Hacker News new | past | comments | ask | show | jobs | submit login

The story ends inconclusively. I was expecting to know what the bank's reaction was or if they ever addressed these issues.



Also, aren't the checks worthless at that point, since they've already been cashed?


Yes, It's pretty difficult to deposit check images in bulk for other people's accounts.

There's still a privacy issue, and if he ran OCR on them, he'd have a bunch of account numbers, which would also be bad.


No, of course they aren't worthless. They give you the routing number, account number, and next check number in order to print your own fake checks on other people's accounts.


Sure, there is some value in the information printed on the checks, but they're worthless because they can't be redeemed as they've already been redeemed. These checks cannot be "stolen" for "millions" contrary to the title.


The checks disclose 100% of the information that is needed to write new checks against the accounts. Those accounts could be completely drained from this. That accords with the title.


Are you saying that if somebody writes me a check, I can drain their account by writing new checks?

How would that not be super abused in the wild ?


That is exactly the case.


Kind of depends. In addition to using using them to forge more checks (as discussed in a sibling comment), if you pull them in real time, you can race to cash them first, and you can sometimes present the same check multiple times and get it cashed.

Of course, any of those options are going to end up with transactions reversed eventually, so you've got to have a quick exit planned.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: