IP: Serious new CALIFORNIA Drivers License ID RISK: [risks] Risks Digest 21.29

[David Farber <dave@farber.net>]

>Date: Wed, 21 Mar 2001 16:03:12 -0800
>From: "Peter V. Cornell" <pcornell@nanospace.com>
>Subject: Serious new CA Drivers License ID RISK
>
>This is really happening!
>
>Almost exactly one decade ago Chris Hibbert posted a RISKS article
>describing the (then) new California Drivers License (CDL). He gave a
>warning to us all. That little piece is still on server:
>   http://catless.ncl.ac.uk/Risks/11.03.html#subj10
>[and has been updated by Chris since.  PGN]
>
>That warning, given in 1991, has blossomed into a nightmare.
>
>Recently, The California driver license and ID card have been declared as
>PRIMARY IDENTIFICATION DOCUMENTS in this state by the California
>legislature.
>
>http://www.dmv.ca.gov/faq/dlfaq.htm#2504
>http://www.lbl.gov/Workplace/HumanResources/irss/dmv.html
>
>Guess why?  A great convenience for bankers, but enabling serious new ID
>fraud RISKS based on easily obtained fake driver licenses and data.
>
>http://www.fakeidsite.com/
>http://www.photoidcards.com/
>http://www.wdia.com/home-entrypage.htm
>http://www.spyheadquarters.com/
>
>Courtesy of the California legislature, *anyone* who has a fake California
>drivers license with YOUR correct data, but with *his* picture and *his*
>version of your signature, can steal your money in many different ways. For
>example, if he knows your Social Security Number, bank, and account number,
>(easily obtained online or by mail theft) he can walk into any branch office
>and receive cash. Tens of thousands have been stolen from my (no longer
>existent) Wells Fargo accounts.
>
>I must be one of the very first victims of this new kind of identity
>theft. I have been scouring the internet for months and have found no
>mention of it. Of course there are gigabytes of stuff about the old credit
>card scams, alive and still growing, but no mention of use of drivers
>licenses to impersonate bank customers and withdraw cash directly.
>
>With that fake drivers license, that fraudster becomes YOU.  All he need do
>is write a bad check drawn on another bank's bogus name account set up for
>that purpose, with the victim (you) as payee. He then walks into (in my
>case) a Wells Fargo branch and, impersonating the victim, cashes the
>check. When the check bounces, Wells Fargo (probably others, too) simply
>debits the victims account.
>
>The banking industry has arranged the law (California Commercial Code
>Sections 4401-4407 and 3101-3119) to ensure that the customer takes the
>hit. So that, among other conveniences, THE LAW allows banks to rely
>*solely* on the CDL data to confirm the identity of a customer with no risk
>exposure whatsoever. "IF THE CUSTOMER PROVES" means you must sue the
>bank. They have it written so you'd lose anyway, but the amounts, however
>painful, are not nearly enough to pay a lawyer. (See excerpts from the
>California Commercial Code below.)
>
>So, with my CDL data in circulation, if I want to keep a checking account, I
>must change banks regularly. There are at least two fraud artists still
>using my ID.
>
>The banks DO check your CDL number as well as date of birth at the teller
>window. But there is no possible way to change any of my drivers license
>data. The California Department of Motor Vehicles (DMV) web site says to go
>to a local office to change your drivers license number. That just plain
>doesn't work. Many of the items on their ID Theft page simply do not work in
>actual practice. It *looks* pretty.
>
>http://caag.state.ca.us/identity.htm
>
>The DMV local says they'll replace your picture ID with one that has no
>picture while your request is being processed which may take
>months. Impossible! They also require a letter from the bank. But none of
>the Wells Fargo's "headsets" (customer service phone reps) or "robots"
>(branch employees) are able or willing to do that. They'll give you forms to
>fill out which are totally inadequate for this new kind of ID fraud. Bank
>customers are thus denied any access to the bank officers responsible and
>accountable for bank policy.
>
>Bankers have their political money well spent. With their
>credit cards, computers, headsets and robots, their ethics,
>"good faith" and accountability were abandoned long ago.
>
>Peter V Cornell <pcornell@nanospace.com>
>
>  - - - -
>
>CALIFORNIA CODES COMMERCIAL CODE SECTION 4406 [excerpted]
>
>    (d) (2) The customer's unauthorized signature or alteration by the same
>wrongdoer on ANY OTHER ITEM paid in good faith by the bank if the payment
>was made before the bank received notice from the customer of the
>unauthorized signature or alteration and after the customer had been
>afforded a reasonable period of time, NOT EXCEEDING 30 DAYS, in which to
>examine the item or statement of account and notify the bank.
>
>     (e) If subdivision (d) applies and the CUSTOMER PROVES that the bank
>failed to exercise ORDINARY CARE in paying the item and that the failure
>contributed to loss, the loss is allocated between the customer precluded
>and the bank asserting the preclusion according to the extent to which the
>failure of the customer to comply with subdivision (c) and the failure of
>the bank to exercise ORDINARY CARE contributed to the loss.  IF THE CUSTOMER
>PROVES that the bank did not pay the item in good faith, the preclusion
>under subdivision (d) does not apply.
>
>CALIFORNIA CODES COMMERCIAL CODE SECTION 3103.
>    (a) (7) ORDINARY CARE "... in the case of a bank that takes an instrument
>for processing for collection or payment by automated means, reasonable
>commercial standards DO NOT REQUIRE THE BANK TO EXAMINE THE INSTRUMENT..."
>
>(To see the complete text of the above California Commercial Code Sections,
>go to http://www.leginfo.ca.gov/calaw.html Check the "Commercial Code" box,
>enter keyword "4401", then click search.)
>
>------------------------------



For archives see: http://www.interesting-people.org/