From: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>
Date: Mon, 20 Jan 1997 09:15:19 -0800 (PST)
To: "cypherpunks" <cypherpunks@toad.com>
Subject: Re: Newt's phone calls
Message-ID: <199701201715.JAA13616@toad.com>
MIME-Version: 1.0
Content-Type: text/plain




Sean Roach <roach_s@alph.swosu.edu> wrote in article
<5bv7g8$fhl@life.ai.mit.edu>...
> At 03:44 PM 1/17/97 -0600, Igor Chudov wrote:

> 
> It is limited, both accounts have to have the same password, (four
> character, numeric.)  If I want to transfer funds from another persons
> account to one that I control, all I have to do is change the password on
> one of them to that of the other, transfer funds, and change the password
> back.  By the time that my victim found out, (via the little letter "per
> your request, $xxx was transferred to accnt#123456 from accnt#7890"), I
> would be long gone.

Depending on the country and bank you can probably perform almost
any transfer you like by fax. I moved my pension from one bank
to another simply by sending a fax. I have done similar transactions 
with Swiss, German and UK banks. 

For some reason the fax is considered to be a practically 
infallible authentication device. Quite why is beyond me since
it should be obvious to anyone that all one needs to fake a
fax is a photocopier, document signed by account holder, paste
and scissors. You get everything needed on a signed cheque.



	Phill.