Famous Debit / Credit card fraud cases

Famous credit fraud attacks Between July 2005 and mid-January 2007, a breach of systems at TJX Companies exposed data from more than 45.6 million credit cards. Albert Gonzalez is accused of being the ringleader of the group responsible for the thefts. In August 2009 Gonzalez was also indicted for the biggest known credit card theft to date information from more than 130 million credit and debit cards was stolen at Heartland Payment Systems, retailers 7-Eleven and Hannaford Brothers, and two unidentified companies. ING Direct Customer Caught In Debit Card Fraud Gray Zone Most cases of ID theft and credit/debit card fraud involve the thief going whole-hog on the victims account, spending as much as they can in a very short period of time. But what happens when that fraudulent activity isnt enough to set off alarm bells at the bank? This is exactly what happened to Shelby and her fiance, who share an ING Direct checking account. Back in September, Shelby noticed a handful of small purchases, all for the same amount, made at their local CVS. It was odd, but the amounts were small and it was a CVS in their area so she assumed her fiance had made the purchases. Then she later saw these same charges being made again at both CVS and a nearby Walgreens, a store that neither of them had been to in more than a month. Thats when I realized someone had been making fraudulent charges to our account with my fiances card number, Shelby tells Consumerist. Between the two stores, there were five charges of $11.81 each. Looking into the charges, they were told that each transaction had been made using the PIN for that particular card. Since her fiance had never lost his card, it seemed evident to the couple that someone had skimmed the card number and PIN and was using it to chisel away, making repeated, small purchases for the same amount. We filed a dispute online, says Shelby, but ING closed it by 9/30, claiming the charges were authorized, even though we submitted signed affidavits of the fraud. A second dispute and affidavit were closed on Oct. 10, with the following explanation:

Your card was physically swiped and you entered your PIN correctly to authorize a cash-back PIN-based purchase. In addition, account history shows that you have done business with this merchant multiple times other than these charges. Weve determined the transaction was authorized and have closed your dispute. You have the right to request copies of any documentation used by ING DIRECT in making this decision. If you still feel that these charges are fraud, you can resubmit your disputes online. The appeals stretched into mid-November, when an e-mail from ING stated again that their claims regarding the five charges for $11.81 were not covered by his Debit Card agreement, and that this would be the final response on the matter. ING is treating us like liars, Shelby told Consumerist at the time. I am aware it is a federal offense to file a false affidavit. I am glad the money stolen wasnt a large amount, but it upsets me a great deal that they are ignoring us. I have been a victim of fraud at another bank, and when they were notified of it, they immediately cancelled the card and refunded the money stolen once I submitted the affidavit. ING didnt even offer to cancel my fiances card. The representatives dont seem to care at all that we were the victims of a crime. We contacted ING on the couples behalf, asking the bank to take one last look at the case, because the following things seemed, at least to us, that they were not trying to scam the bank for a refund: 1. The repeated purchases, all within a brief period of time, all at the same two stores, all for the same exact amount. 2. The fact that the couples were not disputing any other charges made at CVS or Walgreens. 3. Two months is an awfully long time for a couple to spend filing fraud claims, signing affidavits and answering questions, just to get back $59.05. After a couple weeks, we finally heard back from ING Direct with some good news. We took care of this customers concern by crediting his account as a goodwill gesture, a rep for the bank tells Consumerist. Shelby confirms that the money has been refunded. A source who knows a thing or two about fraud claims explains that this is one of those tough situations for banks, as there are plenty of odd things about the charges but it also does not have many of the red flags huge purchases, online orders, charges made in far-flung locations that usually trigger fraud alerts for a bank. In such cases, the best the customer can do is to continue to plead the logic of their case and hope that the bank ultimately agrees. He advises the customer should also try dealing with the retailers at which the fraudulent purchases were made, as they might discover a larger pattern to the purchases.

