Torn-up Credit Card Apps Not So Safe

Maximum Prophet writes "This dude tears up a credit card application, tapes it back together, sends it in with his cell phone number and father's address, and voila, gets a credit card. Who would have thought security at a credit card company was so lax? The company recommends that consumers "tear up" financial solicitations before throwing them away, "so thieves can't use them to assume your identity.", but according to them, "Applications that arrive in damaged form are customarily transferred to an electronic format, he said -- often by machine. So it's possible a human being never handled the taped-up application and never had the chance to spot the obvious sign of trouble." In this era where we worry so much about identity theft, this sort of thing really makes you wonder what the point really is.

For the extra paranoid

[metternich]

I always try to put different pieces of my financial documents in different trash bins. I suspose burning them would be even more effective.

Isn't there a human somewhere?

[prozac79]

Isn't there a human in the processing chain somewhere? Doesn't someone have to physically open the envelop and scan the application? It seems like that is the logical place to check for potentially fraudulent applications. I don't believe that step is automated, but then again I've never worked at a place that needs to process thousands of letter a day. Or is it that the person getting paid minimum wage to open and scan letters could care less if someone is committing fraud?

What? Me, worry?

[panda]

In this era where we worry so much about identity theft, this sort of thing really makes you wonder what the point really is.

The point is, that there isn't any point. :)

It's exactly that kind of thing, and the real lack of concern that I've witnessed from gov't agencies and financial institutions all along, concerning everything from someone's actual name and SSN being used as an alias by a known felon (and the SSA refusing to issue a new SSN for the "victim") to loan officers that say that there's so much junk data on credit reports that they often ignore a lot of it, that caused me not to worry if my "identity" is "stolen."

Re:Its called a cross cut shredder

[Beryllium Sphere(tm)]

>Why not just shred it using a cross cut shredder. thats what i do . I would like to see somebody put something that has been through one of those back together.

Churchstreet Technologies [eweek.com] will scan the debris in a shredder's output bin and their software will reconstruct it in RAM. They claim to be able to piece together even crosscut documents as long as you haven't mixed several bags together. Seems to be that columns of number would be an intractable problem, I don't know whether they can manage those.

Re:shred shred shred

[smooth wombat]

If for some reason you're fire averse a pair of scissors properly applied for about 10 seconds will prove sufficient to defeat the roll of tape.

You'd think so, wouldn't you. However, you might want to read this story [edwardjayepstein.com] about the Iranian students in 1979.

First three sentences of the fourth paragraph:

This was the situation up until November 1979 when Iranian students seized an entire archive of CIA and State Department documents, which represented one of the most extensive losses of secret data in the history of any modern intelligence service. Even though many of these documents were shredded into thin strips before the Embassy, and CIA base, was surrendered, the Iranians managed to piece them back together. They were then published in 1982 in 54 volumes under the title "Documents From the U.S. Espionage Den", and are sold in the United States for $246.50.

This particular story didn't say so but I read elsewhere that the students laid out the shredded documents on the floor of gymnasiums and pieced the documents back together.

But He Filled It Out

[Julius X]

No one seems to have caught on to one thing here - after he tore it up, he FILLED IT OUT and sent it in. When these things arrive in the mail, they aren't filled out for you - yes, they do have a couple things filled out, but you still have to put all your pertinent information such as your social security number and whatnot on the forms - they can't process that stuff unless you give that to them. That's the only reason it worked.

So sure, if you fill out a credit app, tear it up, and some bozo then pieces it back together, you're in trouble - but if you don't ever fill it out, where's the problem? Seems like a big pile of sensasionalist FUD to me.

Re:The basis: Where Credit Comes From

[Have Blue]

What you're describing is called the "money multiplier" and is a well-understood economic principle. It was created to keep track of the fact that money is spent repeatedly while it's in the system, but for brand-new goods and services each time. This happens with plain old cash as well as bank loans, since it gets spent over and over again before it's reclaimed and destroyed by the Federal Reserve.

Re:Solution!

[garcia]

One of these days, a thief is going to raid my mailbox before I get home and get a credit card in my name.

Last summer I had a notice in my mailbox from the Postmaster that stated there were reports of mail theft in our neighborhood and that we should be watching closely for ID theft.

My wife is concerned with throwing mail away and the thieves getting it there. Why would they bother to go through my trash and get dirty when they can get it fresh from my mailbox w/no one the wiser.

Existing cards aren't safe either

[Dr. Manhattan]

So, DirecTV accepted my VISA number with (a) a misspelled name and (b) an invalid expiration date and (c) a mailing address halfway across the country from mine. Now I've had to bounce a bunch of mail back and forth (including a "fraud affidavit" that requested so much information on me it might as well have been an identity theft kit in its own right).

