IP: Worth reading -- Re: Serious new CALIFORNIA Drivers License

[David Farber <dave () farber net>]

> X-Sender: jnoble () pop dgsys com
> Date: Mon, 26 Mar 2001 00:45:17 -0500
> To: farber () cis upenn edu
> From: John Noble <jnoble () dgsys com>
> Subject: Re: IP: Serious new CALIFORNIA Drivers License ID RISK: [risks]
>  Risks Digest 21.29
>
> Dave: I'm a recovering bank lawyer who hasn't had a serious lapse in 
> nearly ten years, but I find I can't help myself. The account of the fraud 
> perpetrated with a forged drivers license and the supposed complicity of 
> Wells Fargo and California law is misinformed and misinforms your 
> subscribers. It has nothing to do with the real risks identified in the 
> Risk Digest item he points to.
>
> Although drivers licenses are increasingly designed to be more difficult 
> to duplicate than they used to be, you can forge anything with the right 
> equipment. There is nothing new about that. People have been forging 
> identification and cashing bad checks since they invented banks. Whatever 
> the problem with the CA license, it is not obvious how it contributes to 
> the fraud Mr. Cornell describes. The fact that the lic. no. and DOB is 
> recorded on a magnetic strip instead of printed on the license only makes 
> it that much harder to discover, and that much harder to duplicate. Mr. 
> Cornell indicates that he wants one without a photo. How does that help? 
> Cornell's photo-free driver's license is only going to prevent him from 
> cashing checks. It isn't going to stop someone else with a forged license 
> that does have a picture unless he can find a bank that requires DNA 
> testing to cash a check.
>
> Mr. Cornell's description of the CA Commercial Code leaves out the good 
> parts. An account may be debited if the item was "properly paid," i.e. 
> "authorized" in fact. If the item was not authorized, the customer need 
> only notify the bank within a reasonable time after receiving his 
> statement to have the account re-credited -- the burden is on the bank to 
> prove that the endorsement was genuine, which is impossible. Banks 
> typically ask the customer to sign an affidavit; and they pull the video 
> sequence of the transaction at the teller window to confirm that the 
> customer did not cash the check himself (the unlikely exception to the 
> impossibility of proving the endorsement was genuine). Mr. Cornell points 
> to Code provisions that require the victim to "prove" that the bank failed 
> to exercise "ordinary care." But the provision only applies to losses 
> caused by the customer's failure to review his bank statment and report an 
> unauthorized debit within a reasonable time. In effect the bank is 
> strictly liable for unauthorized debits during the first 6-8 weeks on 
> little more than the customer's insistence that they were unauthorized. 
> But if the customer doesn't look at his statement and report the 
> unauthorized transactions disclosed on the statement, the bank's liability 
> is cut off and the customer is stuck with the additional losses. The 
> reasons for this are obvious. Only the customer is in a position to know 
> that the debit was unauthorized. If he doesn't look at his statements, and 
> the same guy is cleaning him out month after month, whose fault is that? 
> In addition, the law has to take into account the possibility that the 
> customer is having his own checks cashed by a third party.
>
> If Cornell has scoured the internet without finding it mentioned, it is 
> because it is relatively rare. This is a risky, complicated, inefficient 
> and finally stupid way to steal money. Someone has to make the ID 
> (holograms, magnetic strips encoded with the drivers lic. no. and DOB); 
> then stand at the teller's window in front of a camera posing for the 
> wanted poster. Moreover, when you cash a check that bounces, the bank 
> doesn't wait until the end of the statement cycle to let you know about 
> it. They send you a letter. You would need to ignore those letters, as 
> well as your bank statement, to lose the tens of thousands of dollars 
> Cornell reports. When the forger cashes a check for which the the bank 
> isn't liable, 6-8 weeks after he cashed the first check, the forger needs 
> to assume that the victim has ignored the letters and statement -- because 
> otherwise he's busted. Anybody who has your bank account no. can far more 
> easily create checks that carry your name and account number. He doesn't 
> need your drivers lic. no., DOB, or soc. sec. no. for that. He just draws 
> against your account on checks coded with your account no.; deposits them 
> in a straw account; withdraws the funds and closes the account before your 
> statement goes out; and moves on to another bank and another victim 
> because he has to assume you reported the fraud. He can do all that 
> without ever having his picture taken for either a fake drivers license or 
> a wanted poster. He doesn't have to stand at the teller window in your 
> bank wondering whether he's about to get busted because you reviewed your 
> statement and reported the fraud, and his picture from the videotape has 
> been circulated to the tellers and security personnel. He can move the 
> money and close the account from the safety of his apartment using his 
> computer.
>
> The moral of the story: review your bank statements -- it's part of the deal.
>
> John Noble



For archives see: http://www.interesting-people.org/