#finance’s | Explore Tumblr Posts and Blogs

mostlysignssomeportents · 3 months

Text

How I got scammed

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/02/05/cyber-dunning-kruger/#swiss-cheese-security

I wuz robbed.

More specifically, I was tricked by a phone-phisher pretending to be from my bank, and he convinced me to hand over my credit-card number, then did $8,000+ worth of fraud with it before I figured out what happened. And then he tried to do it again, a week later!

Here's what happened. Over the Christmas holiday, I traveled to New Orleans. The day we landed, I hit a Chase ATM in the French Quarter for some cash, but the machine declined the transaction. Later in the day, we passed a little credit-union's ATM and I used that one instead (I bank with a one-branch credit union and generally there's no fee to use another CU's ATM).

A couple days later, I got a call from my credit union. It was a weekend, during the holiday, and the guy who called was obviously working for my little CU's after-hours fraud contractor. I'd dealt with these folks before – they service a ton of little credit unions, and generally the call quality isn't great and the staff will often make mistakes like mispronouncing my credit union's name.

That's what happened here – the guy was on a terrible VOIP line and I had to ask him to readjust his mic before I could even understand him. He mispronounced my bank's name and then asked if I'd attempted to spend $1,000 at an Apple Store in NYC that day. No, I said, and groaned inwardly. What a pain in the ass. Obviously, I'd had my ATM card skimmed – either at the Chase ATM (maybe that was why the transaction failed), or at the other credit union's ATM (it had been a very cheap looking system).

I told the guy to block my card and we started going through the tedious business of running through recent transactions, verifying my identity, and so on. It dragged on and on. These were my last hours in New Orleans, and I'd left my family at home and gone out to see some of the pre-Mardi Gras krewe celebrations and get a muffalata, and I could tell that I was going to run out of time before I finished talking to this guy.

"Look," I said, "you've got all my details, you've frozen the card. I gotta go home and meet my family and head to the airport. I'll call you back on the after-hours number once I'm through security, all right?"

He was frustrated, but that was his problem. I hung up, got my sandwich, went to the airport, and we checked in. It was total chaos: an Alaska Air 737 Max had just lost its door-plug in mid-air and every Max in every airline's fleet had been grounded, so the check in was crammed with people trying to rebook. We got through to the gate and I sat down to call the CU's after-hours line. The person on the other end told me that she could only handle lost and stolen cards, not fraud, and given that I'd already frozen the card, I should just drop by the branch on Monday to get a new card.

We flew home, and later the next day, I logged into my account and made a list of all the fraudulent transactions and printed them out, and on Monday morning, I drove to the bank to deal with all the paperwork. The folks at the CU were even more pissed than I was. The fraud that run up to more than $8,000, and if Visa refused to take it out of the merchants where the card had been used, my little credit union would have to eat the loss.

I agreed and commiserated. I also pointed out that their outsource, after-hours fraud center bore some blame here: I'd canceled the card on Saturday but most of the fraud had taken place on Sunday. Something had gone wrong.

One cool thing about banking at a tiny credit-union is that you end up talking to people who have actual authority, responsibility and agency. It turned out the the woman who was processing my fraud paperwork was a VP, and she decided to look into it. A few minutes later she came back and told me that the fraud center had no record of having called me on Saturday.

"That was the fraudster," she said.

Oh, shit. I frantically rewound my conversation, trying to figure out if this could possibly be true. I hadn't given him anything apart from some very anodyne info, like what city I live in (which is in my Wikipedia entry), my date of birth (ditto), and the last four digits of my card.

Wait a sec.

He hadn't asked for the last four digits. He'd asked for the last seven digits. At the time, I'd found that very frustrating, but now – "The first nine digits are the same for every card you issue, right?" I asked the VP.

I'd given him my entire card number.

Goddammit.

The thing is, I know a lot about fraud. I'm writing an entire series of novels about this kind of scam:

https://us.macmillan.com/books/9781250865878/thebezzle

And most summers, I go to Defcon, and I always go to the "social engineering" competitions where an audience listens as a hacker in a soundproof booth cold-calls merchants (with the owner's permission) and tries to con whoever answers the phone into giving up important information.

But I'd been conned.

