BPuhl’s Blog

A little bit of everything without actually being much of anything

Collection agencies….

Posted by BPuhl on April 10, 2009

I have had a few discussions recently at work about ways to make things more convenient.  Either convenient for our users (cloud services), convenient for our customers (single sign on), etc… 

But a one-two punch hit me, when I just had 2 close friends – both of whom have been impacted by the financial mess – have their identity attacked because something that had built in security controls (checks) was made to be more convenient (by phone), and in the process all of the controls were removed so my friends were vulnerable.

Really, I call it fraud, or identity theft, or just plain robbery…  But in both cases, the banks say that there are no laws against this:

My friend lost her job, and fell behind on payments.  She owed $1100 for this months rent, $4400 to a creditor that by this point had gone to a collection agency, and some other bills (credit cards, gas, electricity, etc…).  Through creative budgeting and working with parents, friends, and anyone else, she scraped together $5000 that she could use. 

With the new money available, she came up with the following plan:

   $1100 for rent
      900 for the other bills
      500 to the collection agency
      The rest to be used for the following months rent, payments, etc…

She called the collection agency, and agreed to pay them $500 now, and then set up a payment plan for the rest of the money.  That’s where the first mistake happened:  They wanted the payment as a “check by phone”.  So she voided a check, gave them the info, etc…

The collection agency first attempted to clear the check for the full $4400.  Because the money was in the account, the check cleared – of course, this meant that she couldn’t pay any of the other bills, or her rent, etc…  And she had already tapped out her friends, parents, etc…

You can imagine that the calls to the collection agency were like:  “Sorry, sucks to be you – we’ve got our money now”

The bank was equally useless:  “You gave them a check by phone, the money was in the account, they cleared it…Sucks to be you”

This was just completely ridiculous, but it shows that in the absence of standards or protocols, there is no shortage of people that will offer things for the sake of “convenience” which blow the hell out of “security”.  If you have to write a check and sign it, then you fill in the amount, etc…  modification of that is check fraud.  But those security controls went out the window when banks allowed people to do “checks by phone”, and there is absolutely nothing to prevent unscrupulous people from raping your bank account if you give them the information.

The second case is similar, but with a slight twist

My friend has slowly but surely been paying off debts that were racked up over a period of time, and has been working through one of those debt consolidation management companies.  Since she wasn’t getting the resolution that she needed from the company, she took back the money that was in their escrow account and started working with the collection agency independently.

On the first phone call, she had an $7,000 debt and worked with the agency to negotiate down to where they would accept $4300.  Seems like a good deal, so again, check by phone for $4300.

A couple of days later, she received a notice from the collection agency, indicating that they “Had an agreement for an initial payment of $4300”.  In other words, the deal they made on the phone was a lie, instead of negotiating the total, they just wanted an initial payment and were going to keep going after her for the remaining balance.

Ahhh…but the check by phone hadn’t cleared yet.

So a quick call to the bank, a $28.00 stop payment charge, and there was a stop-payment for that check before it cleared.

Good right?

Not so much.  2 days later, $4300 was withdrawn from the account anyway, by check #1001 (not the check number she gave them).  A long, convoluted, multi-transfer call back with the bank this time, and they could see where the initial check number had attempted to clear, been rejected (the stop payment), and then the company had re-submitted another check by phone with the different check number and got the money.

After several days of arguing, it’s still unclear whether the bank is going to say “Sorry, sux to be you” or if they are actually going to help.  I’m not holding my breath.

So again, the safety features around checks – being numbered, signed, amounts written (twice) – are all placed into the trusting hands of the least trustworthy person (the merchant that wants your money), and there is remarkably little recourse.  I suppose you could go get a lawyer, etc…  But during that time the money is gone, life still needs to be lived, and a lawyer is going to take 30% of whatever you get back anyway (or some amount of payment)…

All for the sake of convenience (to whom?)

There are better ways, one of which I really like.  I’ve had a credit card with CitiBank since college.  And many years ago, they came up with this idea of virtual account numbers for your credit card.  You can go to their website (or they have a downloadable application), and if you want to make a purchase, you can get a one-time use credit card number (with expiration and CVC) for that one purchase.  I haven’t used it in a while, but IIRC you can even specify the amount of the purchase you’re going to make (which is really the protection).  This is great, because the security of a credit card is handing the piece of plastic with the signature on the back to the person behind the register.  With online purchases, you can’t do that, so instead lets take the things which you can control (amount of purchase, usefulness of the number after it’s been used properly) and control those instead.  Reasonable mitigations.

This is the type of control that we’re going to need if we want to protect our resources in a more “convenient” (read: Online) world.

Advertisements

3 Responses to “Collection agencies….”

  1. Laura said

    Another common bank-by-phone nightmare, again propogated by the least-trusted individual in the chain (the merchant who wants your money): short of closing your checking acount and starting over, try stopping payment on monthly debit/monthly shipping arrangements with a less-than-reputable infomercial kind of thing. (The “Lose 30 pounds in 5 days with these magick pills!” variety.)

    On the one hand one might argue caveat emptor on that one, but still…

  2. Paypal has the virtual credit card thing too – you can do it on their site or via an IE toolbar. The cool thing here is that you can just back it with a bank account so there’s no actual credit card involved somewhere.

  3. David said

    Any update/good news on story #2?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: