h a l f b a k e r ynon-lame halfbakery tagline
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Working at an in-coming call center, I get a lot of people calling frequently in an attempt to place multiple orders, using stolen Social Security Numbers. For instance, I took 6 calls from the same guy yesterday trying to place an order. Every time I ran the credit check, the system rejected the SSN
he
provided. Occasionally, these people manage to get an order placed this way, simply by submitting so many SSNs that one finally slips through a crack in the system. I know that nobody can have more than one SSN. Unfortunately, the law prevents me from telling the guy to stop calling because I know he's lying. Usually, I hang up on these people. If I see their number show up on the incoming call list, I dismiss it. This only works until they call another department and get transferred to my department.
And I won't even go into all the fraudulent orders placed online using this method of saturating the system.
What I want is a "3 strikes, you're out!" system. If 3 orders are attempted for a given name with different SSNs or credit cards, then a system-wide block is placed on whatever computer or phone number the person is calling from, so they are blocked from calling any department or from submitting any orders online. Everytime an order is submitted from a different phone or computer using that person's name or any SSN or Credit Card that has been attempted before, that phone or computer is blocked the first time.
There are 3 things required to place an order: SSN, name, and credit card. This simply blocks any order that uses any combination of any ID that has been flagged as fraudulent.
078-05-1120
http://www.ssa.gov/...ry/ssn/misused.html The most used Social Security Number of all time. [zen_tom, Dec 29 2006]
[link]
|
|
Seems like a plan. I'm surprised your management isn't interested in implementing such a blocking scheme to avoid fraud. |
|
|
I would bun this only because there needs to be some form of accountability when someone calls in. Granted it is easy to get free internet phone accounts where you call from your PC to any phone in the world however I am sure there are some nitwits dumb enough to call from a land line. |
|
|
This is an internal requirement, and would have to be implemented on a company-by-company basis.
|
|
|
However, it's pretty disconcerting that your company doesn't allow you to flag suspicious phone numbers. I would think it would be in your firm's best interest to do this (save money on fraudulent orders) and also contact the local law-enforcement with your suspicions that the person is using a stolen identity. |
|
|
This is a reasonably good idea. I suppose it will inevitably lead to criminals running through reams of phone numbers, in the same way spammers use multiple Email Addresses, but I suspect that using so many different phone lines will be suspicious in it's own right to some extent... and will push some of the small-time scammers out of business. |
|
|
I'm not really sure there is a policy in place as to what to do with identity thieves in most places. I tried to report someone trying to get info from me on the phone but no one seemed to want to do anything about it. (Police, Sheriff, Phone Co., etc.) |
|
|
Actually, Brau, when that happens, (we do have a fraud department) you are directed to bring your driver's license/state-issued I.D., Social Security Card, and a recent utility bill into a retail store, so one of our dealers can fax it into our fraud department and verify your indentity. We *do* have anti-fraud measures in place. The proposed idea is intended to reinforce those measures. |
|
|
I have a better idea, stop using SSNs as ID. They were never meant to be a form of identification. I've been advised by a security expert not to give mine out unless the person asking for it is a legitimate representitive of my bank or the SS agency itself. Even my credit union no longer uses the numbers for anything besides taxes. Used to be our account numbers were based on the ssn.
But I do like the idea of putting a stop to these fraudulent callers. |
|
|
How do you propose that we identify customers over the phone, then? The whole point of using a Social Security Number is for the customer's "Security". We require the SSN because it's easy for somebody to steal a driver's license. You're not supposed to keep your Social Security Card in your wallet/purse for that reason! The idea is that a SSN is *supposed* to be much harder for an identity thief to aquire. If you don't want to give it out, then buy from a retail store where we can verify you by photo I.D., not online or over the phone. |
|
|
Unfortunately, the fix you propose has the same flaw as the problem it purports to solve! The flaw: using an arbitrary number to authenticate the identity of a physical human being. (what about organizations and households where more than one person uses the phone.)
|
|
|
The real problem is there is a difference between *identification* and *authentication* ... ID numbers arent bad by themselves, the problem is when they are used to prove you are who you say you are. For that purpose, there should be something like a "personal shared secret" (many banks use this). The secret has *no other use than for authentication*. So things like teacher name or maiden name are not sufficient. |
|
|
We do call some customers, but they have to request that on their consumer statement with the Credit Bureau. Problem is, most of these people who requested that we call them before placing any orders aren't placing the order from home. They do it from a friend's house or on a different computer or while they're on vacation or a business trip, so they throw a tantrum when I tell them I can't process their order until they get home so I can call them at the number they provided with the Credit Bureau. It's something *they* requested in the first place, but that's not good enough for a lot of people. |
|
|
They shouldn't have let him use their phone to place a fraudulent order. While that may or may not be difficult for the phone's owner, I feel you are responsible for what your phone is used for. Just as if you let a friend borrow your car and he robs a gas station, you're going to be the first guy the police come looking for as an accomplice. I'd rather inconvenience one person than have another person have his credit wrecked. |
|
|
That sounds good, boysparks... almost *too* logical... + for your anno. |
|
| |