• watch out

    From MRO@VERT/BBSESINF to All on Saturday, February 13, 2021 15:13:05
    so recently i had someone empty out one of my bank accounts and send it to robinhood.

    I have no clue how they did it. the 2 things i did recently was put my routing info into cashapp and zelle to send someone money recently.
    another thing is i was using an online password manager.

    it was like they were in my bank logged in as me even though i had security questions and all kinds of shit setup.
    this bank fucking blocks it if i even try to pay bills with my debit card and it got through. it's like the attacker found some exploit with their system.

    so it was a big chunk of money and i got it back.

    i wiped my desktop computer and reinstalled the OS. i also redid all my passwords on a clean system. i'm not using an online password manager anymore. i dont care what they say about encryption.

    not sure if this was related to the hedgefund attacks, but i'm glad that i found this out 1 hour before my bank closed and it's a bank holiday monday.
    i was able to lock it down and reverse it.

    I suggest everyone watch out and watch closely. turn on all the alerts for your credit cards and your bank accounts. CHANGE your login name as well as your password with your credit cards and bank accounts if you are able to.

    nothing replaces a watchful eye.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Arelor@VERT/PALANT to MRO on Saturday, February 13, 2021 18:17:02
    Re: watch out
    By: MRO to All on Sat Feb 13 2021 03:13 pm

    so it was a big chunk of money and i got it back.

    It is a good thing they reversed it back for you.

    It sucks that you have to go through all the security questions and checks and still get security breaches.

    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From MRO@VERT/BBSESINF to Arelor on Saturday, February 13, 2021 19:37:17
    Re: watch out
    By: Arelor to MRO on Sat Feb 13 2021 06:17 pm

    Re: watch out
    By: MRO to All on Sat Feb 13 2021 03:13 pm

    so it was a big chunk of money and i got it back.

    It is a good thing they reversed it back for you.

    It sucks that you have to go through all the security questions and checks and still get security breaches.


    that's because none of that stuff works. it's usually the other side that gets compromised.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Ogg@VERT/CAPCITY2 to MRO on Sunday, February 14, 2021 13:29:00
    Hello MRO!

    ** On Saturday 13.02.21 - 15:13, MRO wrote to All:

    so recently i had someone empty out one of my bank accounts
    and send it to robinhood.

    Do you use the Robinhood at all? I never heard of it until it
    made mention in the recent news about GameStop stocks.

    I have no clue how they did it. the 2 things i did recently
    was put my routing info into cashapp and zelle to send
    someone money recently. another thing is i was using an
    online password manager.

    OK.. so you spread out (or expose) your transfers across a
    variety of services. Maybe just stick to one method?

    it was like they were in my bank logged in as me even though
    i had security questions and all kinds of shit setup. this
    bank fucking blocks it if i even try to pay bills with my
    debit card and it got through. it's like the attacker found
    some exploit with their system.

    They probably took the routing info (it's just a stupid number)
    and managed to hack as middle-man or reverse process out of your
    legit accounts. Maybe a change in one bit was all it took to
    change from unauthorized to authourized. Truly pathetic -
    indeed!

    so it was a big chunk of money and i got it back.

    That's exactly what you ought to expect. Even if the hackers
    manipulated the systems using your routing info, the only
    direction a transfer using the routing info can occur is INTO
    your account. I provide routing info to people who want to make
    direct payments to me at their convenience and without the
    hassle of writing a cheque or using "cards"; they can go to my
    bank in person (or any branch) and make a "deposit" to the
    account that bears the routing info. Routing info does not
    accommodate the reverse - a withdrawal.

    i wiped my desktop computer and reinstalled the OS. i also
    redid all my passwords on a clean system. i'm not using an
    online password manager anymore. i dont care what they say
    about encryption.

    Good thing. Maybe you had a keylogger inhabiting your system.

    I came up with my own "encryption" method for generating
    passwords, and I stick to it. I don't need complex software to
    do it for me.

    not sure if this was related to the hedgefund attacks, but
    i'm glad that i found this out 1 hour before my bank closed
    and it's a bank holiday monday. i was able to lock it down
    and reverse it.

    I'm surprised that the bank got anything done within one hour of
    closing!

    I suggest everyone watch out and watch closely. turn on all
    the alerts for your credit cards and your bank accounts.
    CHANGE your login name as well as your password with your
    credit cards and bank accounts if you are able to.

    The first time I made rather large purchases all at once was
    back in 1994 when I purchased two speaker systems, two tape
    decks and two CD players (one set for me, and another set for a
    family member). On the same day, later in the evening, I got a
    voice-call from the credit card company alerting me of
    "suspicious" activity.

    I haven't needed to make large purchases like that with the
    cards since then, but I never got an alert from the credit card
    company when I noticed a $1100 entry by AirCanada, on Jan 1,
    2014 on my paper statement. Pissed me off that the credit card
    company allowed it to happen in the first place! When I called
    to enquire, all they could think of was to blame *me* saying
    that *I* must have lost my card, or compromised my PIN, or
    actually authorized the purchase. Bull. But all they offered to
    do was reverse the transaction, cancel the existing card and
    send me a new one. That pised me off, because that required me
    to physically visit a branch (which was over 40km away) to pick
    up the new card, and meanwhile I was locked out of viewing the
    status of that account online until the card was issued - which
    took 10 days.

    The problem is that banks and credit card companies probably
    keep card numbers and associated metadata all IN THE CLEAR on
    their sysyems! This whole problem could be easily mitigated if
    they kept the stored data encrypted.


    --- OpenXP 5.0.48
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Ogg@VERT/CAPCITY2 to MRO on Sunday, February 14, 2021 13:41:00
    Hello MRO!

    ** On Saturday 13.02.21 - 19:37, MRO wrote to Arelor:

    It sucks that you have to go through all the security
    questions and checks and still get security breaches.

    that's because none of that stuff works. it's usually the
    other side that gets compromised. -+-

    It doesn't work because they probably keep the metadata in the
    clear in fancy spreadsheets and databases for easy look-up.

    The "system" should operate more like PGP with a key-exchange.

    It's a silly nonsense to have a credit card number (easily
    copied and shared, plus the name on the card to be sufficient to
    "authorize" a purchase.

    The extra 3-digit code on the pack and even the PIN method is a
    good improvement when using a physical card, and when making a
    purchase over the phone. But once you disclose your numbers
    (including the 3-digit code) to the person on the other end,
    THEY could easily compromise that same card if they wrote all
    that shit down on a piece of paper and later some industrial spy
    takes note, or if their computers get hacked.

    I take credit card purchases over the phone, but I never write
    down the numbers - I enter them directly in the POS device while
    the person is dictating them. The device never prints out the
    full card number and never the name, either.

    --- OpenXP 5.0.48
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From MRO@VERT/BBSESINF to Ogg on Sunday, February 14, 2021 14:42:57
    Re: watch out
    By: Ogg to MRO on Sun Feb 14 2021 01:29 pm

    Hello MRO!

    ** On Saturday 13.02.21 - 15:13, MRO wrote to All:

    so recently i had someone empty out one of my bank accounts
    and send it to robinhood.

    Do you use the Robinhood at all? I never heard of it until it
    made mention in the recent news about GameStop stocks.

    like last year i made an account and never used it.
    someone made a new robinhood account and transfered it.

    online password manager.

    OK.. so you spread out (or expose) your transfers across a
    variety of services. Maybe just stick to one method?


    i usually use google pay but this person didn't use it.


    They probably took the routing info (it's just a stupid number)
    and managed to hack as middle-man or reverse process out of your
    legit accounts. Maybe a change in one bit was all it took to
    change from unauthorized to authourized. Truly pathetic -
    indeed!


    whats weird is they tried to setup another bank account in my credit union account. that's when they were blocked and i got the notification.

    then on the phone i saw the money that was transfered out.

    That's exactly what you ought to expect. Even if the hackers
    manipulated the systems using your routing info, the only
    direction a transfer using the routing info can occur is INTO
    your account. I provide routing info to people who want to make
    direct payments to me at their convenience and without the
    hassle of writing a cheque or using "cards"; they can go to my
    bank in person (or any branch) and make a "deposit" to the
    account that bears the routing info. Routing info does not
    accommodate the reverse - a withdrawal.


    well they had access to do everything for some reason. i dont think security will tell me everything. maybe they have a flaw in their system.


    i wiped my desktop computer and reinstalled the OS. i also
    redid all my passwords on a clean system. i'm not using an
    online password manager anymore. i dont care what they say
    about encryption.

    Good thing. Maybe you had a keylogger inhabiting your system.

    I came up with my own "encryption" method for generating
    passwords, and I stick to it. I don't need complex software to
    do it for me.

    not sure if this was related to the hedgefund attacks, but
    i'm glad that i found this out 1 hour before my bank closed
    and it's a bank holiday monday. i was able to lock it down
    and reverse it.

    I'm surprised that the bank got anything done within one hour of
    closing!


    yeah i'm lucky i got someone. good thing there's a waiting period on these transfers. i'm getting all new everything with that credit union incase i'm on some list online.

    i never had something like this happen before.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From MRO@VERT/BBSESINF to Ogg on Sunday, February 14, 2021 14:44:27
    Re: watch out
    By: Ogg to MRO on Sun Feb 14 2021 01:41 pm

    It doesn't work because they probably keep the metadata in the
    clear in fancy spreadsheets and databases for easy look-up.


    I take credit card purchases over the phone, but I never write
    down the numbers - I enter them directly in the POS device while
    the person is dictating them. The device never prints out the


    i worked at kmart years ago as a pt job and in their attic they had paper boxes full of green and white fanfold. they had all the transactions printed out with the credit card numbers on there. totally nuts.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Ogg@VERT/CAPCITY2 to MRO on Sunday, February 14, 2021 22:20:00
    Hello MRO!

    ** On Sunday 14.02.21 - 14:42, MRO wrote to Ogg:

    whats weird is they tried to setup another bank account in
    my credit union account. that's when they were blocked and i
    got the notification.

    Were they attempting to set up another account under YOUR name
    or was it under another name?

    Here in Canada, usually opening an account requires an in-person
    visit to a bank. They want a record of your signature and other
    ID on file. So, setting up an account electronically would seem
    to be a red-flag.

    then on the phone i saw the money that was transfered out.

    I've heard of social engineering attempts to override 2FA. One
    of the Krebs On Security articles described such a scenario in
    detail where the fraudster impersonates the account holder and
    tries to convince someone at the bank to change things manually.

    There are recent articles at Krebs On Security about ongoing
    stolen credit card sites, and sites that sell valid bank and
    credit card credentials.

    ..the systems using your routing info, the only direction a
    transfer using the routing info can occur is INTO your
    account. ... Routing info does not accommodate the reverse
    - a withdrawal.

    well they had access to do everything for some reason. i
    dont think security will tell me everything. maybe they have
    a flaw in their system.

    Very concerning, indeed! But you can rule out that the routing
    info was at fault. Routing info is the same set of numbers that
    usually appear in magnetic ink at the bottom of cheques. Routing
    info only accommodates money going INTO an account.

    It sounds like the fraudsters were trying pose as you, to get a
    new account (same routing info which merely identifies a
    specific bank location and account), establish their own 2FA
    that they could control and then deposit money into.

    I'm surprised that the bank got anything done within one
    hour of closing!

    yeah i'm lucky i got someone. good thing there's a waiting
    period on these transfers. i'm getting all new everything
    with that credit union incase i'm on some list online.

    Ah.. a credit union! Maybe they have smaller budgets for
    electronic security than a larger bank?

    I do plenty of electronic purchases for the supplies at my shop.
    Most of them are pre-established with the suppliers. But I limit
    those to two cards that I never use with anyone else. If a new
    vendor would suddenly appear on my statement, I could narrow
    down the compromised system to one of the genuine suppliers.

    I only use Paypal for most other purchases online when using a
    web browser. If suddenly a payment would occur on PP and to the
    credit card tied to my PP account, then I know that PP would be
    compromised - but it hasn't happend yet.

    It just astonishes me how seemingly easily bank accounts get
    compromised to this day.

    --- OpenXP 5.0.48
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From HusTler@VERT/HAVENS to MRO on Monday, February 15, 2021 07:36:28
    Re: watch out
    By: MRO to Ogg on Sun Feb 14 2021 02:44 pm

    i worked at kmart years ago as a pt job and in their attic they had paper boxes full of green and white fanfold. they had all the transactions printe out with the credit card numbers on there. totally nuts. ---

    No shit?? That's F*&cked up. And Kmart no less.

    ... The wages of sin are unreported.

    ---
    þ Synchronet þ Havens BBS havens.synchro.net
  • From Thumper@VERT/THEWASTE to MRO on Monday, February 15, 2021 08:28:00
    MRO wrote to All <=-

    so recently i had someone empty out one of my bank accounts and send it
    to robinhood.

    I have no clue how they did it. the 2 things i did recently was put my routing info into cashapp and zelle to send someone money recently. another thing is i was using an online password manager.

    it was like they were in my bank logged in as me even though i had security questions and all kinds of shit setup. this bank fucking
    blocks it if i even try to pay bills with my debit card and it got through. it's like the attacker found some exploit with their system.

    so it was a big chunk of money and i got it back.

    i wiped my desktop computer and reinstalled the OS. i also redid all my passwords on a clean system. i'm not using an online password manager anymore. i dont care what they say about encryption.

    not sure if this was related to the hedgefund attacks, but i'm glad
    that i found this out 1 hour before my bank closed and it's a bank
    holiday monday. i was able to lock it down and reverse it.

    I suggest everyone watch out and watch closely. turn on all the alerts
    for your credit cards and your bank accounts. CHANGE your login name
    as well as your password with your credit cards and bank accounts if
    you are able to.

    Yup. Had my Bank freeze my card as someone tried to buy $700.00 of items at Best Buy and then $400.00+ worth of clothes from some online place. Got a new card but now they did it again to me when I paid my car tags. Let the online payment charge go through but blocked the actual payment for tags....


    ... MultiMail, the new multi-platform, multi-format offline reader!
    --- MultiMail/Win v0.52
    þ Synchronet þ -=The Wastelands BBS=- -=Since 1990=-
  • From Ogg@VERT/CAPCITY2 to MRO on Monday, February 15, 2021 09:26:00
    Hello MRO!

    ** On Sunday 14.02.21 - 14:44, MRO wrote to Ogg:

    i worked at kmart years ago as a pt job and in their attic
    they had paper boxes full of green and white fanfold. they
    had all the transactions printed out with the credit card
    numbers on there. totally nuts. -+-

    I do hope today's businesses protect credit card info better
    than that now.

    My POS only prints the last 4 digits. It identifies the brand of
    card: VISA, Mastercard or debit. And that's about it. No names.
    Nobody can do anything with my paper copies if they thought they
    could use something.

    My device only connects to the service directly. My own
    computers don't record or store any of that. Today's breaches
    are often because of a hack that accesses a business's own (in
    the clear) records.