Now look, I knew I could be conned. I'd been conned before, 13 years ago, by a Twitter worm that successfully phished out of my password via DM:

https://locusmag.com/2010/05/cory-doctorow-persistence-pays-parasites/

That scam had required a miracle of timing. It started the day before, when I'd reset my phone to factory defaults and reinstalled all my apps. That same day, I'd published two big online features that a lot of people were talking about. The next morning, we were late getting out of the house, so by the time my wife and I dropped the kid at daycare and went to the coffee shop, it had a long line. Rather than wait in line with me, my wife sat down to read a newspaper, and so I pulled out my phone and found a Twitter DM from a friend asking "is this you?" with a URL.

Assuming this was something to do with those articles I'd published the day before, I clicked the link and got prompted for my Twitter login again. This had been happening all day because I'd done that mobile reinstall the day before and all my stored passwords had been wiped. I entered it but the page timed out. By that time, the coffees were ready. We sat and chatted for a bit, then went our own ways.

I was on my way to the office when I checked my phone again. I had a whole string of DMs from other friends. Each one read "is this you?" and had a URL.

Oh, shit, I'd been phished.

If I hadn't reinstalled my mobile OS the day before. If I hadn't published a pair of big articles the day before. If we hadn't been late getting out the door. If we had been a little more late getting out the door (so that I'd have seen the multiple DMs, which would have tipped me off).

There's a name for this in security circles: "Swiss-cheese security." Imagine multiple slices of Swiss cheese all stacked up, the holes in one slice blocked by the slice below it. All the slices move around and every now and again, a hole opens up that goes all the way through the stack. Zap!

The fraudster who tricked me out of my credit card number had Swiss cheese security on his side. Yes, he spoofed my bank's caller ID, but that wouldn't have been enough to fool me if I hadn't been on vacation, having just used a pair of dodgy ATMs, in a hurry and distracted. If the 737 Max disaster hadn't happened that day and I'd had more time at the gate, I'd have called my bank back. If my bank didn't use a slightly crappy outsource/out-of-hours fraud center that I'd already had sub-par experiences with. If, if, if.

The next Friday night, at 5:30PM, the fraudster called me back, pretending to be the bank's after-hours center. He told me my card had been compromised again. But: I hadn't removed my card from my wallet since I'd had it replaced. Also, it was half an hour after the bank closed for the long weekend, a very fraud-friendly time. And when I told him I'd call him back and asked for the after-hours fraud number, he got very threatening and warned me that because I'd now been notified about the fraud that any losses the bank suffered after I hung up the phone without completing the fraud protocol would be billed to me. I hung up on him. He called me back immediately. I hung up on him again and put my phone into do-not-disturb.

The following Tuesday, I called my bank and spoke to their head of risk-management. I went through everything I'd figured out about the fraudsters, and she told me that credit unions across America were being hit by this scam, by fraudsters who somehow knew CU customers' phone numbers and names, and which CU they banked at. This was key: my phone number is a reasonably well-kept secret. You can get it by spending money with Equifax or another nonconsensual doxing giant, but you can't just google it or get it at any of the free services. The fact that the fraudsters knew where I banked, knew my name, and had my phone number had really caused me to let down my guard.

The risk management person and I talked about how the credit union could mitigate this attack: for example, by better-training the after-hours card-loss staff to be on the alert for calls from people who had been contacted about supposed card fraud. We also went through the confusing phone-menu that had funneled me to the wrong department when I called in, and worked through alternate wording for the menu system that would be clearer (this is the best part about banking with a small CU – you can talk directly to the responsible person and have a productive discussion!). I even convinced her to buy a ticket to next summer's Defcon to attend the social engineering competitions.

There's a leak somewhere in the CU systems' supply chain. Maybe it's Zelle, or the small number of corresponding banks that CUs rely on for SWIFT transaction forwarding. Maybe it's even those after-hours fraud/card-loss centers. But all across the USA, CU customers are getting calls with spoofed caller IDs from fraudsters who know their registered phone numbers and where they bank.

I've been mulling this over for most of a month now, and one thing has really been eating at me: the way that AI is going to make this kind of problem much worse.

Not because AI is going to commit fraud, though.

