Fraud Threat Halts Knuth's Hexadecimal-Dollar Checks 323
Barence writes "You may be aware of Donald Knuth, the creator of TeX and author of The Art of Computer Programming, who used to post checks to anyone who spotted an error in one of his books — one hexadecimal dollar, or $2.56. No one cashed them though. This blogger has two of them proudly on his wall, but the sad news is that modern day bank fraud has put a stop to Knuth's much-loved way of keeping his books free of errors." (Here's Knuth's own post about the sad change.)
This is rather disquieting (Score:3, Interesting)
That the financial system is not any more secure than this. I always thought there were some serious security measures taken by banks before transferring funds, like doing small payments whose value has to be confirmed, and stuff like this.
Just like any security issue, though, it appears convenience wins over security for now. It would probably be too detrimental to the big banks and financiers of the world to have to authenticate transfers properly. They're already reduced to quasi-poverty (WHAT? I ONLY GET 100MILLIONS TO SPEND THIS MONTH?).
paranoia much (Score:5, Interesting)
First, the blurb is very misleading. I took from it that the bank yelled at the use of the phrase "one hexadecimal dollar" which no banker would understand how to equate to the digits, $2.56. Since it's the text that wins in most audited disputes about amounts, that's a problem.
He's just paranoid about the MICR routing numbers, and how banks are not secure. This has not changed, and is not at all particular to him. It is odd that he's had multiple attacks while I've had zero, since he claims the attack is entirely despite any knowledge of the account holder's name or wealth.
Pseudocode: // I was going to write this in WEB but fuck that
(Mistake-finder framed the check for his wall.)
It's 2008 (Score:1, Interesting)
Re:This is rather disquieting (Score:4, Interesting)
Re:This is getting old. (Score:5, Interesting)
And with credit cards, are you talking about making physical fake cards? Because that's not exactly something one can whip up with supplies from the local hardware store
Afaict plastic card printers and magstripe writers are easy enough to get, Not a job for your local hardware store but plenty of places use ID cards that are very similar to credit cards so the printers are availible. You would probablly have to rig something up to do the embossing but that can't be terriblly difficult.
It's not a hardware store job but it's not out of reach of a reasonablly organised criminal with a few thousand pounds to spend and a location to get stuff delivered to.
Chip and pin cards are probablly much harder to fake but at least here in the UK most places will still put a transaction through with a swipe and sign if chip and pin fails or the card does not have a chip.
Re:This is getting old. (Score:5, Interesting)
Actually (Score:5, Interesting)
a check doesn't legally have to have your account or bank routing number on it. It certainly doesn't have to be printed by your bank.
The numbers are there to make it convenient for banks to move money around. A bank can refuse to honor such a check, but a bank can refuse to honor any check. There's no legal obligation to honor any check.
The numbers don't turn an ordinary piece of paper into a check. What does that is your signature.
I once knew a guy who wrote out a check to another guy on a napkin. He then went over to his bank branch with the other guy and made sure they honored the "check", which after some discussion they did. He could have just withdrawn money, but he wanted to prove it could be done, and he did.
Re:New Bill (Score:2, Interesting)
If I'm sending large amounts, a money order is worth the hassle; but having to go to the P.O., stand in line, fill out the paperwork, and pay the fee, isn't worth it when compared to the small risk of $20 bill into a birthday card. or even paying a small debt with mailed cash.
People will still look for the errors (Score:2, Interesting)
If no one is cashing the cheques anyway, why bother with a cheque? Knuth could just create signed certificates and geeks will still scramble to get them. The guy is famous enough now that there's no need for any monetary incentive...
Grrr cheques (Score:2, Interesting)
I explicitly tell Anglophone clients not to send cheques. It is easier, cheaper and less time-consuming to do your banking electronically.
In my country we're not used to cheques. Cashing it would take me a 45 minutes trip to the bank (depending on the waiting line) plus it costs me over 10 Euro to receive my money. Excuse me?
So, I'm sending it back although I'm not sure what the consequences of that are.
