So let's say we've liberated a comm from its owner. All the user's financials are stored on it. Aside from walking into a store and using it to buy something, how do we get the credits off of it?

This is not 'laundering' the money, as you have no need to show a legitimate source of income. This is closer to fencing stolen goods. You've swiped a guy's credit card, how do you turn it into thing you can actually use? All before the credit card gets reported as stolen an canceled?

Your best best is to buy common stuff that is hard to trace and has a high resale value relative to its purchase price. You buy the fungible goods and take delivery before the credit gets cut off, then you resell the goods for 'real' credit.

Agreed, laundering money is when you have illicitly gained money and you want to show it real. In Crusher Bob's example. You would launder the money after you resold the items you bought with the guys credit. So unless you are wanting to show income on your fake SIN (or real one if you have that negative quality) don't worry about it. If that is the case then it would be easier to use an appropriate contact to get in touch with someone that does it. Just like you go to someone else to get your fake SIN rather than trying to make it yourself.

EDIT:

Figured I'd spell it out in case I wasn't clear. Either don't worry about it, or hand wave it with a contact.

So... spend it while you still can.

What if, for the sake of argument, you can't just buy stuff at a store (virtual or otherwise)? Is there a way to get the funds out of the victim's account?

You can always transfer the funds to a certified credstick. You then use that credstick to buy another credstick; lather, rinse, repeat. When you're done, no one will be able to trace the money in any provable fashion.

The problem is not 'getting the funds' it's in avoiding having them revoked when the commlink is reported as stolen, etc. Imagine that you transfer the money from the mark's commlink to an account of one of your fake IDs. But then the Mark reports his commlink stolen and the bank traces all the transfers out of his account. They track it to your fake IDs account and then reverse the transaction. Depending on how industrious the bank is feeling, they may investigate your fake ID hard enough to burn it, even even send the cops to talk to you to find out if they want to charge you with the theft.

That's why you transfer the funds to a certified credstick-- no ID required. Repeat the transfer a few times, and the money is effectively laundered.

Actually, the problem is getting past the basic security that everything uses. Unless you have all the top-of-the-line biometric hacking equipment, the financial data on that commlink is pretty secure unless you have a few days and a highly skilled hacker at your disposal.

I'm not sure if they have rules for it yet in SR4, but SR3 has an entire section on it in the Sprawl Survival Guide. I think the base time, once you got past all the encryption and cracking open the credstick/commlink, was one minute per nuyen... so hacking into and transfering as little as 1,000 nuyen had a base time of almost 17 hours. Somehow, I seriously doubt if it became easier to do it after the Crash 2.0. If anything, they severely increased security measures.

I think money laundering is still the right term. It's just that the washing isn't to show a legitamit source so much as to break a data trail.

Now first things first. In addition to the comlink you might need to know a password or something of that nature. It's quite common to require biometric info, and if you ditched the body you're going to be left hanging when the bank asks for a thumb scan.

Next as was mentioned you've got the issue of reporting or the datatrail. If the thing is reported missing before you use it expect company when you use it. Either through a backhack or just sending people to the location if it's a physical store.

Beyond that you have to worry about the trail. When you buy something that transfer is recorded in the respective banking systems. And can later be investigated (via hacking or by a bank giving data to the police). Exactly how big a deal this is depends on how bad people want you.

Anyway so lets say you've got the guys eyeball and hands on ice and you're looking to try and clean up the cred. The best way is lots of transfers through offshore banks. Expect to get hit with some fees every jump, but these banks know their business, and unless you commited a crime where they are they don't have to give up your records. Someone would have to hack them.

Credstick won't work because. Ok. I haven't gotten unwired, because I've heard of a lot of stupid stuff in there and I don't want to pay money for that, so who knows what they did. But credsticks aren't supposed to have the money "on" them. They're just associated with a bank account, like a comlink, it's just that a credstick doesn't care who you are.

I have Unwired, but haven't had a chance to read it yet, so I'm just going on what I gather from BBB, but I think you're wrong there, in the context of the discussion. Certified credsticks do have the credit "on" them. The issue is going to be how you "certify" the credstick. Obviously, you can't just transfer some cred from a normal account using a normal comm, else people would just empty their account into a certified stick and declare it lost, and get the transaction reversed, thus ending up with a certstick *and* their account. Or, if a certified dump prevented that happening, no one would use electronic cred because it would be too dangerous. [/hyperbole].

But certified credsticks have, and always have had, the money on them; they are their own authority, like a bearer bond. Don't lose 'em...

The trick with the BBB is that it compares them to two very different things. Cash and Bearer bonds. The difference being that cash is good on its own. A bearer bond however is associated with an external source.

The key problem with cash just being on a credstick is that it would make them vulnerable to hacking for counterfitting.

Another possibility I've heard is that the "money" is on the credstick, but there is online confirmation somewhere.

I think there are threads on it somewhere.

I would tend to agree with sunnyside in regards to certified credsticks. It would be far too easy to just copy a credstick again and again, or to artificially create them, making them severe security risks. Plus, there are several novels and runs which refer to emptying a certified credstick to avoid the account getting closed after the job. From what I can tell in canon, a certified credstick is basically a pointer to a bank account with no stated owner, and requiring no identification for use.

Going off of SR3, a commlink requires identification to transfer funds. The lowest level is a PIN number or password, then thumb print, then retina print, or a combination of them all. There are instances of SR2 credsticks getting cracked by dedicated hackers, and those people are available in SR3, but they're specialists, not general characters. I would assume that an SR4 commlink is better protected. Your best solution (another example I saw in SR2) is use a mind-control spell to get the mark to 'voluntarily' transfer funds.

Assuming you've successfully cracked a commlink, your goal is at that point to fence it - i.e., make it available for use and not traceable to you. Transfering money from one form to another is dangerous. On the one hand, it almost certainly requires ID to do it. Try buying a cashier's check or money order now using a credit card and see how far you get. IF they do it, they always require ID and signatures. I would assume certified credsticks are the same. Someone needs to 'buy' it, and that's traced to a SIN. Now ask yourself if the money is worth more than your fake ID.

Secondly, you aren't actually transferring money, you're transferring information. Like I said, there are several novels to indicate that a certified credstick is just an anonymous bank account somewhere - but nothing is ever truly anonymous. If you're transfering funds from First Union bank to a First Bank of Detroit certified credstick well, surprise, your money is still within Ares, and if Ares feels it needs to track that money down, it has immediate access to all the records it needs. It's debatable whether Ares would be able to easily track the data if you bought a certified credstick with Wuxing East Asia Prosperity Bank, since that's a different megacorp, but it isn't the sort of bet I'd easily make. You never know when those guys are at each others' throats and when they're suddenly friendly (or pretending to be friendly).

Your better option is to find a bank which advertises itself specifically as unaffiliated with any megacorp, and not respecting their calls for information. Switzerland and the Caiman Islands are classic examples. They make profit in part based on the anonymity they offer their customers.


However, a little easier is to buy things you actually need or can easily resell. Money transfers are watched carefully because they're unusual and that's the first thing people want to do when they're eager to illegally empty an account. However, people buy gasoline all the time, and it's not like the cost of gas goes anywhere but up, or that you won't use it. Similarly, food, clothes, bullets, etc. are all valuable resources. If you're talking about amounts under $50k, it shouldn't be too very hard to just invest it into your lifestyle or other associated costs. These things aren't easily tracked (gasoline certainly isn't, you might have to worry about RFID stuff with things like clothes, guns and cars have serial numbers which may be documented, but aren't easily tracked).

The other way to go is buy into tangibles with limited use for you, but high resale value. A great example is enchanting supplies. Gold is always a safe investment, and now it's regularly purchased by shady characters who don't like a lot of questions asked. SImilarly, programs or other decking supplies have a good turn-over rate, are expensive, but easy to hide and don't go bad. Consider picking some of those up.

Nobody thumbs their nose at the CC in SR. If you are unaffiliated and Ares wants the data you will give it to them or they will have you arrested and your bank shut down.

Programs don't go bad? You must not have unwired.

Difficultly. Welcome to the world of online banking. Just because you have hijacked a person's computer does not actually mean you have access to their account. I know that the American system is antiquated, but still certification becomes difficult. You may have access to their credit details, such as a credit card which may be attached to an account, but for example my credit card is a separate entity that just lives off my bank card. I have a personal insurance included in my credit card that prevents unathorised usage of my credit card. It still does not mean that someone cannot charge my credit card, because of the antiquated system and reverse compliance in place with it.

However, my bank card demands knowing my PIN, which is not stored on my card, but is the private key to being able to access my bank account. There are ways on spoofing this, such as electronic eavesdropping on keystrokes at cash machines, additional magnetic readers installed over the card port. I am more than happy on sharing further details in private though.