One of the truest things I know about AI is: "we're nowhere near a place where bots can steal your job, we're certainly at the point where your boss can be suckered into firing you and replacing you with a bot that fails at doing your job":

https://pluralistic.net/2024/01/15/passive-income-brainworms/#four-hour-work-week

I trusted this fraudster specifically because I knew that the outsource, out-of-hours contractors my bank uses have crummy headsets, don't know how to pronounce my bank's name, and have long-ass, tedious, and pointless standardized questionnaires they run through when taking fraud reports. All of this created cover for the fraudster, whose plausibility was enhanced by the rough edges in his pitch - they didn't raise red flags.

As this kind of fraud reporting and fraud contacting is increasingly outsourced to AI, bank customers will be conditioned to dealing with semi-automated systems that make stupid mistakes, force you to repeat yourself, ask you questions they should already know the answers to, and so on. In other words, AI will groom bank customers to be phishing victims.

This is a mistake the finance sector keeps making. 15 years ago, Ben Laurie excoriated the UK banks for their "Verified By Visa" system, which validated credit card transactions by taking users to a third party site and requiring them to re-enter parts of their password there:

https://web.archive.org/web/20090331094020/http://www.links.org/?p=591

This is exactly how a phishing attack works. As Laurie pointed out, this was the banks training their customers to be phished.

I came close to getting phished again today, as it happens. I got back from Berlin on Friday and my suitcase was damaged in transit. I've been dealing with the airline, which means I've really been dealing with their third-party, outsource luggage-damage service. They have a terrible website, their emails are incoherent, and they officiously demand the same information over and over again.

This morning, I got a scam email asking me for more information to complete my damaged luggage claim. It was a terrible email, from a noreply@ email address, and it was vague, officious, and dishearteningly bureaucratic. For just a moment, my finger hovered over the phishing link, and then I looked a little closer.

On any other day, it wouldn't have had a chance. Today – right after I had my luggage wrecked, while I'm still jetlagged, and after days of dealing with my airline's terrible outsource partner – it almost worked.

So much fraud is a Swiss-cheese attack, and while companies can't close all the holes, they can stop creating new ones.

Meanwhile, I'll continue to post about it whenever I get scammed. I find the inner workings of scams to be fascinating, and it's also important to remind people that everyone is vulnerable sometimes, and scammers are willing to try endless variations until an attack lands at just the right place, at just the right time, in just the right way. If you think you can't get scammed, that makes you especially vulnerable:

https://pluralistic.net/2023/02/24/passive-income/#swiss-cheese-security

Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg

CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en

#pluralistic #social engineering #phishing #ai #swiss cheese security #infosec #finance #fraud #carding

10K notes · View notes

mokeonn · 9 months

Text

"But if college was free, then people would abuse that and get useless degrees" hell yeah I would! If I could go to college without debt I would make it my job to get a degree in every little thing that interested me. I'd get a doctorate in film studies. I'd have a bachelor's degree for every science I like. I'd try to learn at least 5 languages with varying results. I would learn something "useful" like coding and then follow it up with a ""useless"" degree like art history. I'd be the world record speed run holder for getting every degree possible.

But I can't afford college without going into massive debt, so instead I spent the last 5 years trying to figure out what I am passionate enough about to consider going into debt over, because unfortunately being passionate about everything is extremely expensive to pursue.

#simon says #i love learning so much and I hate the USA's college debt system #once they make that shit free I will be unstoppable #this topic sprung up because I had the idea that im very academic and annoyingly analytical that I might as well get a degree in it #because without a degree you just seem like an autistic asshole #but with a degree? then you look like a CREDIBLE autistic asshole #don't worry I will still learn but I still want that funky piece of paper to tell everyone I learnt it #also there's some things that are VERY difficult to learn #like I would love to persue this topic further but unfortunately I would need help with that #also before you say 'try taking [blank] classes instead! it's less expensive than a degree!' im broke #my only learning resource is the library sorry about that #also this is not the post to give me unwarranted financial advice #finances are one of the topics I DO NOT care about and I WILL NOT listen to a word you say

17K notes · View notes

softlyfiercely · 1 year

Text

DO NOT VOLUNTEER TO BE A CO-SIGNER OR GUARANTOR FOR SOMEONE ON TUMBLR.

I just saw a 'mutual aid' post going around where instead of asking for donations, the person was asking someone to be a "guarantor" - also known as a "co-signer" - for their rent.

DO NOT DO THIS.

I am all for mutual aid. I think credit scores are a scam designed to fuck poor people. I get it. I do. BUT. Being a guarantor/co-signer for someone basically means that if they don't pay what they owe, for whatever reason, their landlord, bank, creditors, etc. can and will come after you for the full amount.

It seems like such an easy way to help someone. You don't need to pay any money, just lend them your name and good reputation so they can get permission to borrow and spend their own money. It feels like you're getting one over on the shitty capitalist system and using your privilege of good credit/income to help someone else.

But it is a HUGE risk. Do not do this. All it does is give that shitty system more ways to get their hooks into you and create tons of problems for you down the line.

You can really fuck yourself over in the long run by getting tangled up in a financial situation like this. Even co-signing for someone in your life who you trust, like a sibling or a parent, can be really risky. No matter how much you trust someone not to purposefully leave you holding the bag, now you're on the hook if they end up with financial problems neither of you anticipated.

Do not co-sign for another person's loan, car, rent, etc. unless you are able and prepared to pay the full amount or subject yourself to the mercy of whatever that person gets themselves into.

ESPECIALLY do not do this for someone on the internet, where scams are rife. Do not share your personal information with people online and NEVER allow someone else to use your personal information for their finances.

Here is an article with more information.

#signal boost #mutual aid #personal finance #financial literacy #scams

19K notes · View notes

fiercynn · 22 days

Text

on ao3's current fundraiser

apparently it’s time for ao3’s biannual donation drive, which means it’s time for me to remind you all, that regardless of how much you love ao3, you shouldn’t donate to them because they HAVE TOO MUCH MONEY AND NO IDEA WHAT TO DO WITH IT.

we’ve known for years that ao3 – or, more specifically, the organization for transformative works (@transformativeworks on tumblr), or otw, who runs ao3 and other fandom projects – has a lot of money in their “reserves” that they had no plans for. but in 2023, @manogirl and i did some research on this, and now, after looking at their more recent financial statements, i’ve determined that at the beginning of 2024, they had almost $2.8 MILLION US DOLLARS IN SURPLUS.

our full post last year goes over the principles of how we determined this, even though the numbers are for 2023, but the key points still stand (with the updated numbers):

when we say “surplus”, we are not including money that they estimate they need to spend in 2024 for their regular expenses. just the extra that they have no plan for

yes, nonprofits do need to keep some money in reserves for emergencies; typically, nonprofits registered in the u.s. tend to keep enough to cover between six months and two years of their regular operating expenses (meaning, the rough amount they need each month to keep their services going). $2.8 million USD is enough to keep otw running for almost FIVE YEARS WITHOUT NEW DONATIONS

they always overshoot their fundraisers: as i’m posting this, they’ve already raised $104,751.62 USD from their current donation drive, which is over double what they’ve asked for! on day two of the fundraiser!!

no, we are not trying to claim they are embezzling this money or that it is a scam. we believe they are just super incompetent with their money. case in point: that surplus that they have? only earned them $146 USD in interest in 2022, because only about $10,000 USD of their money invested in an interest-bearing account. that’s the interest they earn off of MILLIONS. at the very least they should be using this extra money to generate new revenue – which would also help with their long-term financial security – but they can’t even do that

no, they do not need this money to use if they are sued. you can read more about this in the full post, but essentially, they get most of their legal services donated, and they have not, themselves, said this money is for that purpose

i'm not going to go through my process for determining the updated 2024 numbers because i want to get this post out quickly, and otw actually had not updated the sources i needed to get these numbers until the last couple days (seriously, i've been checking), but you can easily recreate the process that @manogirl and i outlined last year with these documents:

otw’s 2022 audited financial statement, to determine how much money they had at the end of 2022

otw’s 2024 budget spreadsheet, to determine their net income in 2023 and how much they transferred to and from reserves at the beginning of 2024

otw’s 2022 form 990 (also available on propublica), which is a tax document, and shows how much interest they earned in 2022 (search “interest” and you’ll find it in several places)

also, otw has not been accountable to answering questions about their surplus. typically, they hold a public meeting with their finance committee every year in september or october so people can ask questions directly to their treasurer and other committee members; as you can imagine, after doing this deep dive last summer, i was looking forward to getting some answers at that meeting!

but they cancelled that meeting in 2023, and instead asked people to write to the finance committee through their contact us form online. fun fact: i wrote a one-line message to the finance committee on may 11, 2023 through that form, when @manogirl and i were doing this research, asking them for clarification on how much they have in their reserves. i have still not received a response.

so yeah. please spend your money on people who actually need it, like on mutual aid requests! anyone who wants to share their mutual aid requests, please do so in the replies and i’ll share them out – i didn’t want to link directly to individual requests without permission in case this leads to anyone getting harassed, but i would love to share your requests. to start with, here's operation olive branch and their ongoing spreadsheet sharing palestinian folks who need money to escape genocide.

oh, and if you want to write to otw and tell them why you are not donating, i'm not sure it’ll get any results, but it can’t hurt lol. here's their contact us form – just don’t expect a response! ¯\_(ツ)_/¯

#ao3 #otw #archive of our own #organization for transformative works #ao3 is not your savior #and they don't need your money #otw finances

3K notes · View notes

incognitopolls · 2 months

Text

We ask your questions so you don’t have to! Submit your questions to have them posted anonymously as polls.

#polls #incognito polls #anonymous #tumblr polls #tumblr users #questions #miscellaneous polls #submitted nov 28 #finances #personal finance #money

4K notes · View notes

petnews2day · 11 months

Text

Managing Finances: Budgeting for a Dog Amidst a Cost of Living Crisis

New Post has been published on https://petn.ws/dWxLz

Managing Finances: Budgeting for a Dog Amidst a Cost of Living Crisis

Introduction In the face of a cost of living crisis, managing finances becomes a critical task. This challenge is even more pronounced for pet owners, particularly those with dogs. Dogs, as we know, are more than just pets; they are family. Therefore, ensuring their needs are met without compromising our financial stability is of utmost […]

See full article at https://petn.ws/dWxLz #DogGuides #Amidst, #Budgeting, #Cost, #Crisis, #Dog, #FinanceS, #For, #Guides, #Living, #Managing, #News

#amidst #budgeting #cost #crisis #dog #finance’s #for #guides #living #managing #news #Dog Guides

0 notes

theminecraftbee · 30 days

Text

[image ID: Hermitcraft X Gamer's Outreach Charity Stream & Auction, April 6/7 at 11 AM ET. A number of other time zones are listed as well (1 AM AEST, 5 PM EET, 4 PM CET, 4 PM BST, 12 AM BRT, 11 AM ET, 10 AM CT, 8 AM PT). /end ID]

START SPREADING THE NEWS! a new hermitcraft charity stream, this time also a charity auction... i wonder what will be for sale.

#hermitcraft #me staring at my finances: surely.

2K notes · View notes

nyancrimew · 3 months

Text

with the end of the month slowly coming up again i am once again unfortunately already broke again and still somewhat in debt, really hoping to get out of that and get a stable enough income to allow me to stay out of debt for the future (i currently make about 1k a month which is very very little for trying to survive in switzerland esp as i currently support myself and a roommate pretty much alone (and currently leaves me somewhat financially dependent on my parents as well which im not gonna be able to be forever), goal for the end of this year is a stable 2k) anything really helps, but the subscription option helps me the most with stability and ability to budget (also i'll hopefully soon manage to give my subscribers actual special benefits).

i hate asking for money so often especially as i haven't put out a new article in quite a while now, but that will change again soon (i have various things in my pipeline and also non text content coming up soon!), and it is the supporters on ko-fi that let me do all the work i do <3

#maia arson crimew #donations #fundraiser #mutual aid #im so sorry #personal finances #also paypal option is disabled as i currently have no way of getting #paypal money to my bank account

2K notes · View notes

canisalbus · 6 months

Note

Giordano please! I want to see him and young Machete.

Giordano di Calabria, the future Archbishop of Naples, and his good-for-nothing apprentice.

#own art #own characters #CanisAlbus #Machete #Giordano di Calabria #fic Separation #anonymous #answered #Machete's former mentor and the closest he's had to a father figure #highly esteemed character in his circles #pious short tempered and heavyhanded man #he financed Machete's further studies when he was made an archbishop #but then grew to resent him when Machete surpassed him and became a cardinal #from tiny shrimpy kid to spindly and haggard adult

4K notes · View notes

catfindr · 2 months

Text

#petfinder #catfinder #cat #kitten #kitty #karen from finance #tx #texas #submission #1k

2K notes · View notes

theambitiouswoman · 5 months

Text

Basic Financial Rules To Live By 💰✨

Create a plan that shows how much money you get and how much you spend. This helps you see where your money goes.

Set aside a part of your money as savings. Try to save at least 10-20% of what you earn.

Be careful with borrowing money, especially if you have to pay back a lot of extra money (interest).

Save some money for unexpected things like medical bills or losing your job. Aim to have enough to cover your living costs for a few months.

Put your saved money into different things that can make it grow, like stocks or real estate. Be patient, as it takes time.

Don't spend more money than you make. Stick to buying what you really need, not just what you want.

Decide what you want to do with your money, both in the short term (like a vacation) and long term (like retirement).

Set up automatic transfers to your savings and bills so you don't forget to save or pay your bills on time.

Make saving money a top priority before spending on other things.

Regularly look at your money situation, adjust your plan as needed, and see how your investments are doing.

Pay your bills on time and use credit wisely (like credit cards) to keep a good credit score, which can help you get better deals on loans.

Save money for when you're older and don't work anymore. Use retirement accounts to help with this.

Think before you buy things. Don't buy something just because you want it; think if it's necessary.

Keep learning about how money works and how to make smart money choices.

Only use your emergency fund for real unexpected problems, not for things you just want to buy.

#financial planning #finance #investing #money #girl math #wealth #level up journey #it girl #dream girl #dream girl guide #dream girl tips #dream girl journey #that girl #becoming that girl #educate yourself #wealth mindset #growth mindset #success mindset

3K notes · View notes

mostlysignssomeportents · 9 months

Text

Paying consumer debts is basically optional in the United States

The vast majority of America's debt collection targets $500-2,000 credit card debts. It is a filthy business, operated by lawless firms who hire unskilled workers drawn from the same economic background as their targets, who routinely and grotesquely flout the law, but only when it comes to the people with the least ability to pay.

America has fairly robust laws to protect debtors from sleazy debt-collection practices, notably the Fair Debt Collection Practices Act (FDCPA), which has been on the books since 1978. The FDCPA puts strict limits on the conduct of debt collectors, and offers real remedies to debtors when they are abused.

But for FDPCA provisions to be honored, they must be understood. The people who collect these debts are almost entirely untrained. The people they collected the debts from are likewise in the dark. The only specialized expertise debt-collection firms concern themselves with are a series of gotcha tricks and semi-automated legal shenanigans that let them take money they don't deserve from people who can't afford to pay it.

There's no better person to explain this dynamic than Patrick McKenzie, a finance and technology expert whose Bits About Money newsletter is absolutely essential reading. No one breaks down the internal operations of the finance sector like McKenzie. His latest edition, "Credit card debt collection," is a fantastic read:

https://www.bitsaboutmoney.com/archive/the-waste-stream-of-consumer-finance/

McKenzie describes how a debt collector who mistook him for a different PJ McKenzie and tried to shake him down for a couple hundred bucks, and how this launched him into a life as a volunteer advocate for debtors who were less equipped to defend themselves from collectors than he was.

McKenzie's conclusion is that "paying consumer debts is basically optional in the United States." If you stand on your rights (which requires that you know your rights), then you will quickly discover that debt collectors don't have – and can't get – the documentation needed to collect on whatever debts they think you owe (even if you really owe them).

The credit card companies are fully aware of this, and bank (literally) on the fact that "the vast majority of consumers, including those with the socioeconomic wherewithal to walk away from their debts, feel themselves morally bound and pay as agreed."

If you find yourself on the business end of a debt collector's harassment campaign, you can generally make it end simply by "carefully sending a series of letters invoking [your] rights under the FDCPA." The debt collector who receives these letters will have bought your debt at five cents on the dollar, and will simply write it off.

By contrast, the mere act of paying anything marks you out as substantially more likely to pay than nearly everyone else on their hit-list. Paying anything doesn't trigger forbearance, it invites a flood of harassing calls and letters, because you've demonstrated that you can be coerced into paying.

But while learning FDCPA rules isn't overly difficult, it's also beyond the wherewithal of the most distressed debtors (and people falsely accused of being debtors). McKenzie recounts that many of the people he helped were living under chaotic circumstances that put seemingly simple things "like writing letters and counting to 30 days" beyond their needs.

This means that the people best able to defend themselves against illegal shakedowns are less likely to be targeted. Instead, debt collectors husband their resources so they can use them "to do abusive and frequently illegal shakedowns of the people the legislation was meant to benefit."

Here's how this debt market works. If you become delinquent in meeting your credit card payments ("delinquent" has a flexible meaning that varies with each issuer), then your debt will be sold to a collector. It is packaged in part of a large spreadsheet – a CSV file – and likely sold to one of 10 large firms that control 75% of the industry.

The "mom and pops" who have the other quarter of the industry might also get your debt, but it's more likely that they'll buy it as a kind of tailings from one of the big guys, who package up the debts they couldn't collect on and sell them at even deeper discounts.

The people who make the calls are often barely better off than the people they're calling. They're minimally trained and required to work at a breakneck pace. Employee turnover is 75-100% annually: imagine the worst call center job in the world, and then make it worse, and make "success" into a moral injury, and you've got the debt-collector rank-and-file.

To improve the yield on this awful process, debt collection companies start by purging these spreadsheets of likely duds: dead people, people with very low credit-scores, and people who appear on a list of debtors who know their rights and are likely to stand on them (that's right, merely insisting on your rights can ensure that the entire debt-collection industry leaves you alone, forever).

The FDPCA gives you rights: for example, you have the right to verify the debt and see the contract you signed when you took it on. The debt collector who calls you almost certainly does not have that contract and can't get it. Your original lender might, but they stopped caring about your debt the minute they sold it to a debt-collector. Their own IT systems are baling-wire-and-spit Rube Goldberg machines that glue together the wheezing computers of all the companies they've bought over the last 25 years. Retrieving your paperwork is a nontrivial task, and the lender doesn't have any reason to perform it.

Debt collectors are bottom feeders. They are buying delinquent debts at 5 cents on the dollar and hoping to recover 8 percent of them; at 7 percent, they're losing money. They aren't "large, nationally scaled, hypercompetent operators" – they're shoestring operations that can only be viable if they hire unskilled workers and fail to train them.

They are subject to automatic damages for illegal behavior, but they still break the law all the time. As McKenzie writes, a debt collector will "commit three federal torts in a few minutes of talking to a debtor then follow up with a confirmation of the same in writing." A statement like "if you don’t pay me I will sue you and then Immigration will take notice of that and yank your green card" makes the requisite three violations: a false threat of legal action, a false statement of affiliation with a federal agency, and "a false alleged consequence for debt nonpayment not provided for in law."

If you know this, you can likely end the process right there. If you don't, buckle in. The one area that debt collectors invest heavily in is the automation that allows them to engage in high-intensity harassment. They use "predictive dialers" to make multiple calls at once, only connecting the collector to the calls that pick up. They will call you repeatedly. They'll call your family, something they're legally prohibited from doing except to get your contact info, but they'll do it anyway, betting that you'll scrape up $250 to keep them from harassing your mother.

These dialing systems are far better organized than any of the company's record keeping about what you owe. A company may sell your debt on and fail to keep track of it, with the effect that multiple collectors will call you about the same debt, and even paying off one of them will not stop the other.

Talking to these people is a bad idea, because the one area where collectors get sophisticated training is in emptying your bank account. If you consent to a "payment plan," they will use your account and routing info to start whacking your bank account, and your bank will let them do it, because the one part of your conversation they reliably record is this payment plan rigamarole. Sending a check won't help – they'll use the account info on the front of your check to undertake "demand debits" from your account, and backstop it with that recorded call.

Any agreement on your part to get on a payment plan transforms the old, low-value debt you incurred with your credit card into a brand new, high value debt that you owe to the bill collector. There's a good chance they'll sell this debt to another collector and take the lump sum – and then the new collector will commence a fresh round of harassment.

McKenzie says you should never talk to a debt collector. Make them put everything in writing. They are almost certain to lie to you and violate your rights, and a written record will help you prove it later. What's more, debt collection agencies just don't have the capacity or competence to engage in written correspondence. Tell them to put it in writing and there's a good chance they'll just give up and move on, hunting softer targets.

One other thing debt collectors due is robo-sue their targets, bulk-filing boilerplate suits against debtors, real and imaginary. If you don't show up for court (which is what usually happens), they'll get a default judgment, and with it, the legal right to raid your bank account and your paycheck. That, in turn, is an asset that, once again, the debt collector can sell to an even scummier bottom-feeder, pocketing a lump sum.

McKenzie doesn't know what will fix this. But Michael Hudson, a renowned scholar of the debt practices of antiquity, has some ideas. Hudson has written eloquently and persuasively about the longstanding practice of jubilee, in which all debts were periodically wiped clean (say, whenever a new king took the throne, or once per generation):

https://pluralistic.net/2020/03/24/grandparents-optional-party/#jubilee

Hudson's core maxim is that "debt's that can't be paid won't be paid." The productive economy will have need for credit to secure the inputs to their processes. Farmers need to borrow every year for labor, seed and fertilizer. If all goes according to plan, the producer pays off the lender after the production is done and the goods are sold.

But even the most competent producer will eventually find themselves unable to pay. The best-prepared farmer can't save every harvest from blight, hailstorms or fire. When the producer can't pay the creditor, they go a little deeper into debt. That debt accumulates, getting worse with interest and with each bad beat.

Run this process long enough and the entire productive economy will be captive to lenders, who will be able to direct production for follies and fripperies. Farmers stop producing the food the people need so they can devote their land to ornamental flowers for creditors' tables. Left to themselves, credit markets produce hereditary castes of lenders and debtors, with lenders exercising ever-more power over debtors.

This is socially destabilizing; you can feel it in McKenzie's eloquent, barely controlled rage at the hopeless structural knot that produces the abusive and predatory debt industry. Hudson's claim is that the rulers of antiquity knew this – and that we forgot it. Jubilee was key to producing long term political stability. Take away Jubilee and civilizations collapse:

https://pluralistic.net/2022/07/08/jubilant/#construire-des-passerelles

Debts that can't be paid won't be paid. Debt collectors know this. It's irrefutable. The point of debt markets isn't to ensure that debts are discharged – it's to ensure that every penny the hereditary debtor class has is transferred to the creditor class, at the hands of their fellow debtors.

In her 2021 Paris Review article "America's Dead Souls," Molly McGhee gives a haunting, wrenching account of the debts her parents incurred and the harassment they endured:

https://www.theparisreview.org/blog/2021/05/17/americas-dead-souls/

After I published on it, many readers wrote in disbelief, insisting that the debt collection practices McGhee described were illegal:

https://pluralistic.net/2021/05/19/zombie-debt/#damnation

And they are illegal. But debt collection is a trade founded on lawlessness, and its core competence is to identify and target people who can't invoke the law in their own defense.

Going to Defcon this weekend? I’m giving a keynote, “An Audacious Plan to Halt the Internet’s Enshittification and Throw it Into Reverse,” today (Aug 12) at 12:30pm, followed by a book signing at the No Starch Press booth at 2:30pm!

https://info.defcon.org/event/?id=50826

I’m kickstarting the audiobook for “The Internet Con: How To Seize the Means of Computation,” a Big Tech disassembly manual to disenshittify the web and bring back the old, good internet. It’s a DRM-free book, which means Audible won’t carry it, so this crowdfunder is essential. Back now to get the audio, Verso hardcover and ebook:

http://seizethemeansofcomputation.org

If you’d like an essay-formatted version of this post to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2023/08/12/do-not-pay/#fair-debt-collection-practices-act

#pluralistic #jubilee #debts that cant be paid wont be paid #Patrick McKenzie #patio11 #bits about money #debt #debt collection #do not pay #bottom feeders #Fair Debt Collection Practices Act #fdcpa #finance #armbreakers

11K notes · View notes