Police arrest dozens in debit, credit card scam It was a theft allegedly carried out on a massive scale, with military precision, and it repeatedly victimized the holders of debit and credit cards. Two-dozen runners would allegedly be on standby at different ATM machines in the wee hours of the morning, awaiting a call from a ringleader. Upon getting the green light, they would start withdrawing money simultaneously from different machines, using cloned bank cards. Police say it would only take five minutes. On just one such occasion, 79 bogus cards were allegedly used to make 203 transactions at 23 different bank machines with the accused thieves getting away with $30,000. The RCMP says that scam was being replayed multiple times each week in the Montreal area, as it announced a series of arrests Wednesday of alleged members of a $100-million debit- and credit-card scheme that had international ties. Some members of the group are facing gangsterism charges which police call a first for a Canadian fraud case and Wednesday's arrests mark a first. A gangsterism conviction carries a mandatory minimum sentence. Police said 46 people were arrested and about 60 raids were conducted in the Montreal area and in Ontario. More than a dozen others remained on the lam and police said other arrests were likely. The RCMP calls the operation an international one: the alleged criminal group is believed to be associated with accomplices in Vancouver, as well as others operating in countries such as Australia, New Zealand, Malaysia, Tunisia and England. We are working with our international partners to assist them in identifying the stratagems within their own country, RCMP Supt. Guy Pilon told a news conference Wednesday. We believe that we've put an end to a significant operation that was [working]here in the province. The highly organized operation was allegedly split into three cells with specific roles leaders, technicians and runners. Some members of the group were allegedly modifying ATM machines with fake PIN pads and tiny cameras. But the most popular scheme involved allegations of stealing point-of-sale PIN machines from businesses and restaurants and modifying them. Police said stolen terminals would be taken to hotel rooms, where technicians would hack into the computer processors that held credit- and debit-card information. The

terminals were rigged using Bluetooth technology so information could be relayed to fraudsters remotely. The terminals were then returned before the next business day and would remain in place for several weeks while data was gleaned from customers and sent remotely to fraudsters. The account information and PIN number would be transferred to blank cards. Runners would then use the cards in co-ordinated attacks, striking at bank machines at the same time. RCMP Sgt. Yves Leblanc described one early morning attack where $30,000 was drained from various bank accounts in the Montreal area in five minutes before bank security divisions could stop it. This went on once, twice, three times a day. It went on maybe four or five times a week, Leblanc said. While the fraud is estimated at $100-million, police worked to identify 22,000 victims defrauded of $7.7-million to help build their case. Pilon said the investigation began in conjunction with Quebec provincial police in September, 2008, after financial institutions made several complaints to law enforcement. He said the banks also helped police track down leaders of the ring. The accused face 368 charges that include gangsterism, fraud and identity theft. Many appeared in court by video Wednesday. None of those charged are employees of the businesses targeted, but police believe that in some cases the alleged fraudsters had inside help. Police say there are simple solutions for businesses to defend against such a scam. In many cases, it's as easy as securing the terminal to a desk. While customers can also be vigilant, police say it's hard for them to know if a terminal has been tampered with. The police and the private sector need to work together to secure the environment, Pilon said. Jacques Hebert, Quebec director for the Canadian Bankers' Association, says fraud costs Canadian banks about $500 million each year.

Credit/Debit Card Fraud: New Trends, Incidents A year ago, many banks and credit unions were forced to cancel and reissue thousands of cards as a result of the TJX breach. More recently, banks located in Indiana saw accounts breached from ATM or debit card transactions. Indiana law enforcement and the FBI are investigating breaches from at least 10 banks after more than 100 customers reported money missing from bank accounts beginning June 14. The majority of the withdrawals, from a few hundred dollars to a few thousand dollars, were posted in Nigeria, Russia, Ukraine and Spain. There are more examples from this year with larger losses: An investigation (Citibank Complaint) by FBI cyber-crime agent Albert Murray shows two men made hundreds of fraudulent withdrawals from New York City ATMs, getting $750,000 earlier this year. Murray's affidavit points to what he sees as the culprit: a Citibank server that processes transactions had been breached, allowing the criminals to make the fraudulent withdrawals. (Citibank denies that its servers were the source of the breach.) Although the industry has made great strides in lowering credit/debit card fraud, the problem clearly remains a threat to institutions and consumers alike. A look at the Federal Trade Commission's Consumer Sentinel (Consumer Fraud and Identity Theft Complaint Data) from 2007 shows the complaint database developed by the FTC received more than 800,000 consumer fraud and identity theft complaints. Consumers reported losses from fraud of more than $1.2 billion. Credit Card fraud, at 23%, was the most common form of reported identity theft. New schemes are emerging, and call for greater scrutiny from institutions and their customers.