Furthermore certified credit sticks are not cash. Rather it is like a bearer bond. The bank certifies that credit stick can be used up to a certain amount of money. It is like a bank card which has a certain amount of money on it. Once all the money is used up the credit stick is discarded. In real life it is called a cash card or in department stores a gift card.

Dude, there are these things called photocopiers. They don't stop the government from printing money.

Anyway, electronic money cards, in which electronic cash is literally stored on the card and is not associated with any bank account exist today. Current electronic cash systems use RSA blind signatures and unique serial numbers, which are currently impossible to crack, and store money in discrete units generally referred to as "coins", with each coin having its own unique signature and serial number.

The key here is that a single coin can only be used once. Because the system is electronic, serial numbers are read automatically. If two coins have the same serial number, then the second will be rejected and the fraud will be obvious.
You can't change serial numbers. If you change serial numbers you'll have to create new legitimate RSA signatures, which is impossible unless you have the issuing institution's secret key, in which case you probably work on the ecash system directly.

It is important to remember that electronic coins, just like real ones, cannot be broken down into smaller denominations. Just as breaking a dime in half does not yield two nickles and cutting a $50 bill in twain will not give you two $25 notes, so there is no need for anyone but the issuing bank to perform any operations on the coins and thus never any need to generate new signatures.

It is possible to pass copied coins offline, in systems that allow offline transfers, but they'd be identified as fakes as soon as they made their way into the online system, but it is also possible to pass copied cash and bad checks. The advantages of an anonymous online/offline electronic cash outweigh the risks, particularly since most retailers won't be accepting any without online verification.


There were rules for counterfeiting certified cred in SR3, if I remember correctly. It was absurdly difficult and dangerous. You only know if you succeeded or not when you slot the cred into an online reader for verification and failure would alert some very angry authorities to your location. You don't want the Corporate Court's Secret Service to come down on you.

Grabbing a person's comlink is basically the same as grabbing their credit card. You work fast, go on a spending spree before they can report it. Actually laundering the money is unnecessary, unless it is many thousands, in which case you'll need semi-fake legitimate business that you can cook the books on, report the ill-gotten gains as legitimate income when you file your taxes.

I should probably point out that there are such things as prepaid credit cards, available today, that are essentially the same as certified credsticks. They work exactly like a standard credit card, but they don't require an ID to use. some don't even require a PIN. Even though they're attached to an electronic account, the card itself is "untraceable", in that no one can prove that it wasn't lost, stolen, or given away.

Check for "Green dot" cards, as those are a good example.

Well, I find the best way is to use the washer and dryer in the basement, but that tends to make the money unuseable...

...

What?

Actually, money survives washing pretty well.

I have never heard of this strange technology, please, explain!

Of course, I jest, but I assume you do as well. We all know why, despite the rise of color photocopiers and advanced printers, people don't just copy $20 bills and get away with it with any regularity. There are several aspects of paper money which are difficult to reproduce to any convincing manner.

However, it is extremely difficult to do the same with electronic media. There are only a handful of ways to get around the problem of 'if a functional credstick looks like this, I can just copy that and 'make' free money', most of them needlessly complex and liable to be cracked in a short span of time (considering the financial incentive to do so). By keeping the money on the server and the credstick only serves as a key, you've then both reduced the risk, and shifted the liability from the bank to the owner of the credstick (if money is on the credstick, copying credsticks loses the bank's money. If the money is on the server, copying the credstick only loses the user's money.) The only reasonable excuse I can think of for not saving money on the server is that it requires a matrix connection to verify the availability of funds.

Hyzamarca's example of ecash is a good one, excepting two details;
1) In order to avoid fraud, the recipient still needs a matrix connection, which invalidates the single substantial benefit of the server-based credstick systems. Of course, I'm sure there are work-arounds to transmit a more local device to allow for offline transfers, which would apply to both server-based and ecash systems equally, but for the sake of this debate, they're largely irrelevant.
2) This eliminates traceable accounts, which the corporations will all see as the major benefit of server-based accounts.

I've all way though that credstick would be used in the shadows as payment often chaging many hand befor bing used other than in a trade. Thus copying a credstick so it displays more than whats on it wcould work for faking large deals though the repercussions would be large if you have over 10mil in credsticks as there's about 500 nuyen on them. But if played well you could uses such scam as part of the oh drek plan pay a bomb to get something quick then flee to another place and start a fresh.

