Snip:
In his paper (.pdf), Soghoian highlights several approaches perfected by the credit hackers.
In one ploy, the consumer generates a massive amount of quick credit by carefully timing simultaneous applications from different lenders. This takes advantage of the fact that it takes several days for an inquiry to appear on a consumer’s credit report, leaving issuing banks blind to the parallel applications.
“If a consumer submits a large number of credit card applications within a short period of time (hours, not days), it is often possible for each application to be approved before the first inquiry has shown up on the individual’s report,” he writes, adding that this dodge has been used to secure several mortgages for a single property.
Credit hackers with a solid credit rating can use the loophole to garner dozens of credit cards, and through more complicated chicanery they can take advantage of special offers to get relatively small amounts of free money, or obtain sizable cash loans with zero interest.
Another technique is a credit-reporting version of a hacker’s buffer-overflow attack. Two of the three major credit-reporting agencies – Equifax and Transunion – store the public record of credit inquires in a buffer of a fixed size. If one uses a paid credit-monitoring service, and requests to see their reports daily, inquiries from lenders move out of the buffer, scrubbing the profile of evidence of declined applications — a red flag for lenders.
“Reports on the size of the buffer vary, but it seems to take between two to four months of daily soft inquiries to completely cycle through the buffer and erase all of the old inquiries,” he writes.
On the DefCon speaking schedule, Soghoian’s presentation on credit hacking lists him only as an “anonymous speaker” — he says he feared the banks might try to block his presentation, set for 4 p.m. Pacific time.
“I don’t want to be like the MIT students last year,” Soghoian said in a telephone interview.
But Soghoian has reason to be paranoid. He was famously raided by the FBI in 2006 after highlighting a known loophole in airport security by creating a website that allowed anyone to easily create fake boarding passes that would fool TSA officials.
http://www.wired.com/threatlevel/2009/07/game-the-creditmarket/
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
