retail customers to put an ACH debit block? (They do allow large customers that ability). That way one can specify the authorized institutions that can generate a 'pull' from your account.
I have asked my bank that question and will post their answer.
It may not be true for all cases. My son has a paypal account, and recently I started using it for kiva. I was able to link my bank account and Paypal.
I think that is an example of Paypal's lax security practices.
I suspect many CC companies have similar treatment, they might not even do the trial deposits verification, I suspect security is sacrificed for "customer convenience".
The problem is there's no guarantee of uniformity -- you might find one CC company verifies the account name is the same, and the next one across the street just processes the transaction, no questions asked, after receiving routing, accounting number, and dollar amount.
Some online banks/brokers will require approval of the link, even manual approval, or confirmation of the information with your bank matching the name of your account, before establishing the external account link, others will establish it automatically just based on your ability to view trial-deposits.
There is also the matter of whether the drawee bank or the bank initiating the transfer does any manual verification, and what information exactly is provided.
I suspect most likely if the dollar value is large, say $50,000, there will be some sort of manual review.
The whole ACH system is retarded. The concept of an ACH "Pull" doesn't make any sense from a security standpoint. All transfers should be "push" only, and that would eliminate all of these types of attacks.
They should replace the ACH Pull with something like an ACH Request. This is for when you want to automatically pay something, but you don't know how much it will be in advance, so you can't have your bank automatically transfer the same amount every month. So your credit card company's bank sends an ACH Request for $XX.XX, and your local bank verifies the request (by checking to see if you have previously granted permission to the bank and account generating the request) then an ACH Push is initiated from your account. Any ACH Request for which there does exist pre-approval on your side can be either dropped and dealt with out of band.. i.e. other bank calls you to ask you to allow them to make the request OR your bank can call you and ask if you want to approve the request (and perhaps also take note of whether you want to allow future requests).
The point being that even if ACH did verify the name on the account (which it seems like they currently don't), that does not imply any approval of their ACH Pull. Approval of ACH Pulls must be made explicit via some mechanism like that described above.
Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.
