Mitnick had so many stories that entranced the people around him. I heard one second hand of Mitnick dealing with a bank who had early voice verification software. Upon meeting the CEO he gave the executive his card and departed for the evening. Arriving back at his hotel, he called the CEO and asked him to read his phone number to him. The phone number contained all ten digits which Mitnick had neatly tape recorded so as to make the CEO’s voice reproducible. He then proceeded to use the bank’s vocal banking system to transfer $1 from the CEO’s account to his as the authentication mechanism was reading out your own account number in your voice.
When Mitnick arrived back in the board room the architect of the voice verification system was crestfallen and the bank CEO delivered a check on a silver platter.
Now how much of that tale is embellished I will never know as it was second hand, but that was the kind of whimsy Mitnick brought to our world.
Rest in Power.
Welcome to the american banking system.
The account number should be just an ID, not authentication mechanism.
Right? One of the many things (and I mean this without any hate whatsoever) I simply can't and will never understand about the US. A bank account number is your mailbox for receiving money. How does that country even operate when they build those mailboxes underground?
(Using a check, the very infrastructure we’ve been talking about!!)
I only send and receive money with Google/Apple Pay & PayPal at this point. This flow is reasonable (every transaction is authorised in a trusted location (ie: PayPal). Further transactions are impossible without additional authorization). It boggles my mind that banks & CC companies haven't made some standard for this. Would save them so much money in fraud protection.
Oh that’s easy enough. If they need a PIN it’s actually being run as a debit card over the debit card network. Otherwise it’s being run as a “check card” over the credit card network (with higher fees and better consumer protections). It’s just backed with money instead of a line of credit.
> Why do online stores need my name and address, but IRL ones do not?
IRL stores have access to the actual card (with your name) and having this artifact present makes it much less likely that you are a fraudulent fraudster committing fraud, so the processors are willing to take it.
> How can restaurants swipe my card now and charge me later?
the good news is if the store ever defrauds you, everyone knows where to find the store! Unlike fraudsters making purchases.