    --- OpenXP 5.0.48
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From MRO@VERT/BBSESINF to Ogg on Monday, February 15, 2021 16:37:22
    Re: watch out
    By: Ogg to MRO on Sun Feb 14 2021 10:20 pm

    got the notification.

    Were they attempting to set up another account under YOUR name
    or was it under another name?

    Here in Canada, usually opening an account requires an in-person
    visit to a bank. They want a record of your signature and other
    ID on file. So, setting up an account electronically would seem
    to be a red-flag.


    they setup a netspend account as an external account which would allow them to transfer funds back and forth.

    ..the systems using your routing info, the only direction a
    transfer using the routing info can occur is INTO your
    account. ... Routing info does not accommodate the reverse
    - a withdrawal.


    no they had the routing info and my bank account info so they can do a wire transfer.

    It sounds like the fraudsters were trying pose as you, to get a
    new account (same routing info which merely identifies a
    specific bank location and account), establish their own 2FA
    that they could control and then deposit money into.



    no, they just wanted to take all the money in my account. they took most of it but i caught it.


    It just astonishes me how seemingly easily bank accounts get
    compromised to this day.


    they have a lot of attackers, ALL the time. it's a lot to fight against.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From matjam@VERT/STUPID to MRO on Tuesday, February 16, 2021 09:05:24
    Re: watch out
    By: MRO to Ogg on Mon Feb 15 2021 04:37 pm

    no they had the routing info and my bank account info so they can do a wire transfer.

    It's nuts to me that all you need is the bank acct # and a routing # and you can bleed an account dry with ACH transfers.

    Like, what? Why is this a thing? Why don't banks require you to log into your online banking first to approve the transfer out?

    I've not had this happen to me, but I would hope that the bank's fraud department would very quickly reverse those transfers for you.

    ... I like long walks, especially when they are taken by people who annoy me.

    ---
    þ Synchronet þ [Stupendous BBS - bbs.stupendous.net]
  • From Bob Roberts@VERT/HOVAL to Ogg on Tuesday, February 16, 2021 15:10:16
    Re: watch out
    By: Ogg to MRO on Sun Feb 14 2021 10:20 pm

    I've heard of social engineering attempts to override 2FA. One
    of the Krebs On Security articles described such a scenario in
    detail where the fraudster impersonates the account holder and
    tries to convince someone at the bank to change things manually.

    I've had a bank account compromised as well. They did it by calling customer service and pretending to be me. They knew the answers to my security questions because I had things like Mothers' Maiden.

    Just a tip for everyone: The answer to your security question should be something insane that isn't actually data someone can find out about you. Your First Grade Teacher's name should be something like "ZebraFrankenstein" and your Favorite Movie is "CoffeeDishwasherTelevision". I learned that the hard way.

    What is annoying about the Customer Service route is there are no alerts. My bank will send me 16 text messages if someone logs into my account on the web, or uses my credit card to buy something. But there is no alert if someone calls Customer Service and says they are me. Why not? If there was I would know known there was a problem sooner.

    Bob Roberts

    ---
    þ Synchronet þ Halls of Valhalla =San=Francisco= hovalbbs.com:2333
  • From MRO@VERT/BBSESINF to matjam on Tuesday, February 16, 2021 17:48:50
    Re: watch out
    By: matjam to MRO on Tue Feb 16 2021 09:05 am

    By: MRO to Ogg on Mon Feb 15 2021 04:37 pm

    no they had the routing info and my bank account info so they can do a wire transfer.

    It's nuts to me that all you need is the bank acct # and a routing # and you can bleed an account dry with ACH transfers.

    Like, what? Why is this a thing? Why don't banks require you to log into your online banking first to approve the transfer out?

    I've not had this happen to me, but I would hope that the bank's fraud department would very quickly reverse those transfers for you.



    yeah, only thing i can do is open up a new account with new numbers so i did that. they also cant provide any information other than point out a payment that was rejected which was me trying to pay the server bill! *sigh*

    they did block the dude from linking a new account in there, but would have been nice if they blocked him transfering the money to robinhood.

    i got my money back, though. that's why they have a business day thing. good thing i got it quick because of president's day
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Nightfox@VERT/DIGDIST to matjam on Wednesday, February 17, 2021 08:11:40
    Re: watch out
    By: matjam to MRO on Tue Feb 16 2021 09:05 am

    It's nuts to me that all you need is the bank acct # and a routing # and you can bleed an account dry with ACH transfers.

    Like, what? Why is this a thing? Why don't banks require you to log into your online banking first to approve the transfer out?

    Also, I've noticed many stores in my area don't require a signature for card transactions anymore.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
  • From Dream Master@VERT/CIAD to Nightfox on Wednesday, February 17, 2021 13:08:37
    Re: watch out
    By: Nightfox to matjam on Wed Feb 17 2021 08:11 am

    Also, I've noticed many stores in my area don't require a signature for card transactions anymore.

    That was a remnant when all the stores used that impression machine. There was always that statement on credit card receipts about paying, blah blah. Once we went EMV and PIN, the need for a signature went away.

    Hell... in Europe, I can't remember the last time I signed a credit card receipt.

    Brian Klauss <-> Dream Master
    Caught in a Dream | caughtinadream.com a Synchronet BBS

    ---
    þ Synchronet þ Caught in a Dream - caughtinadream.com
  • From MRO@VERT/BBSESINF to Nightfox on Wednesday, February 17, 2021 17:40:20
    Re: watch out
    By: Nightfox to matjam on Wed Feb 17 2021 08:11 am

    Re: watch out
    By: matjam to MRO on Tue Feb 16 2021 09:05 am

    It's nuts to me that all you need is the bank acct # and a routing # and you can bleed an account dry with ACH transfers.

    Like, what? Why is this a thing? Why don't banks require you to log into your online banking first to approve the transfer out?

    Also, I've noticed many stores in my area don't require a signature for card transactions anymore.


    i know another person who lost some money. this time they think she wrote a check even though her checks are locked away.

    i remember when you had to show your card and they'd make sure the card was signed. i would write 'check id' on the card but they wouldnt ask for my id.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Ogg@VERT/CAPCITY2 to Dream Master on Wednesday, February 17, 2021 19:59:00
    Hello Dream Master!

    ** On Wednesday 17.02.21 - 13:08, Dream Master wrote to Nightfox:

    Also, I've noticed many stores in my area don't require a
    signature for card transactions anymore.

    ..Once we went EMV and PIN, the need for a signature went away.

    Hell... in Europe, I can't remember the last time I signed
    a credit card receipt.

    The PIN method or the contactless method (ApplePay, PayPass) in
    Canada has basically done away with requiring signatures too.
    But the POS will sometimes spewout a receipt requesting for a
    signature. The scribble on the paper by the customer doesn't
    prove ownership, but it gives me as the vendor the extra
    documentation that "someone" used that card and I was the
    witness.


    --- OpenXP 5.0.48
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Ogg@VERT/CAPCITY2 to MRO on Wednesday, February 17, 2021 20:41:00
    Hello MRO!

    ** On Wednesday 17.02.21 - 17:40, MRO wrote to Nightfox:


    i know another person who lost some money. this time they
    think she wrote a check even though her checks are locked
    away.

    Recently, I was expecting a payment for a special order and the
    customer wrote that they could deposit INTO my bank account by
    suggesting this:

    "Set up your direct deposits and pre-authorized payments easily
    and conveniently

    "Direct Deposit is a fast and easy way to receive your payroll
    or other deposits directly into your chequing account. Pre-
    authorized Payment is a convenient way to automatically pay your
    bills from your chequing account. This form provides account
    information in place of a voided cheque and is used when
    arranging for direct deposits or pre-authorized payments. Simply
    complete this form and submit it to the organization depositing
    the payment into your account.