Yep. But the card (and certified credsticks) are basically just an account number. There's no actual cash on it. Every transfer you make with it requires the involvement of a banking system, and you still have to get past whatever security features are linked to that account in order to transfer funds to or from the card. Be it a PIN number or biometric data. And while cards like that exist today with no security measures at all, it's highly doubtful that post Crash 2.0 Shadowrun would have anything of the sort. In fact, they've gone out of their way to try and remove any kind of free currency from the world economy for that very reason.

And this all assumes a certified credstick, which the original poster does not have. He just has access to the guy's commlink and its resulting bank account numbers. Which is definitely going to be safeguarded with PIN numbers and biometric data at the very least.

Actually, there are a number of color printers that have chips in them that recognize and refuse to print images too similar to american money, because it can too easily be passed as a fake.

Actually, traceability a problem. Simply put, corporations sell a lot of stuff to poor people and to criminals. The SINless and professional criminals are two overlapping key demographics that corporations need to cater to. However, in order to cater to these groups they need plausible deniability. A totally anonymous ecash system, such as those currently in use in various countries across the world, gives corporations that deniability. It also happens to be extremely convenient and all but impossible to successfully forge due to digital signing and online verification.

From a financial standpoint, it also benefits both banks and merchants. The merchants get their money immediately, without having to wait for long credit processing (which can take several days) and the banks don't have to pay out for fraud or stolen ecash, while they lose a great deal of money on credit card fraud and stolen cards.


Also, if they didn't provide this service, they'd soon loose their criminal and SINless customers to truly anonymous underground banking services, such as eCache

And lets not forget that if Damien Knight doesn't want you to know what type of porn he's buying (and he probably doesn't) then he is going to invent a totally anonymous electronic currency and payment system.

Quiet frankly I always just use my fixer for stuff like this. My group never wanted to get busted for something stupid, so we let the fixer handle the extraction, for a fee naturally. It also made it easier on the GM, which I was thankful of when I was the GM. This is after all one of the things a fixer does.

Actually, they don't. They don't have nearly as much money as corp employees, governments or businesses. Furthermore accountants don't like it when sources of funds mysteriously show up on the books and when accountants don't like your bookkeeping the shareholders get kind of antsy and you end up with the corporate court doing audits of you books to see where the money came from.

Plus you have the lavishly funded investigative reporters of competitors (and their deniable "agents") who are looking for opportunities to slam you. It's ok to deal with crooks who own countries, are called mayor or are smart enough to cleanly launder the money. It's just bad business to deal with street scum.

Even if he just has access to the guy's account information, that can easily give you enough to hack it. You look up his birthdate, and try that as a PIN; you might be surprised how often that works. My ex used to keep a notepad file in her documents folder with her passwords for everything; she had trouble remembering them all, and she wasn't alone. We're not allowed to discuss actual hacking methods on Dumpshock, but if you look up "social engineering", you can find out about it yourself.

And you read something wrong. We're not assuming the money is on a certified credstick. We're assuming he can get a certified credstick, and then transfer the money onto that. You then transfer it again, and again, and maybe once more if you're paranoid. By that point, no one will be able to prove the money was stolen.

Individually, they don't have nearly as much money. But there are millions of them and they have the same basic needs as everyone else. You think that food manufacturers are going to let a multi-billion nuyen demographic go completely untapped? Everybody has to eat.

And certified cred allows them to keep the bookkeeping clean, that's the entire point. They were paid for good and/or services in certified cred. They have no idea by whom.

Consider the pager industry in the 80s and early 90s, before cheap cell phones superseded them. There were basically two key pager-using demographics, medical doctors and street level drug dealers. Street level drug dealers, of course, paid in cash and put fake names on their service plans. Without street level drug dealers, there would have been no pager industry.

Disagreed there. Each and every one of those transactions are being recorded, complete with the (anonymous) account details. Since storage is no longer even a remote issue post Crash 2.0, there's no reason in the world that banking institutions would delete that information. So tracing it back to the original commlink would be no issue at all.

Now if you did it with credsticks from less-than-reputable banks -- namely the ones that cater to the underworld -- you might have a chance of making the trail disappear. But even then a determined hacker could find the information.

That said, if stealing people's account information from a swiped commlink were as easy as you guys are making it out, there's no real reason why it wouldn't be the single largest crime in Shadowrun. Hell, you'd be stupid to risk your life regularly to do some nobody's corporate espionage gigs when all you have to do is pick-pocket some corporate suit and drain their acounts and life savings away every now and again.

The big money in SR4 is identity theft; there's certainly a high demand for fake SINs. But there's also enough competition out there to keep prices down. It'd also be stupid to keep using a stolen commlink, considering that each one comes with a built-in GPS. If you can't crack a commlink quickly-- before it's reported as stolen-- you have to get rid of it before it reports your location.

Why settle for half measures? Identity theft is best done when a hacker and a possession tradition free spirit work together.

OK, a lot of good discussion here.

First, I will address certified credsticks. There are only two ways to get one (transactionally speaking). You trade something to someone who has one, or you give some nuyen to a bank and they make one for you. If I have a stolen commlink, I either sell it (the first instance), or I... okay, that second example is just not going to work here. So we can clearly remove certsticks from the equation.

So where does that leave us? Just because you've hacked your way into a comm, it doesn't mean you've hacked your way into the international financial system.

So all you can do is spend the money as if it's your own comm - if you can handle the banks' security measures. And until they shut it down. Furthermore, unless you have some very highly placed contacts, you can't erase the data trail.

But how do you transfer funds? As far as I can tell, you can only do it via banks and stores (virtual or physical). In other words, through a cash register. Is there any other way? How do you get a cash register? Any ideas for obtaining access?

And as much as I like the idea of selling the comm to a fixer, who in turn sells it to someone who specializes in such things, how do they get the funds out? At some point, the rules for faking IDs mentioned that the process included setting up a financial history as part of the fake records. Does that mean that nuyen can be forged?

Yes, there were several questions in here, some of them onlyvaguely related to the original question.

AFAIK, all standard printers and photocopiers have software in them that recognises a pattern of yellow dots that is incorporated into the design of pretty much every banknote worldwide (tin-pot banana republics a possible exception, but their banknotes are generally not worth forging). Once the pattern is recognised, the device will not render the image in which they are included.

I think you missed my point.

This thread is about stealing the nuyen in a person's account via their stolen commlink. There's no identity being stolen. There's no buying and selling of fake SINs. There's no keeping the commlink around. According to several people in this thread, it's apparently easy as pie to transfer all of their money to certified credsticks, launder it, and walk away rich. And if it were that easy, there'd be no reason to run the shadows. Just swipe a corporate suit's commlink, rob him blind, and live the good life until you run out of cash. Wash, rinse, repeat.

Which, alone, would prove why there has to be some serious security and safeguards in place. Because if it were that easy, there would be no confidence in their use, and the economy would be destroyed through both that lack of confidence (which is what almost all currency in the modern world relies upon) in it and because it would be impossible to safeguard your earnings. Particularly with how integrated commlinks are in the 2070's.

Well, presumably the old credstick security system would still be in place. In order to make a transaction over a certain amount, you need to pass additional security measures. For example, in the real world, merchants don't need a signature for transactions under $25. The next step up in Shaodwrun would probably be something biometric, and thus much harder to forge.

Depends on the country. For example in the UK you now have to place in your PIN number everytime you use a cashpoint machine with a bank and switch card. In Finland it is not everywhere, but is becoming more common. Over 50 euro transactions now demand in Finland that a valid photo identification is shown which is an ID card, passport, or a modern driver's license.

On the Internet there is a demand for electronic signing, which in Finland takes the form of logging into your electronic bank account, whereby the bank issues an electronic signature to the second party. Inreasingly common with credit cards with online transactions is also typing in the card security code (i.e. the last three digits of the numerical sequence found on the reverse side of the card) for added security.

I tested out photocopying a 20 euro bill, one of the more common banknotes in Europe on three different Xerox photocopy machines, one of which is a color copier. All of them happily made copies of the bill, but revealed the thermocromic ink security feature. This restriction by photocopiers may be limited to BoE and U.S. banknotes.

Edit: After placing the colour photocopier on colour copy, it registered a notification of illegal registered material on the photocopier platter.

If we're talking SR3, I'd ask you to refer firstly to the Street Gear section and note what items have Street Index or Availability. That indicates that getting them without a SIN is difficult. As you'll note, it includes almost everything. Now please turn to Lifestyles and note where it says buying anything other than Low or lower, or luxury requires either a SIN or a false ID. I assume SR4 is similar.