Bert
Well, probably the Koreans laugh at the way we pay here anyway (they can pay just about anything with their mobile phone).
Re:New Bill (Score:3, Interesting)
*laugh* To a lot of us, there can be no "if" in that statement.
Knuth is just right. Anything else is sacrilege. ;-)
Cheers
Re:This is getting old. (Score:3, Interesting)
The flipside of this is that Knuth is wrong when he says "Before long, companies will find it impossible to give out paychecks without exposing themselves to unacceptable risk." Corporate accounts are protected by double entry protection. In order for a corporate check to be considered valid the company has to upload a file to their bank with the check number and the amount, if the bank hasn't received a matching upload then they reject the check is invalid when it comes through the clearing house.
Re:This is getting old. (Score:5, Interesting)
Also, there's no guarantee that when someone writes you a check that they have the funds to cover it, because it isn't processed right then and there. These two factors put together have led the vast majority of merchants to simply refuse checks today.
Many merchants who receive a lot of checks on a regular basis (and thus cannot afford to turn those customers away) are switching to instant check processing systems. We implemented one of these at an old job of mine. Basically, a scanning device reads the check, gets online, turns the check into a direct withdrawal (EFT) from the account instead, slaps a big VOID on the check, and the voided check is handed back to the customer, usually to their great surprise.
Essentially, the check itself becomes useless, merely a carrier of account information. The scanned check image is stored, for verification purposes if it happens to be needed later. Initially, the system didn't do "instant" account checking, but that was added later, so that a bad check could be instantly spotted as such.
On a side note, a year after we rolled these systems out at all locations, the number of check we processed dropped by almost 75%, with a corresponding increase in credit/debit transactions. Once people figured out that writing the checks was essentially useless and that if they lacked the funds they would get an instant rejection while they were standing there basically holding a voided bad check in their hands, then they stopped trying.
Turns out a surprising lot of our customers were basically relying on the float period, where they could write the check and not have it get into the system for a few days, giving them time to come up with the money. When that no longer worked, they stopped trying it. There was no decrease in sales, but since our bad check problems disappeared almost overnight, we had a major increase in profits.
Re:This is getting old. (Score:3, Interesting)
All of those security features in paper checks are becoming worthless. I was standing in line at the grocery store, and the customer ahead of me wrote a check. The clerk fed the check into a document scanner built into the cash register, and returned the original check to the customer. Besides, banks are so automated that it's a rare occasion that a human ever looks at a check.
And now, even if the physical check gets back to the bank, I don't even get it back. Instead I get a reduced-size photocopy of only the front of the check. I don't even get a rubber stamp from Krusty the Klown's Cayman Islands holding company anymore (or anything I can dust for fingerprints or swab for DNA).
The only checks I write anymore are for credit card payments, loan payments, electric and gas bills (they still charge a fee for payment by credit card, which went up this month to $3.95 (they use Western Union® Speedpay®)), and to get pocket cash. Only two of the last three come back, as photocopies.
I'd be tempted to pay my bills with checks signed instead by celebrities, with the hope that perhaps the person receiving the check would value the autograph more than the amount on the check, except that they would still get that routing number and be able to get the payment and keep the autograph.
To protect against accidental disclosure, why can't they print the routing number in black magnetic ink on top of a black field of non-magnetic ink? The check-reading machines can still decode it.
Re:Actually (Score:3, Interesting)
Re:This is getting old. (Score:3, Interesting)
In spite of all of that, a man once drew a check on the back of his teeshirt with a magic marker and the IRS successfully cashed it.
The whole "check by phone" thing also limits the value of the physical anti-forgery measures. It is possible to cash a check against your account that you have never even seen written to someone you have never heard of.
Further, what's to stop me from ordering a box of checks with your details on them (based on nothing more than I can learn from looking at a legitimate check you wrote or even a blank)?
All of those security measures are fine to keep people honest, but if someone is already inclined to criminal fraud, none of it is the least bit helpful.