    The rest of the form provides "official" sections where I write
    in my bank's transit number and my bank-account number - which
    is the same info found in magnetic ink on a cheque.

    But I don't like the way the pre-amble is worded. It suggests
    that if I comply with providing the info, then they will also
    have the authority to take money OUT of my account - much like
    how pre-authorized payments get arranged.

    The part "for direct deposits OR pre-authorized payments" is the
    problem.

    I want these people to pay ME, and not ever have the privilege
    to take anything OUT of my account. But the form seems to allow
    them to legally do either.

    No thanks. I suggested a simple eTransfer (via email) but they
    gave me some unconvincing excuse. They also did not offer to
    provide credit card info to me over the phone; very strange.

    So.. this whole thing - a few messages back where I mentioned
    that giving someone your transit number and account number to
    make it convenient for them to deposit money into YOUR account -
    has changed! I forgot about the pre-authorized agreements that
    some companies have now suggested inorder to automate monthly
    billing payments to them. I don't participate in any pre-
    authorized payment arrangements; it's too easy for those
    companies to take out TOO MUCH money in error and not be held
    accountable.

    The transit and account info is found on printed cheques. People
    who receive your cheques have the opportunity to record those
    numbers. But it was my understanding that no one could
    legitimated do anything with them except to DEPOSIT money into
    the account that represents those numbers. Now it sounds like
    the banks have allowed the reverse to happen.

    --- OpenXP 5.0.48
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Ogg@VERT/CAPCITY2 to Bob Roberts on Wednesday, February 17, 2021 20:51:00
    Hello Bob Roberts!

    ** On Tuesday 16.02.21 - 15:10, Bob Roberts wrote to Ogg:

    I've had a bank account compromised as well. They did it
    by calling customer service and pretending to be me. They
    knew the answers to my security questions because I had
    things like Mothers' Maiden.

    I've smartened up about that too over the years. No one but me
    would ever guess what I use for my mom's maiden name. I have too
    many cousins that would easily know the real name. What a
    stupid INSECURE security question!

    Just a tip for everyone: The answer to your security
    question should be something insane that isn't actually
    data someone can find out about you. Your First Grade
    Teacher's name should be something like "ZebraFrankenstein"
    and your Favorite Movie is "CoffeeDishwasherTelevision". I
    learned that the hard way.

    If you use the same "insane" names everywhere else, you have to
    hope that the systems that they are utilized on do not get
    breached - otherwise you would have to come up more insanity.

    But I concur with using non-typical answers for those questions.


    What is annoying about the Customer Service route is there
    are no alerts. My bank will send me 16 text messages if
    someone logs into my account on the web, or uses my credit
    card to buy something. But there is no alert if someone
    calls Customer Service and says they are me. Why not? If
    there was I would know known there was a problem sooner.

    Put yourself in the bank's position for a moment. People DO
    change their phone numbers. If the legitimate you called from a
    NEW phone, how would the bank know to alert you that you called
    them, especially if the old number nolonger existed? <G>



    --- OpenXP 5.0.48
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Barmed@VERT/OASISBBS to Ogg on Thursday, February 18, 2021 07:59:00
    On 17 Feb 2021, Ogg said the following...
    Recently, I was expecting a payment for a special order and the
    customer wrote that they could deposit INTO my bank account by suggesting this:

    "Set up your direct deposits and pre-authorized payments easily
    and conveniently

    "Direct Deposit is a fast and easy way to receive your payroll
    or other deposits directly into your chequing account. Pre-
    authorized Payment is a convenient way to automatically pay your
    bills from your chequing account. This form provides account
    information in place of a voided cheque and is used when
    arranging for direct deposits or pre-authorized payments. Simply
    complete this form and submit it to the organization depositing
    the payment into your account.

    That more or less is the wording I've seen on most direct deposit forms
    payroll checks, which does authorize the reverse as well.

    I had an issue at one company where we started a weekend warehouse shift, as the manufacturing floor was beginning to run 24 hours 7 days a week to meet demand. Our on call system generally covered any needs they might have come
    up over night, but they decided they needed people full time on weekends.

    So for us itvwas a sweet deal. 3 12 hour days and we were paid for 40 hours. Plus $1/hr shift differential. I got and additional $1/hr premium as team
    lead. However, my pay was constantly wrong, as apparently no one knew how to process payroll for soneone with 2 premiums.

    After calling around, the woman who submitted our time was told to send in my hours with some code, which would go back and catch any money owed me, and going forward correctly process my pay.

    My next check was repayment for an entire month, not just what Ivwas owed. Needless to say, the following Monday, corporate accounting was trying to reverse that payment, but my wife beat them to it.

    But as we were working on a repayment schedule for around $3500, Going over
    all of the documents, it's pretty clear the direct deposit forms allow the reverse to happen.

    --- Mystic BBS v1.12 A46 2020/08/26 (Raspberry Pi/32)
    * Origin: theoasisbbs.ddns.net:1357
  • From Bob Roberts@VERT/HOVAL to Ogg on Thursday, February 18, 2021 08:02:11
    Re: watch out
    By: Ogg to Bob Roberts on Wed Feb 17 2021 08:51 pm

    Put yourself in the bank's position for a moment. People DO
    change their phone numbers. If the legitimate you called from a
    NEW phone, how would the bank know to alert you that you called
    them, especially if the old number nolonger existed? <G>

    The alert wouldn't be conditional. It would simply send me a text message everytime someone called Customer Service and "authenticated" as me. Just ike the alerts they send when I use my credit card, or perform a funds transfer.

    The text message would be sent to the number they have on file, just like the existing alerts they have. Some banks use push notifications via their Apps. Whatever works.

    Bob Roberts

    ---
    þ Synchronet þ Halls of Valhalla =San=Francisco= hovalbbs.com:2333
  • From Nightfox@VERT/DIGDIST to Dream Master on Thursday, February 18, 2021 08:12:54
    Re: watch out
    By: Dream Master to Nightfox on Wed Feb 17 2021 01:08 pm

    Also, I've noticed many stores in my area don't require a signature
    for card transactions anymore.

    That was a remnant when all the stores used that impression machine. There was always that statement on credit card receipts about paying, blah blah. Once we went EMV and PIN, the need for a signature went away.

    What is EMV? Also, the only cards I've had with a PIN are my debit cards. I've never had a PIN for a credit card.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
  • From MRO@VERT/BBSESINF to Ogg on Thursday, February 18, 2021 17:53:30
    Re: watch out
    By: Ogg to MRO on Wed Feb 17 2021 08:41 pm

    i know another person who lost some money. this time they
    think she wrote a check even though her checks are locked
    away.

    Recently, I was expecting a payment for a special order and the
    customer wrote that they could deposit INTO my bank account by
    suggesting this:

    "Set up your direct deposits and pre-authorized payments easily
    and conveniently

    "Direct Deposit is a fast and easy way to receive your payroll
    or other deposits directly into your chequing account. Pre-
    authorized Payment is a convenient way to automatically pay your
    bills from your chequing account. This form provides account
    information in place of a voided cheque and is used when
    arranging for direct deposits or pre-authorized payments. Simply
    complete this form and submit it to the organization depositing
    the payment into your account.

    The rest of the form provides "official" sections where I write
    in my bank's transit number and my bank-account number - which
    is the same info found in magnetic ink on a cheque.