Clearly they didn't make even the slightest attempt to validate the charge. I've closed that account and put fraud watches on our credit and so forth, of course, and no other suspicious charges have shown up. Still, it makes me nervous.

Meanwhile, my father-in-law discovered his bank account was several hundred dollars short. Turns out he was auto-paying someone else's gas bill. My wife had a heck of a time straightening that out. The bank insisted it was the utility's responsibility and vice versa. "He signed up for automatic payment!"

"My father doesn't own a computer. Why would you authorize withdrawls for someone else's utility bill in the first place? Especially when their account number is identical except for two transposed digits..."

A mistake in that case, but it would be so easy to do that deliberately...

Re:shred shred shred

[jdray]

After burning up a couple of COTS shredders (don't believe the outside of the boxes when they describe how much they can cut at once), my wife and I have resorted to burning junk mail in the fireplace. We toss in a couple of logs, sit back with cups of tea, and enjoy the warmth provided by a couple months' collection of junk mail.

gymnasium and scotch tape no longer required

[Comboman]

This particular story didn't say so but I read elsewhere that the students laid out the shredded documents on the floor of gymnasiums and pieced the documents back together.

The technology now exists to scan fragments of documents en-mass and piece them together semi-automatically in electronic format. Some human interaction is still required, but it is much faster and easier than the Iranian effort. This is being done to restore ancient manuscripts but I'm sure it's being done in the covert and criminal fields as well with shreded documents.

Re:Possible? Yeah, but highly improbable

[doombob]

You want high volume processing? Try First Data [firstdatacorp.com]. My Dad worked there for like 5 years overseeing hundreds of people who ran the machines that did this stuff 24 hours a day. For a while, I worked in one of the Quality Assurance departments for Credit Card bill printing and our team could (mostly) ensure the quality of over a million pieces every day. It's mainly an automated process, but there was always human verification at some point or another. But that doesn't mean that someone can't get sloppy! There were always bonuses the more you pushed through your department (but there were also punishments for letting something like that through).

Re:gymnasium and scotch tape no longer required

[stupidfoo]

Hmm... what happens if you inhale a classified document?

Re:But He Filled It Out

[Squirmy McPhee]

So sure, if you fill out a credit app, tear it up, and some bozo then pieces it back together, you're in trouble - but if you don't ever fill it out, where's the problem? Seems like a big pile of sensasionalist FUD to me.

Okay, suppose you tear up a credit card application and toss it in the garbage. A few days later you tear up a paycheck stub, old tax form, bank or brokerage statement -- anything with your SSN on it -- and throw that away. What makes you think that a garbage raider won't find the information and use it to fill out the torn-up application? Sure there are other, more dastardly things they could with the information, and even without the application the thief could simply go online, but small-time crooks are often opportunists who do whatever is most convenient.

Something like this is not far-fetched in the least, at least not if credit card companies will process a taped-together application. Years ago someone fished my torn-up credit card information out of the garbage and used it to subscribe to a porn site (the fact that the moron logged in regularly was his undoing). Needless to say, I now shred 80% of everything that arrives in my mailbox.

Re:gymnasium and scotch tape no longer required

[Anonymous Coward]

Or you could run it through a kitchen blender with a little water. The shredding is not perfect, but the water makes the ink run and the pieces bond together.

Shred things to microns: bleach, bucket, water

[geekotourist]

A few years ago I decided that shredding took too much time. I wasn't looking forward to the yearly "shred the 11 year old financial documents" along with all the ongoing credit offers.

So I came up with my $0.50 shredding system: 1 bucket, 2 cups of bleach, water.

1. put papers flat in bucket
2. pour bleach, let sit outside until bleach- and ink- is gone (a day or two)
3. and/or add water, wait, stir until its pulp soup

Takes a total of 5-10 minutes, and there's no recoverable information: much, much better than my old shredder could do. If I wanted to go artistic I could make paper from the pulp- but the bleach thrashes fiber quality. Maybe I could make some paper bricks to mail in those postage free envelopes if I ever felt I needed to give something back to the credit card offering companies.

Re:whose fault

[Sycraft-fu]

Thus far I've taken on three big companies (FedEx, Pepboys, and AT&T) over charges I didn't owe and was sent to collections for. I spent a total of maybe $10 on certified mail. I won in all cases, none had to hit the courts.

The reason they get away with this is not because they are big and powerful and use lawyers to crush you, they do not want or need that kind of expense, not to mention bad publicity. The reason they get away with it is because people like you preach hopelessness and people don't fight back, so it's easy to do.