Debit card fraud on the rise in Canada When Mark Wong ordered a sandwich and fries at a Richmond McDonald's recently, he didn't expect it to cost $500. When Mark Wong ordered a sandwich and fries at a Richmond McDonald's recently, he didn't expect it to cost $500. But that's the amount drained out of Wong's bank account after he and co-workers had lunch at McDonald's on Bridgeport Road near Ikea and found themselves among the victims of Canada's super-sized debit card fraud. Debit card fraud has more that doubled during the past three years, reaching close to $100 million in 2006. And it's the second time in as many weeks that a McDonald's fast food outlet has been named as the place where debit card information was lifted.

"I had the new ham-and-Swiss sandwich with fries and a coffee, and the bill was under 10 bucks, but it cost me $500," said Wong. "When I went to the bank, basically they said it is an epidemic -- the teller said they get lots of people coming in, and that was just at my branch." Across Canada, banks and financial institutions reimbursed debit card customers about $95 million stolen from their accounts in 2006, up from $70 million in 2005, and $44 million in 2003. Wong and his co-workers' losses come on the heels of another debit card debacle when at least 100 people were victimized in a massive debit-card-skimming scam at Delta's Scottsdale Mall. Victims there pointed to the McDonald's Express outlet as the common place where they had all used their cards. Wong said 12 people at his workplace alone who also ate at McDonald's were affected by the fraud. In his case, Wong discovered $500 was withdrawn from a Toronto banking machine in the middle of the night after his lunch, using a debit card that had been created with his information and personal identification number (PIN). His bank reimbursed the stolen funds. "I consider myself lucky because they only took $500 from me," he wrote in an email describing the theft. "Others I work with lost over $1,000. We had one person's account totally drained. "As a group, we are very frustrated with McDonald's lack of security about this. So far, I have not even heard a reply after several attempts to contact McDonald's." McDonald's Canada responded to an interview request from The Vancouver Sun with an eight-line e-mail that failed to provide any explanation for the incident. "Upon learning of these isolated situations, we responded immediately and have been in contact with local police. We will cooperate fully with their investigations," the prepared statement read, urging people to "rest assured" the company is working to "further protect our restaurants and customers against criminal activity." Valerie MacLean, executive-director of the B.C. Crime Prevention Association, said the burden of responsibility for ensuring that debit card terminals haven't been tampered with or customers' information isn't being lifted lies with merchants. "Debit card fraud is on the rise," she said. "The repercussions of these incidents are that people are going to lose confidence in using their debit cards." Richmond RCMP confirmed the Bridgeport McDonald's debit card incidents, but Cpl. Peter Thiessen said that while police are investigating, they still don't know how the fraud was carried out.

Tina Romano, spokeswoman for the Interac Association, said there are a number of ways fraudsters can use hidden equipment to copy information from the card and capture a customer's PIN. "Sometimes they'll use pinhole cameras to capture you entering the PIN," she said. "Sometimes they might involve an employee, sometimes not." The fraud artists can also install a skimmer that captures the information from a card without tipping off the customer that anything is amiss. Romano said of the four billion debit card transactions per year in Canada, 99.9 per cent go through problem-free. "Debit card fraud affects a fraction of one per cent," she said. "Victims of debit card fraud will not suffer any financial losses because they are protected by the Canadian Code of Practice for Consumer Debit Card Services."

Sources: 1. http://en.wikipedia.org/wiki/Credit_card_fraud#Famous_cr edit_fraud_attacks

2. http://www.theglobeandmail.com/news/national/policearrest-dozens-in-debit-credit-card-scam/article4105832/

3. http://www.bankinfosecurity.com/creditdebit-card-fraudnew-trends-incidents-a-891/op-1

4. http://www.canada.com/story.html?id=7b850a1b-6e7b46b7-a0d1-231542e5fefe

5. http://consumerist.com/2012/12/06/ing-direct-customercaught-in-debit-card-fraud-gray-zone/