    But I don't like the way the pre-amble is worded. It suggests
    that if I comply with providing the info, then they will also
    have the authority to take money OUT of my account - much like
    how pre-authorized payments get arranged.



    yeah if you have direct deposit they can TAKE as well as give.
    there's a place that was going out of business that did a direct deposit to employee's bank accounts and then took it back. some banks and credit unions found out about it and blocked it from happening.

    since you signed that paper you authorized it so you it's your word vs theirs. i wouldnt trust it.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Dream Master@VERT/CIAD to Ogg on Thursday, February 18, 2021 18:34:21
    Re: watch out
    By: Ogg to Dream Master on Wed Feb 17 2021 07:59 pm

    signature. The scribble on the paper by the customer doesn't
    prove ownership, but it gives me as the vendor the extra
    documentation that "someone" used that card and I was the
    witness.

    Some years ago my daughters were selling Girl Scout cookies. We had a credit card reader on our phones and we had a customer swipe and sign. He disputed the transaction and I had to eat the cost. EVEN AFTER SIGNING!!!

    People suck.

    Brian Klauss <-> Dream Master
    Caught in a Dream | caughtinadream.com a Synchronet BBS

    ---
    þ Synchronet þ Caught in a Dream - caughtinadream.com
  • From Dream Master@VERT/CIAD to Nightfox on Thursday, February 18, 2021 18:39:06
    Re: watch out
    By: Nightfox to Dream Master on Thu Feb 18 2021 08:12 am

    What is EMV? Also, the only cards I've had with a PIN are my debit cards. I've never had a PIN for a credit card.

    I had a feeling someone was going to ask me about that. EMV - Europay, Mastercard, and Visa ... basically, a chipcard that is readable globally.

    Brian Klauss <-> Dream Master
    Caught in a Dream | caughtinadream.com a Synchronet BBS

    ---
    þ Synchronet þ Caught in a Dream - caughtinadream.com
  • From Ogg@VERT/CAPCITY2 to Nightfox on Thursday, February 18, 2021 17:21:00
    Hello Nightfox!

    ** On Thursday 18.02.21 - 08:12, Nightfox wrote to Dream Master:

    Also, I've noticed many stores in my area don't require a
    signature for card transactions anymore.

    That was a remnant when all the stores used that
    impression machine. There was always that statement on
    credit card receipts about paying, blah blah. Once we went
    EMV and PIN, the need for a signature went away.

    What is EMV? Also, the only cards I've had with a PIN are
    my debit cards. I've never had a PIN for a credit card.

    EMV = Europay/Mastercard/Visa? I'm not sure what DM means by
    that either. When I refer to credit card payments, I usually
    just use the term CC.

    PIN was implemented practically simultaneously in both debit and
    CCs here in Canada.


    --- OpenXP 5.0.48
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Ogg@VERT/CAPCITY2 to MRO on Thursday, February 18, 2021 20:54:00
    Hello MRO!

    ** On Thursday 18.02.21 - 17:53, MRO wrote to Ogg:

    But I don't like the way the pre-amble is worded. It
    suggests that if I comply with providing the info, then they
    will also have the authority to take money OUT of my account
    - much like how pre-authorized payments get arranged.

    yeah if you have direct deposit they can TAKE as well as
    give. there's a place that was going out of business that
    did a direct deposit to employee's bank accounts and then
    took it back.

    That's playing dirty. Shame on that biz.

    some banks and credit unions found out about it and blocked
    it from happening.

    It usually takes 3-4 days for a cheque to clear. Since the pre-
    authorized payments/deposits are based on the same numbers,
    there were a few days to intercede, I guess.

    since you signed that paper you authorized it so you it's
    your word vs theirs. i wouldnt trust it.

    Well.. I didn't sign anything. I wrote back saying that I am not
    comfortable in the working of the agreement, and told them I
    will be fine with them sending a cheque as payment.

    --- OpenXP 5.0.48
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Ogg@VERT/CAPCITY2 to Bob Roberts on Thursday, February 18, 2021 21:57:00
    Hello Bob Roberts!

    ** On Thursday 18.02.21 - 08:02, Bob Roberts wrote to Ogg:

    Put yourself in the bank's position for a moment. People
    DO change their phone numbers. If the legitimate you
    called from a NEW phone, how would the bank know to alert
    you that you called them, especially if the old number
    nolonger existed? <G>

    The alert wouldn't be conditional. It would simply send me
    a text message everytime someone called Customer Service
    and "authenticated" as me. Just ike the alerts they send
    when I use my credit card, or perform a funds transfer.

    So if the real you called from a new phone, then the alert can
    go to the now non-existant (previous/old) phone number and
    therefore wouldn't matter? OK.

    But techincally, how could the actual phone alert be tied into
    the phone system? I can see how such an alert can work when
    visiting websites, detecting failed logins, and getting alerts.
    But I don't think there even exists a way to alert you if
    someone just happened to call the bank and mention your name.

    If you expect to get a text message for every authentication
    attempt, the clerk/person on the other end would need to
    activate a "send text alert" button or something. That extra
    technology probably doesn't even exist on their systems.

    I get text alerts when my balance falls below a certain amount,
    and when a significant payment goes through. Although the info
    is handy, it doesn't really help much in preventing an
    unauthorized activity happening in the first place. :(


    The text message would be sent to the number they have on
    file, just like the existing alerts they have. Some banks
    use push notifications via their Apps. Whatever works.

    But the problem is how does the sending of the text message get
    activated? Does the customer service agent have a big red button
    on their desk?


    --- OpenXP 5.0.48
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Ogg@VERT/CAPCITY2 to Barmed on Thursday, February 18, 2021 22:21:00
    Hello Barmed!

    ** On Thursday 18.02.21 - 07:59, Barmed wrote to Ogg:

    ..This form provides account information in place of a
    voided cheque and is used when arranging for direct
    deposits or pre-authorized payments. Simply complete this
    form and submit it to the organization depositing the
    payment into your account.

    That more or less is the wording I've seen on most direct
    deposit forms payroll checks, which does authorize the
    reverse as well.

    What many people may not realize is that they also have the
    power to re-word those things (crossing out what doesn't apply),
    initial it (ideally initialled by the initiator as well) and the
    modified doc is the new doc.

    I have a problem with the first sentence in my quoted part above
    where is says "used when arrranging for direct deposits *OR*
    pre-authorized payments."

    The people with whom I am dealing with owe me cash. With my
    obliging with that form/agreement, it would appear that I would
    be agreeing for the reverse transaction too. Maybe they think
    they are just trying to be efficient by producing a singular
    document that serves two purposes.

    Ideally the document could give the choice of one type of
    transaction only: [1] payment/withdrawals, or [2] deposits, but
    not both. I would then participate more readily.

    I've seen these pre-authorized payment "agreements" written in
    such a way that in small print they stipulate that "in case of
    error, the signer agrees not to hold the institution at fault
    and shall not prosecute." It is a shame that people actually go
    along with this.

    Needless to say, the following Monday, corporate accounting
    was trying to reverse that payment, but my wife beat them to
    it.

    Amazing story. I signed up for auto-pay deposits with one of
    the last corporations I worked at. I do remember that the
    agreement only said that it was ONLY for the purposes of deposit
    to the employee's account.

    But as we were working on a repayment schedule for around
    $3500, Going over all of the documents, it's pretty clear
    the direct deposit forms allow the reverse to happen.

    People forget that they can cross out anything they do not agree
    with. Initial the changes. Have it witnessed if possible.

    I am tempted to educate the "customer" that wanted me to sign
    their auto-pay/deposit form and tell them what exactly why I
    refuse to sign it.