Now I'm not saying this makes sense, and there are clearly ways around it (certified credsticks, physical money, mafia-backed financial services, etc. all function without a SIN and limit accountability in different ways). Ultimately though, from my own experience, the solution has either to have a dedicated middleman or a false identity. I'm sure Damien Knight has several (include 'Damien Knight') he can use to buy his porn. Most criminals who are actually going to buy things new will have at least one false identity with which to do so.

Meanwhile, while Ares might not want Renraku having files about what Ares people spend, it DOES want information on what Renraku people spend. So it is motivated to get every other corporation to not employ accountability, but it itself is motivated to employ it. Since every corporation is therefore motivated to include data-gathering techniques, even though they don't like the ubiquity of that data-gathering, it likely will be employed. Similarly, Damien Knight probably likes the fact that he can track what all of his managers buy, even if he has to jump through some hoops to avoid them knowing what he buys.

I'm not saying you're wrong from a realistic world standpoint, and certainly you're welcome to play it however you please. Shadowrun has its share of unrealistic world details. However, at least from my reading of the SR rulebooks, your view does not seem to be reflected by the game designers.

I doubt that Soyburger Helper qualifies as a high lifestyle meal, or even a medium lifestyle one.

That is true. So we are left with two possibilities.

1) Anonymous cash is easily available and even commonly used (as you implied, Damien Knight uses it). However, in order to rent an apartment or buy a house, to buy most types of clothing (I'm going off memory here, so don't hit me too hard if I'm wrong), to buy radios or a home computer, even a bicycle helmet, for some reason legally requires an ID check. Only vendors who don't care to follow the laws, or for truly basic items like food, will an ID check not be required.

2) Anonymous cash is not easily available and not preferred by vendors. Most vendors will go with tracked electronic money. The only vendors who do not go with that option are those who, due to (generally financial) conditions are outside of the infrastructure, cater to very specialized crowds, engage in illegal activity, or who are otherwise unable or unwilling to use that currency. Anonymous cash is thereby very muchso the exception.

In other words, if anonymous cash like you're suggesting is available, there must be another major force resulting in so few vendors accepting it for even minor, mundane purchases. What is your suggestion?

#1. Anything R/F won't take it unless you buy it on the black market. Required for purchasing on the black market. Most small stuff (everyday items) aren't an issue to get with it.

Food is folded into your Lifestyle, and a Lifestyle doesn't require a SIN. So, that means grocery stores and restaurants don't require a SIN either. You can probably also rent from most places without a SIN, just paying with certified cred.

I think you're wrong.

SR4, 259, "If you lack a SIN, many activities that normal citizens
take for granted become impossible for you. For example, you
need a SIN to get a legal job, open a bank account, own property,
go to school, rent an apartment, establish utility services,
and so forth. Most importantly, a SIN is now required for any
form of legal travel—including just buying a bus ticket."

Also, as far as using certified cred...
SR4, 260, "Certified credsticks are a popular form of payment among
those who wish to retain a semblance of anonymity. Because of
this, there are still plenty of businesses that will accept certified
credsticks for payment purposes, though higher-classed establishments
may give the holder funny looks."

Also explicitly wrong in SR3.

p.241

"For middle and high lifestyles, the characters will need someone with a SIN or a very good cover story."

All right, but that means Squatter, Low, and Luxury don't require SINs. Which means you can get basics like food and clothing without a SIN. With a Luxury lifestyle, I assume that you're rich enough to bribe anyone who cares to complain about your lifestyle.

Edit: That was also SR3. In SR4, things may be different. I can't find that rule in the BBB4.

And in SR4, it means street/squatter don't need a SIN.

You haven't tried to rent an apartment recently, have you? They want credit checks and often references that they call. Even for fairly crappy places, as people trash places and cause huge bills.

And for most crappy places, the landlord will ignore the requirements if you place a big enough deposit down. That's how I got a place with no references: I put down the first three months rent, plus a hefty deposit.

Certified credsticks aren't easy to use. They come with a set amount. This means you've got to have a pocketful of them to come anywhere near close to what you're buying. I imagine a lot of places would balk at giving 30¥ change for a 50¥ stick.

Where did you get that idea from? Credsticks come in many different values, according to the BBB; I'm too lazy to look up the page ref right now, though. And it works just like a prepaid credit card-- you can debit just what you need, and even add to the balance if you want to.