This is very clearly what's going on. Fraud is uncommon enough and the cost of fraud to the banks is smaller than the cost of reducing the velocity of money and loan-making, so the problem will never get fixed so long as it depends on the banks to initiate the fix.
Work at a financial firm and have built a bunch of identity theft detection features. Curious what your fix would be. Identity theft and friendly fraud losses are in the tens of billions annually and identity verification services is a huge industry.
I've never talked about this with anyone who knows the industry so it may be stupid in some obvious way, but I would gladly accept the inconvenience of having to go to my bank in person, carrying official ID, when opening lines of credit, if it would make the whole process secure. Banks could serve the process of relatively slow but reliable authentication for specific financial transactions, and communicate those authorizations to each other. Individuals who need more flexibility could opt out or do something more complicated, at the cost of some risk.
There's some cost to this, but I still suspect quite a few people would accept it.
My information was used to open a fraudulent mortgage loan, then when I asked my bank to not allow opening credit lines or transfers online was told "we can't do that!"
Thats how traditional banks work. You walk in Chase with your government ID to open up an account. It doesn't work. You can get high quality forgeries of government IDs made in China and there's no public DB to verify information on the card. RealID requirement for states to open up their driver license DBs only applies to government agencies(eg: TSA).
Also would you want to go in person to signup for paypal, venmo, etrade, betterment etc?
> Also would you want to go in person to signup for paypal, venmo, etrade, betterment etc?
Honestly, maybe that wouldn't be such a bad idea. A well-designed system would probably wind up contracting the post office for ID verification for online services (since in my country at least, they do a pile of random related stuff).
1. The bank should capture the ID you used the first time you entered and do comparisons. They should also capture your ID when you come in again. This will raise the difficulty of impersonating you and the risk the criminal takes.
2. One thing I didn't think to say, because my bank only exists in North Carolina: geography should matter. If you live in a particular city, opening an account from another state should be seen as suspicious, and merit greater checks. This is the kind of thing some people should be able to relax, but it's probably a good default for most of us.
3. Should I have to go to my bank for PayPal, Venmo, Betterment, eTrade, etc? Those cases don't all sound the same to me. But here's what I'd consider: how often is a person going to need to do this, and does the activity involve requesting credit? We've currently optimized almost exclusively for convenience at the expense of security. I'm proposing that we shift that balance a bit.
This is basically what Vanguard does if they get suspicious about your account security. Basically you have to show up at a notary with photo ID and get a form notarized.
It's probably not hard to forge a social security card and birth certificate if you have the relevant information. From there, a state ID (or maybe even passport) should be possible to get. I don't believe there is any biometric security on either. A determined identity thief might go that far.
This is the old "because a solution is not 100% effective, it's not good" chestnut. This solution would cut down on the theft by over 90%, I'd venture, probably more like 98%. There is huge difference between perpetrating a crime from the safety of a computer and physically walking into a bank to commit it.
$16 billion was stolen from 15.4 million U.S. consumers in 2016, compared with $15.3 billion and 13.1 million victims a year earlier. In the past six years identity thieves have stolen over $107 billion.
The thief would have to physically resemble the victim's photo, height, age, gender, etc, which is some added defense in depth. For instance it would be hard for most males to pass themselves off as a typical female.
> The thief would have to physically resemble the victim's photo
Why? Show up to a government station with your birth certificate, SSN, some telephone and utility bills, and they'll take the thiefs picture and put it on an identity card with your name on it.
That sounds incredibly bad for a first-world country. If that was the case, I'd argue that the entire country is in collapse. As you then have no control over foreigners impersonating locals and manipulating something as serious as elections, never-mind bank-fraud.
Edit: Point being, this needs to be fixed ASAP if you are to move your country into the future. Fix the regulatory/state hurdles that prevent it from happening, and get yourselves National Identification that's secure. Things will flow positively from there.
