IP: Worth reading -- Re: Serious new CALIFORNIA Drivers License

[David Farber <dave@farber.net>]

>X-Sender: jnoble@pop.dgsys.com
>Date: Mon, 26 Mar 2001 00:45:17 -0500
>To: farber@cis.upenn.edu
>From: John Noble <jnoble@dgsys.com>
>Subject: Re: IP: Serious new CALIFORNIA Drivers License ID RISK: [risks]
>  Risks Digest 21.29
>
>Dave: I'm a recovering bank lawyer who hasn't had a serious lapse in 
>nearly ten years, but I find I can't help myself. The account of the fraud 
>perpetrated with a forged drivers license and the supposed complicity of 
>Wells Fargo and California law is misinformed and misinforms your 
>subscribers. It has nothing to do with the real risks identified in the 
>Risk Digest item he points to.
>
>Although drivers licenses are increasingly designed to be more difficult 
>to duplicate than they used to be, you can forge anything with the right 
>equipment. There is nothing new about that. People have been forging 
>identification and cashing bad checks since they invented banks. Whatever 
>the problem with the CA license, it is not obvious how it contributes to 
>the fraud Mr. Cornell describes. The fact that the lic. no. and DOB is 
>recorded on a magnetic strip instead of printed on the license only makes 
>it that much harder to discover, and that much harder to duplicate. Mr. 
>Cornell indicates that he wants one without a photo. How does that help? 
>Cornell's photo-free driver's license is only going to prevent him from 
>cashing checks. It isn't going to stop someone else with a forged license 
>that does have a picture unless he can find a bank that requires DNA 
>testing to cash a check.
>
>Mr. Cornell's description of the CA Commercial Code leaves out the good 
>parts. An account may be debited if the item was "properly paid," i.e. 
>"authorized" in fact. If the item was not authorized, the customer need 
>only notify the bank within a reasonable time after receiving his 
>statement to have the account re-credited -- the burden is on the bank to 
>prove that the endorsement was genuine, which is impossible. Banks 
>typically ask the customer to sign an affidavit; and they pull the video 
>sequence of the transaction at the teller window to confirm that the 
>customer did not cash the check himself (the unlikely exception to the 
>impossibility of proving the endorsement was genuine). Mr. Cornell points 
>to Code provisions that require the victim to "prove" that the bank failed 
>to exercise "ordinary care." But the provision only applies to losses 
>caused by the customer's failure to review his bank statment and report an 
>unauthorized debit within a reasonable time. In effect the bank is 
>strictly liable for unauthorized debits during the first 6-8 weeks on 
>little more than the customer's insistence that they were unauthorized. 
>But if the customer doesn't look at his statement and report the 
>unauthorized transactions disclosed on the statement, the bank's liability 
>is cut off and the customer is stuck with the additional losses. The 
>reasons for this are obvious. Only the customer is in a position to know 
>that the debit was unauthorized. If he doesn't look at his statements, and 
>the same guy is cleaning him out month after month, whose fault is that? 
>In addition, the law has to take into account the possibility that the 
>customer is having his own checks cashed by a third party.
>
>If Cornell has scoured the internet without finding it mentioned, it is 
>because it is relatively rare. This is a risky, complicated, inefficient 
>and finally stupid way to steal money. Someone has to make the ID 
>(holograms, magnetic strips encoded with the drivers lic. no. and DOB); 
>then stand at the teller's window in front of a camera posing for the 
>wanted poster. Moreover, when you cash a check that bounces, the bank 
>doesn't wait until the end of the statement cycle to let you know about 
>it. They send you a letter. You would need to ignore those letters, as 
>well as your bank statement, to lose the tens of thousands of dollars 
>Cornell reports. When the forger cashes a check for which the the bank 
>isn't liable, 6-8 weeks after he cashed the first check, the forger needs 
>to assume that the victim has ignored the letters and statement -- because 
>otherwise he's busted. Anybody who has your bank account no. can far more 
>easily create checks that carry your name and account number. He doesn't 
>need your drivers lic. no., DOB, or soc. sec. no. for that. He just draws 
>against your account on checks coded with your account no.; deposits them 
>in a straw account; withdraws the funds and closes the account before your 
>statement goes out; and moves on to another bank and another victim 
>because he has to assume you reported the fraud. He can do all that 
>without ever having his picture taken for either a fake drivers license or 
>a wanted poster. He doesn't have to stand at the teller window in your 
>bank wondering whether he's about to get busted because you reviewed your 
>statement and reported the fraud, and his picture from the videotape has 
>been circulated to the tellers and security personnel. He can move the 
>money and close the account from the safety of his apartment using his 
>computer.
>
>The moral of the story: review your bank statements -- it's part of the deal.
>
>John Noble



For archives see: http://www.interesting-people.org/