    The fact that they refused to consider an eTransfer to me which
    is much easier and simpler than the whole auto-pay/deposit
    shenanigans is telling.

    An eTransfer is a guaranteed one-way transaction - into my
    account. There is nothing that facilitates the person making the
    transaction to reverse it. I like that!


    --- OpenXP 5.0.48
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Rampage@VERT/SESTAR to Ogg on Friday, February 19, 2021 04:29:44
    Re: watch out
    By: Ogg to Bob Roberts on Thu Feb 18 2021 21:57:00


    If you expect to get a text message for every authentication
    attempt, the clerk/person on the other end would need to
    activate a "send text alert" button or something. That extra
    technology probably doesn't even exist on their systems.

    the system may already be coded to send these alerts without any intervention or knowledge of the clerk... the simple act of them accessing the account could trigger it... think about it ;)


    )\/(ark

    ---
    þ Synchronet þ The SouthEast Star Mail HUB - SESTAR
  • From poindexter FORTRAN@VERT/REALITY to Barmed on Friday, February 19, 2021 06:25:00
    Barmed wrote to Ogg <=-

    My next check was repayment for an entire month, not just what Ivwas
    owed. Needless to say, the following Monday, corporate accounting was trying to reverse that payment, but my wife beat them to it.

    Reminds me of when I worked for a startup. I was hired at a base rate with a $15K/year bump when they received their second round of funding. Newbie CEO didn't catch that they were paying me for the first 2 months at the higher rate, and decided without telling me to lower my rate by $30K to even it
    out.

    Much discussion ensued, and I suggested they pay me at the base rate that they'd promised, and delay my bump for 2 months after funding.

    Newbie CEO liked that idea. I didn't like the CEO much after that, and used
    a project to downsize their server footprint and get the systems to run on autopilot as the beginning of my consulting career after they failed to get
    a second round of funding.




    ... The robots can go off-script?
    --- MultiMail/DOS v0.52
    þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org
  • From poindexter FORTRAN@VERT/REALITY to MRO on Friday, February 19, 2021 06:27:00
    MRO wrote to Ogg <=-

    yeah if you have direct deposit they can TAKE as well as give.
    there's a place that was going out of business that did a direct
    deposit to employee's bank accounts and then took it back. some banks
    and credit unions found out about it and blocked it from happening.

    I learned that after being let go from a company. They'd paid out my PTO and part of the time worked, less than I was owed.

    You think they'd make a payment for the remainder?

    No.

    This was local government. They clawed back the original direct deposit payment and re-processed the exit payment. It took 5 days to alert them to
    the mistake, zero time to retract the payment, and another 10 days to make
    the correct payment.

    If you're going to let someone go, at least get your ducks in a row.


    ... The robots can go off-script?
    --- MultiMail/DOS v0.52
    þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org
  • From poindexter FORTRAN@VERT/REALITY to Dream Master on Friday, February 19, 2021 06:29:00
    Dream Master wrote to Ogg <=-

    Some years ago my daughters were selling Girl Scout cookies. We had a credit card reader on our phones and we had a customer swipe and sign.
    He disputed the transaction and I had to eat the cost. EVEN AFTER SIGNING!!!

    Did you add them to the NATIONAL GIRL SCOUT DO NOT SELL LIST?

    Imagine if they went to buy cookies the following year from someone else and were declined.

    Big Scout strikes again.


    ... The robots can go off-script?
    --- MultiMail/DOS v0.52
    þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org
  • From poindexter FORTRAN@VERT/REALITY to Ogg on Friday, February 19, 2021 06:37:00
    Ogg wrote to Barmed <=-

    What many people may not realize is that they also have the
    power to re-word those things (crossing out what doesn't apply),
    initial it (ideally initialled by the initiator as well) and the
    modified doc is the new doc.

    With employment agreements, as well. I had a friend who'd redline anything
    he didn't want in there, and asked to speak to corporate counsel when
    someone told him it wasn't allowed.

    CC would look at it, shrug, and allow the redline.

    Once he redlined a non-poach clause, and after he had given his 4 week
    notice (he had a project he wanted to finish up) was overheard talking to
    one of his co-workers about the new job and positions there.

    The manager attempted to terminate him and walk him out the door, and he showed them his agreement with the redlines. They walked him out, but paid
    him the 4 weeks first. Shrewd guy.

    I wondered if that was his plan all along - he wouldn't have minded making
    the boss look bad as his last act.



    ... The robots can go off-script?
    --- MultiMail/DOS v0.52
    þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org
  • From Ogg@VERT/CAPCITY2 to Rampage on Friday, February 19, 2021 10:11:00
    Hello Rampage!

    ** On Friday 19.02.21 - 04:29, Rampage wrote to Ogg:

    the system may already be coded to send these alerts without
    any intervention or knowledge of the clerk... the simple act
    of them accessing the account could trigger it... think
    about it ;)

    Personally, I think that would be great. I'd love to know when a
    teller looks at my account when no one else is looking.

    But then, the automated system could be muted in times like
    that?

    The last time I walked into my bank, all 4 tellers looked busy
    behind their shields and masks - but no one else was around.
    They seemed to be clicking frantically with their mice. I
    imagined they were playing games? They didn't have any other
    paperwork in front of them.

    --- OpenXP 5.0.48
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Sprite@VERT/TINTETBB to Ogg on Friday, February 19, 2021 12:04:06
    Re: watch out
    By: Ogg to Dream Master on Wed Feb 17 2021 19:59:00

    The PIN method or the contactless method (ApplePay, PayPass) in
    Canada has basically done away with requiring signatures too.
    But the POS will sometimes spewout a receipt requesting for a
    signature. The scribble on the paper by the customer doesn't
    prove ownership, but it gives me as the vendor the extra
    documentation that "someone" used that card and I was the
    witness.

    Isn't the signature practice normally carried out depending on the store's SOP primarily based on the amount of the transaction? That's how it was at least a few years ago here when I last worked at a place where I had to deal with customers and transactions (in the US).

    ---
    þ Synchronet þ Tinfoil Tetrahedron BBS - skulking seedily against the Brave New World
  • From Sprite@VERT/TINTETBB to Dream Master on Friday, February 19, 2021 12:08:37
    Re: watch out
    By: Dream Master to Ogg on Thu Feb 18 2021 18:34:21

    Some years ago my daughters were selling Girl Scout cookies. We had a credi card reader on our phones and we had a customer swipe and sign. He disputed the transaction and I had to eat the cost. EVEN AFTER SIGNING!!!

    You're missing one thing that a regular retail outlet has: a small army of lawyers on retainer. :P
    IMO, anyway.

    ---
    þ Synchronet þ Tinfoil Tetrahedron BBS - skulking seedily against the Brave New World
  • From Nightfox@VERT/DIGDIST to Ogg on Friday, February 19, 2021 14:45:11
    Re: watch out
    By: Ogg to Rampage on Fri Feb 19 2021 10:11 am

    The last time I walked into my bank, all 4 tellers looked busy
    behind their shields and masks - but no one else was around.
    They seemed to be clicking frantically with their mice. I
    imagined they were playing games? They didn't have any other
    paperwork in front of them.

    I've never been a bank teller, so I don't know what all they need to do besides serving customers. I doubt they're playing games all the time, and if that's all they're doing, they could certainly serve customers. There may be other banking tasks they were working on.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
  • From Ogg@VERT/CAPCITY2 to matjam on Friday, February 19, 2021 19:00:00
    Hello matjam!

    ** On Tuesday 16.02.21 - 09:05, matjam wrote to MRO:

    no they had the routing info and my bank account info so
    they can do a wire transfer.

    It's nuts to me that all you need is the bank acct # and a
    routing # and you can bleed an account dry with ACH
    transfers.

    The way things are supposed to work with someone knowing your
    bank acct # and routing # (which are the same on your cheques
    is) that a regular person walking in to your bank (or one of its
    branches) can use those numbers to make a DEPOSIT ONLY.

    If it is an institution that has those numbers, then they have
    to show that YOU gave written approval (primarily for the
    purposes of taking money OUT for auto-payments) That is why the
    businesses that want to take money OUT of your account ask for a
    copy of a blank voided check. (They can't use a copy of a
    previously used cheque).

    Like, what? Why is this a thing? Why don't banks require you
    to log into your online banking first to approve the
    transfer out?

    They don't do that probably because it would be inefficient.
    Say, for example, if a transaction needs to be approved by you
    and you are not reachable - then what?

    I've not had this happen to me, but I would hope that the
    bank's fraud department would very quickly reverse those
    transfers for you.

    It seems that banks are sloppy and are not as thorough as we
    would hope they could be.

    --- OpenXP 5.0.48
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From MRO@VERT/BBSESINF to Ogg on Friday, February 19, 2021 20:27:25
    Re: watch out
    By: Ogg to MRO on Thu Feb 18 2021 08:54 pm

    yeah if you have direct deposit they can TAKE as well as
    give. there's a place that was going out of business that
    did a direct deposit to employee's bank accounts and then
    took it back.

    That's playing dirty. Shame on that biz.


    here's the article of some of it. they ended up doing bankruptcy and paying
    10 cents on the dollar to people. they were rich and lived in a gated community.

    https://journaltimes.com/business/local/failed-promotions-unlimited-saga-ends/article_38399315-f486-53a8-967d-cd3ebd27ad69.html

    they also took money for healthcare and childsupport but pocketed the money. ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Ogg@VERT/CAPCITY2 to Sprite on Friday, February 19, 2021 20:15:00
    Hello Sprite!

    ** On Friday 19.02.21 - 12:04, Sprite wrote to Ogg:

    By: Ogg to Dream Master on Wed Feb 17 2021 19:59:00
    The PIN method or the contactless method (ApplePay, PayPass)
    in Canada has basically done away with requiring signatures
    too. But the POS will sometimes spewout a receipt requesting
    for a signature. The scribble on the paper by the customer
    doesn't prove ownership, but it gives me as the vendor the
    extra documentation that "someone" used that card and I was
    the witness.

    Isn't the signature practice normally carried out
    depending on the store's SOP primarily based on the
    amount of the transaction? That's how it was at least a
    few years ago here when I last worked at a place where I
    had to deal with customers and transactions (in the US).

    I don't have control over what the POS terminal does. I have
    people using CC for purchases over $500 (as would the local
    library) and there is no prompt for a signature.

    My terminal device is with Chase Paymentech. They control the
    requirements. Sometimes people seem to be forced to insert the
    card for PIN operation when the device refuses to accept the
    contactless method.

    The only other time the device prints a receipt requesting a
    signature is when the card is non-Canadian or out of province.

    --- OpenXP 5.0.48
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Dream Master@VERT/CIAD to poindexter FORTRAN on Sunday, February 21, 2021 02:41:23
    Re: Re: watch out
    By: poindexter FORTRAN to Dream Master on Fri Feb 19 2021 06:29 am

    Did you add them to the NATIONAL GIRL SCOUT DO NOT SELL LIST?

    Imagine if they went to buy cookies the following year from someone else and were declined.

    I was using PayPal's Credit Card solution and it bit me in the ass. I switched back to Square and never had a problem afterwards.

    Now, your point about a DO NOT SELL list... That's be pretty slick.

    Starting last year, Girl Scouts were allowed to sell in front of Marijuana Dispenseries. Prior to that, they wouldn't allow it. Apparently, the powers that be realized that if you're going to smoke, you'll likely get hungry afterwards.

    Brian Klauss <-> Dream Master
    Caught in a Dream | caughtinadream.com a Synchronet BBS

    ---
    þ Synchronet þ Caught in a Dream - caughtinadream.com
  • From poindexter FORTRAN@VERT/REALITY to Dream Master on Sunday, February 21, 2021 07:58:00
    Dream Master wrote to poindexter FORTRAN <=-

    I was using PayPal's Credit Card solution and it bit me in the ass. I switched back to Square and never had a problem afterwards.

    I worked for eBay back before they spun off PayPal - they could have bought Square for chump change back then and written off their poorly implemented card solution.

    PayPal bit me when I had an eBay auction go sour. I shipped a working
    camera. The buyer didn't pay for insurance and sent the payment to an
    address of mine that PayPal wasn't linked to (and wasn't on the auction).
    So, he was pissed for the delay and threatening to sue.

    Camera arrived, he opened it up, tested it, and found it to be DOA (or broke it himself). Then instead of contacting me, contacted UPS and told them
    that he hadn't ordered it. UPS charged me for return shipping and PayPal deducted the price of the camera and double-shipping. After an exhaustive investigation, they ruled for the buyer, and took weeks to refund me the second shipping charge.

    As I recall, it worked just fine when I received it, and I resold it.



    ... Accept advice
    --- MultiMail/DOS v0.52
    þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org
  • From Dream Master@VERT/CIAD to poindexter FORTRAN on Sunday, February 21, 2021 21:23:43
    Re: Re: watch out
    By: poindexter FORTRAN to Dream Master on Sun Feb 21 2021 07:58 am

    PayPal bit me when I had an eBay auction go sour. I shipped a working camera. The buyer didn't pay for insurance and sent the payment to an address of mine that PayPal wasn't linked to (and wasn't on the auction). So, he was pissed for the delay and threatening to sue.

    Some years ago when my children were younger, my wife found a great deal on LeapFrog games at Toys R Us. She purchased about 10 or 12 of each game and went onto eBay and listed them for their MSRP. We had one buyer who purchased the a game, paid via PayPal, and we sent her the game. She signed for it, which was captured via USPS, but informed PayPal that she never received it. PayPal refused to acknowledge the signature. I was out $40.

    I was pissed.

    Brian Klauss <-> Dream Master
    Caught in a Dream | caughtinadream.com a Synchronet BBS

    ---
    þ Synchronet þ Caught in a Dream - caughtinadream.com
  • From Ogg@VERT/CAPCITY2 to poindexter FORTRAN on Sunday, February 21, 2021 20:27:00
    Hello poindexter FORTRAN!

    ** On Sunday 21.02.21 - 07:58, poindexter FORTRAN wrote to Dream Master:

    PayPal bit me when I had an eBay auction go sour. I shipped
    a working camera. The buyer didn't pay for insurance and
    sent the payment to an address of mine that PayPal wasn't
    linked to (and wasn't on the auction). So, he was pissed
    for the delay and threatening to sue.

    How could have the buyer used an address (and I assume you mean
    email address) that you did not link up? I mean, PP has BUY NOW
    and PAY NOW buttons and those are all tied to YOU. How can the
    buyer pay using another email address purportedly yours?

    But why did the buyer complain about a delay? Is it because
    payment didn't go through eBay the first time and therefore you
    didn't ship it until it did?

    Camera arrived, he opened it up, tested it, and found it to
    be DOA (or broke it himself). Then instead of contacting
    me, contacted UPS and told them that he hadn't ordered it.

    But that can be disproved by your records and the destination
    address - all documented on eBay.