They don't use the SSN to check for prior IDs issued by other states and/or the Feds, and compare the applicant's photo/gender/age/height/eye color, etc to them first?
About twenty five years ago a bank allowed someone to cash checks with my name on them with all the correct account info on them as well, but was a different race and gender than I am (the banks had video of the customer). They did this about a dozen times for checks for what I assume was just under the amount that would flag it (about $2000) to empty my account over the course of about an hour, using different drive throughs at different branches in Houston, I lived in Austin at the time and had never visited a branch in Houston.
The big architectural flaw is that when I as a consumer prove my identity to company A, that gives company A enough information to impersonate me to company B. Or equivalently, it can give a rogue employee at company A that power, or anybody who hacks company A's database.
The solution is asymmetric cryptography, wherein identity is tied to a public/private keypair, and I can prove I have the corresponding private key without giving the other party the ability to impersonate me. Ideally, the government wouldn't know my private key, either, rather they would just give their own attestation that a given public key is owned by a person with a given name, DoB, SSN, and biometrics.
Along similar lines, any financial account would have its own keypair, with moving money out of the account requiring signing with the private key.
The state of cryptography today is way too obtuse for this to work right now, but I think it could be made more user friendly with specialized hardware to hold the keys and perform the encryption.
The idea that SSNs are secret, but we hand it out to half a dozen organizations is absolutely ludicrous.
Change the way checks are issued/redeemed. Right now the customer is on the hook for 7 years because a check isn't cleared until it goes back to the bank that issued the check . The customer thinks by seeing the money in the account the check was good and can clear a sale. The reality is the bank can take that money back if it is later determined to be false/fake.
Not just bankruptcy. Banks and businesses contract with check verification companies such as ChexSystems. I had a friend who bounced a check and it took him a few weeks to reimburse the bank. By then the bank closed his account and reported him to Chex, who put a 5 year hold on his ability to get another checking account through any bank that used Chex verification (> 90%), essentially blackballed.
That may be so, but the GP was talking about the time it takes checks to clear. IIRC, uncashed checks aren't even valid after 180 days, let alone 7 years.
Negative credit information falls off after 7 years from date of first delinquency.
Always dispute negative credit items; more likely than not, it won't be verified and is usually removed. Otherwise, wait 7 years and then dispute again.
Paper checks are going away. Some of the online banks don't even support them. ACH allows only 60 days to claw back the money(disputes) and with same day clearing requirement we can get rid of 2 day holds.
What are they being replaced with? Yeah, as a young renter I went years without using a check. When buying a home last year I had various inspectors during the process. After buying, I've had electricians, plumbers, contractors, locksmiths, and other consultants. I think one gave me a bill and accepted credit card. The rest preferred checks (to be fair, I didn't seek other forms).
I've tried all sorts of p2p methods over the years. All of the banks are too confusing, obscure, or too limited (i.e. only within their bank). Paypal and credit cards charge a not-insignificant fee. Venmo or Square Cash work fine if your group of friends accept them--but more than half the time, they don't for me.
I often do ACH transfers between my own accounts, but the first time I set it up a cringe a little bit and cross my fingers. It sucks waiting the 2 or 3 days waiting to see something. I can't see small businesses accepting ACH as payment because they want something in hand. If we had the setup I've heard about in Britain or Europe, I can see checks going away, but with as much churn as I've seen in this space in the 20 years since Paypal, nothing seems to stick.
> I've had electricians, plumbers, contractors, locksmiths, and other consultants. I think one gave me a bill and accepted credit card. The rest preferred checks
Try cash? I use cash for almost all transactions like that and have never been turned down :-)
Cash is nice, but the the main point of banks is that I don't have to carry a bunch around. I honestly didn't even use an ATM or carry cash for years. I started carrying cash only when my job reimbursed me for parking (and they only accepted cash). It's also nice for bookkeeping. I can write the account number or purpose on the check itself.
