

FTC files suit against "Rachel from Cardholder Services" - wpietri
http://www.networkworld.com/community/print/81719

======
Vivtek
Ha, a couple of years ago I got one of those calls every day - finally I told
them it was illegal, I was on the don't-call list at both the state and
federal levels, and they should stop immediately.

The _manager_ I talked to actually told me to get fucked, they'd keep calling
if they wanted - and they did, too, sometimes three times a day. This went on
for weeks; I'd dial 1 to connect to a person and lay the phone down, and
finally they stopped (probably that particular guy got fired or something - I
guarantee they have massive turnover).

This goes beyond just milking strangers for lots of money. This kind of racket
attracts sociopaths who literally enjoy breaking the rules and knowing there's
nothing you can do about it. I often have a hard time believing in the
existence of actual scum, but then I just recall this episode. There are
people in the world who do _not_ buy into the narrative of working together
for the common good.

It is music to my ears that the FTC has nailed some of them down enough to
make them hurt. It has made me very happy.

~~~
cpeterso
I had a summer job in a telemarketing sweatshop and I learned that you should
be polite to telemarketers.

At the time, at least, the company I worked for had two "call back later"
lists. If the telemarketer didn't reach a human (because the phone was
unanswered or went to voicemail), the phone number would go on a "call back
next week" list. If the telemarketer reached a human who said "no thanks", the
phone number went on a "call back in six months" list. However, if the
telemarketer reached a _rude_ human, their phone number would go on the "call
back next week" list, just to spite the person. :\

Also, you should ask to be _added_ to their "do not call" list. If you ask to
be _removed_ from their list, they may oblige, but they are likely to remove
you from "that" list and conveniently not bother removing you from the master
list.

~~~
Vivtek
Sure, you should be polite to the Mafia, too - that's an awful nice shop you
have here. But in this case, I _was_ polite.

I don't need to be added to their do not call list. Indiana and the United
States have do not call lists that it is illegal to violate, and I was on
both. They were breaking the law with utter impunity.

But the point I really wanted to make was they were breaking the law
_stupidly_. It was obvious they'd never make a dime off me - so making me
suffer at their own expense was stupid. I detest stupidity, which, arguably,
makes me a very unhappy man most of the time.

------
marssaxman
What baffles me is that legitimate banks actually do hire incredibly shady-
sounding third party outfits with names like "Cardmember Services" or "Card
Services" to handle credit card customer support. I once inadvertently dodged
a genuine fraud-investigation call from my bank for weeks because it sounded
like such an obvious scam. I don't understand why they don't draw the
connection: scammers like this only work because the banks prepare the ground
and make the call seem plausible.

~~~
_delirium
This practice screws up attempts to instill good online security habits in
people, too. For example, Citibank's normal domains are citi.com and
citibank.com, but then it sends email links to the super-fake-sounding
accountonline.com, which is apparently where its actual ebanking services run
(you get redirected there even if you login at citi.com).

Even worse is when banks send out "cloaked" links, where the anchor text in
the email shows their actual domain name, but the HREF target is
n23uiahsf8das9fda.somethingelse.com.

~~~
smsm42
The n23uiahsf8das9fda.somethingelse.com is probably a third-party marketing
tracking service. Since Citi would never allow marketing company run their
tracking service on citi.com and since users won't be eager to click on
n23uiahsf8das9fda.somethingelse.com link, they don't have much choice. On the
question of how then legit marketing emails differ from phishing - I have no
idea. I just never click on any of those links. If I need to do something on
my bank's site, I just log in there directly and do it.

~~~
tmhedberg
_Since Citi would never allow marketing company run their tracking service on
citi.com and since users won't be eager to click on
n23uiahsf8das9fda.somethingelse.com link, they don't have much choice._

They do have a choice. They could choose not to "track" their customers in
this way.

~~~
smsm42
Well, there's a legitimate marketing need to know how many people read your
communication and how many were interested in what it says (as expressed by
clicking on the link). After all, what's the point of communicating if
nobody's listening or nobody cares?

------
dbecker
I used to work for the FTC, and I was surprised how many calls I received at
work from scammers. It always renewed my motivated.

In an effort to continue this tradition, I would suggest you ask scammers to
call back on your other line. Then give them an FTC number. Any number
202-326-xxxx should work.

------
wpietri
One of the things that fascinates me about this is that "Rachel from
Cardholder Services" is a name used by a bunch of different scammers.

I originally thought: How hard is it for them to close that one company down?
But they actually shut down a major caller in 2010, one that made 2.6
_billion_ calls:

[http://business.time.com/2012/04/06/2-7-billion-robo-
calls-l...](http://business.time.com/2012/04/06/2-7-billion-robo-calls-later-
why-wont-rachel-from-cardholder-services-just-go-away/)

Hackers, if you think you can solve this problem, the government will give you
$50k:

<http://robocall.challenge.gov/>

~~~
rhizome
There was some discussion about the $50K challenge last week, and I still
don't think anything can happen without industry buy-in. It's mostly a policy
and people problem, and the only technical barrier I've been able to identify
is that Caller ID can still be forged.

The whole situation bears an interesting contrast to the battles over
anonymity on the Internet, where the telephone industry is trying to preserve
the ability of their customers (telemarketers) to avoid detection.

~~~
dhugiaskmak

        Caller ID can still be forged
    

Can anyone explain, or point to a resource that explains, why this is still
the case in 2012? Is there some technical reason why this is the case, or do
the phone companies make enough money off of scammers and robocallers that
there's no incentive for them to fix it?

~~~
stephengillie
Why can email headers still be spoofed?

~~~
barrkel
Because you don't have to pay for it.

------
politician
I don't understand why the FTC wants to pursue technological solutions to this
problem. Instead, why not let the jail times of the officers of the companies
associated with these scams scale with the number of complaints received?

If they're taking payments, there's even a handy money trail.

If they're operating outside of US jurisdiction, freeze their bank accounts
just like we do to Iran.

Bottom line: it should not be possible for these companies to collect
payments, and their officers should receive mandatory jail time.

~~~
wpietri
Catching and prosecuting a criminal is an awful lot of work, so there will
always be a lag between crime and punishment. Most criminals aren't making
good cost/benefit tradeoff decisions, so as long as they can get a quick taste
of money doing something dubious, some of them will scale up.

I'm also in favor of mandatory jail time for serious offenders, but mere
punishment hasn't stamped out most other kinds of crime, and probably won't
stamp out this one, either.

~~~
politician
These calls are being generated by relatively few robocallers who are
collecting money and have service provided by phone companies which track and
meter every minute.

This is a significantly different environment from online email spammers who
can hide behind bot nets, open relays, and don't take payments directly.

Instead, robocallers appear to operate in a near perfect knowledge environment
for prosecutors (with the will to act).

~~~
wpietri
That's definitely not correct. You should watch the Robocall Summit videos.
All parties agree that it's a giant pain in the ass tracing both calls and
people right now.

------
bediger4000
I got many, many calls (4 or 5 a week) from "Ann from Cardholder Services"
during the spring and summer of 2012. I started hitting '1' and then dragging
out the conversation with the customer service rep. After that stopped being
fun, I would just tell the service rep to quit before they get arrested.

In the fall of 2012, I still hit '1' to be connected, but I never get to talk
to a human. I'm not even on hold. The call doesn't terminate, but nothing
happens to it, as if they route me to a grounding strap on a cold water pipe.

------
ALee
Isn't this what Google is trying to attempt with Google Voice and using SPAM
filtration on those calls? It would seem that a company could greatly benefit
by somehow acting as an intermediary and allowing users to rate a call as
spam.

The issue is that like SPAM in the e-mail days, the technology isn't the
problem, but rather the adoption of a filtration method. Adoption will happen
when this problem becomes a big enough issue for consumers to switch to
another provider (which is already difficult already).

------
haroldp
Caller ID doesn't. That is the problem. Fix that problem and this goes away.

~~~
Karunamon
I'd rather still have the ability to call anonymously if I choose.. no reason
to toss an entire tool out on it's ass because it's misused.

~~~
R_Edward
There's calling anonymously, and there's intentional misrepresentation. I
wouldn't mind retaining the ability to set your outgoing caller-id to
Anonymous, or Name Withheld, or something like that. But I don't think Joe's
Sweatshop should be able to set its id to Legitimate-Sounding Business, Inc.

~~~
Karunamon
Fair enough.

------
cafard
Now and then I used to amuse myself by letting them connect and then asking a)
what company they represented, and b) in what state it was incorporated. This
was usually--maybe always--good for an immediate disconnection.

------
emeraldd
I really hated getting these calls. They're insidious! It's even more
disturbing to note that there is something called "Cardholder Services" on
your credit card bill as a number to call.

~~~
blhack
That's why they pick that name.

------
kencausey
Somewhat more info can be found at
<http://www.ftc.gov/opa/2012/11/robocalls.shtm>

------
jdc0589
A few months ago I got sick of them calling, pressed 1 to talk to someone. And
informed them that this was the third time they had called after being asked
to stop, I had records, and I would be filing an FCC complaint. The woman got
very apologetic and gave me a number I could call to get "permanently taken
off their list". I called said number. It was a gay sex hotline. True story.

------
Lagged2Death
_Just last month [the FTC] announced the Robocall Challenge offering $50,000
to anyone who can create what the agency calls "an innovative way to block
that will block illegal commercial robocalls on landlines and mobile phones."_

So the US government is using the phone system to track and to eavesdrop on
everyone it cares to[1], but it can't figure out a way to use that power to,
you know, actually enforce the laws concerning that same phone system.

But somehow, they're going to catch terrorists that way. Sure.

[1] [http://www.usnews.com/news/blogs/washington-
whispers/2012/09...](http://www.usnews.com/news/blogs/washington-
whispers/2012/09/19/warrantless-wiretapping-was-far-more-involved-than-
previously-known-new-book-says)

~~~
finnw
So the NSA has the technology, but will not give the FTC access to it. Isn't
that a good thing?

------
dkersten
Why have I never received something like this, nor know anyone who has, in
Europe? Whats different over here that this doesn't (that I know of) happen?

~~~
mh-
I think it might have to do with the ROI on these unsolicited outbound calls.
They're almost free, at this scale, in the US.

------
lgleason
So here's the thing. Someone can easily set up a robocall campaign with
Twillio, Tropo or any number of other services. I would like to see anti-
robocall measures strictly enforced. With that being said I wonder what
percentage of these providers business is coming from these robo-calls and/or
what they are doing to prevent them.

------
aresant
Nice to see that the FTC recognizes what an incredible nuisance telemarketers
are, but hard to cheer for them as politicians are not only allowed to use
robodialers, they are exempt from abiding by the Do Not Call list.

Why? Because they are not "included in the definition of telemarketing".

Source - <http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt107.shtm>

Oh, ok. Doesn't seem like any sort of a conflict of interest at play here.

~~~
jrochkind1
Amount of times I've gotten a robocall from a politician so far: 0

Amount of times I've gotten a robocall from Rachel at Cardholder Services --
approximately twice a week for the past four months.

Why would I be annoyed at politician robocalls I don't get?

------
nathan_long
Two of the company names: "Web Design" and "LLC"? Those were nice land grabs.

~~~
sharth
The 5 companies being sued are:

1\. Treasure Your Success

2\. Ambrosia Web Design

3\. A+ Financial Center, LLC

4\. The Green Savers

5\. Key One Solutions, LLC.