    UPS charged me for return shipping and PayPal deducted the
    price of the camera and double-shipping. After an
    exhaustive investigation, they ruled for the buyer, and
    took weeks to refund me the second shipping charge.

    Sorry to hear about the mixup and the bad experience. But
    usually the credit card company will side with the buyer. Things
    were stacked against you at the onset. :(


    --- OpenXP 5.0.49
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Ogg@VERT/CAPCITY2 to Dream Master on Monday, February 22, 2021 06:53:00
    Hello Dream Master!

    ** On Sunday 21.02.21 - 21:23, Dream Master wrote to poindexter FORTRAN:

    ...We had one buyer who purchased the a game, paid via
    PayPal, and we sent her the game. She signed for it, which
    was captured via USPS, but informed PayPal that she never
    received it. PayPal refused to acknowledge the signature.
    I was out $40.

    I was pissed.

    No kidding. But how could anyone ignore the fact that the
    product was delivered and signed for?


    --- OpenXP 5.0.49
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Dream Master@VERT/CIAD to Ogg on Monday, February 22, 2021 08:12:08
    Re: watch out
    By: Ogg to Dream Master on Mon Feb 22 2021 06:53 am

    No kidding. But how could anyone ignore the fact that the
    product was delivered and signed for?

    That's the problem with PayPal; they will always side with the buyer as money was tendered and in my opinion, PayPal reaped some miniscule transaction fee.

    I provided a PDF of the signature.

    I provided the tracking information.

    Nope. I got screwed.

    Brian Klauss <-> Dream Master
    Caught in a Dream | caughtinadream.com a Synchronet BBS

    ---
    þ Synchronet þ Caught in a Dream - caughtinadream.com
  • From Nightfox@VERT/DIGDIST to Dream Master on Monday, February 22, 2021 08:33:24
    Re: Re: watch out
    By: Dream Master to poindexter FORTRAN on Sun Feb 21 2021 09:23 pm

    Some years ago when my children were younger, my wife found a great deal on LeapFrog games at Toys R Us. She purchased about 10 or 12 of each game and went onto eBay and listed them for their MSRP. We had one buyer who purchased the a game, paid via PayPal, and we sent her the game. She signed for it, which was captured via USPS, but informed PayPal that she never received it. PayPal refused to acknowledge the signature. I was out $40.

    I was pissed.

    Generally I've had good luck as a seller on eBay. One time I sold a laptop on eBay, and I shipped it via UPS and got shipping insurance through UPS. The buyer claimed the laptop was damaged and sent a photo of the laptop with a cracked screen. So I went to UPS to let them know and file a claim on the shipping insurance. UPS wanted to contact the buyer and wanted a phone number, so I asked for the buyer's phone number on eBay. It took him a while to respond, and when he did finally give a phone number, UPS said they tried to call and he didn't answer. The buyer was acting a bit sketchy, and eventually filed a claim against me on eBay. After eBay reviewed the conversation history, eBay ruled in my favor.

    Another time, I sold a DVD movie on eBay, and the buyer claimed the DVD wouldn't play, and he asked for a refund and left negative feedback. I thought it was weird, because the DVD was fine. Something about it seemed odd, so I talked to eBay customer support, and they said they had seen that before and they called it 'feedback extortion'. eBay removed the negative feedback from my profile. The buyer returned the DVD, although they only returned the disc without the DVD case, which I was pissed about.. Made me wonder what they did with the case.. Maybe they had their own copy of the DVD without the case and wanted to replace the case? I dunno..

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
  • From Ogg@VERT/CAPCITY2 to poindexter FORTRAN on Wednesday, February 24, 2021 21:08:00
    Hello poindexter FORTRAN!

    ** On Friday 19.02.21 - 06:37, poindexter FORTRAN wrote to Ogg:

    With employment agreements, as well. I had a friend who'd redline
    anything he didn't want in there, and asked to speak to corporate counsel when someone told him it wasn't allowed.

    [...]

    I did the same thing. The wording that irked me was something
    aking to "will not work in the same field of work with a
    competitor for 3 years following termination" ..or something
    like that. So, I crossed that out.

    Some headhunters gave me that tip.


    --- OpenXP 5.0.49
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Bob Roberts@VERT/HOVAL to Ogg on Thursday, February 25, 2021 15:55:52
    Re: watch out
    By: Ogg to Bob Roberts on Thu Feb 18 2021 09:57 pm

    So if the real you called from a new phone, then the alert can
    go to the now non-existant (previous/old) phone number and
    therefore wouldn't matter? OK.

    Correct. As it should. Because the "new me" may not be me at all, but someone pretending to be me. It's the same as when you change your address or phone number with a bank or credit card. Typically that type of change is a big indicator of possible fraud. And so the Bank will email both your old and new email, or mail your old and new address a confirmation. So if it was changed improperly, you will be notified.

    But techincally, how could the actual phone alert be tied into
    the phone system? I can see how such an alert can work when
    visiting websites, detecting failed logins, and getting alerts.
    But I don't think there even exists a way to alert you if
    someone just happened to call the bank and mention your name.

    When you call customer service, the agent must authenticate you in the system in order to pull up your details. The act of authneticating you would send a notification that customer service has accessed your account details. It's not about "mentioning" your name. Banks don't run off of mentions, they run off computers.

    If you expect to get a text message for every authentication
    attempt, the clerk/person on the other end would need to
    activate a "send text alert" button or something. That extra
    technology probably doesn't even exist on their systems.

    It wouldn't be the job of the clerk, it would be the job of the developers that work for the bank and maintain their systems to add the code. Banks roll out new features all the time. Thats why their banking apps and websites are always changing.

    I get text alerts when my balance falls below a certain amount,
    and when a significant payment goes through. Although the info

    It would if that notification indicated a payment you didn't authorize.

    But the problem is how does the sending of the text message get activated? Does the customer service agent have a big red button
    on their desk?

    It would happen automatically the second they authenticated you in their system and accessed your account details. Phone systems and computers are integrated in customer service centers. The phone system probably is their computer and they use a soft-client and headset. When they answer a call, the caller info is already on their screen. They ask you the autentication questions and then they are in your account. System code would then execute the notification.

    Bob Roberts

    ---
    þ Synchronet þ Halls of Valhalla =San=Francisco= hovalbbs.com:2333
  • From poindexter FORTRAN@VERT/REALITY to Ogg on Thursday, February 25, 2021 05:56:00
    Ogg wrote to poindexter FORTRAN <=-

    I did the same thing. The wording that irked me was something
    aking to "will not work in the same field of work with a
    competitor for 3 years following termination" ..or something
    like that. So, I crossed that out.

    Some headhunters gave me that tip.


    Where are you? In California, non-competes have been shot down in court several times.


    ... Do nothing for as long as possible
    --- MultiMail/DOS v0.52
    þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org
  • From Ogg@VERT/CAPCITY2 to poindexter FORTRAN on Saturday, February 27, 2021 08:31:00
    Hello poindexter FORTRAN!

    ** On Thursday 25.02.21 - 05:56, poindexter FORTRAN wrote to Ogg:

    .."will not work in the same field of work with a
    competitor for 3 years following termination" ..or
    something like that. So, I crossed that out.

    Where are you? In California, non-competes have been shot
    down in court several times.

    In my case, that was in the late 80s. Canada.

    And yes.. the proper term for the thing was non-competitor
    clause. A friend who was already working for that company also
    mentioned to me to cross that part out. There were other parts
    of the contract I aske about too. I think it was part of a test
    to see who was paying attention to details - much what my job
    would have required.

    --- OpenXP 5.0.49
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP