Bank Info Security reports a worker at a local Wendy’s restaurant was arrested yesterday, along with two alleged accomplices, and charged with identity theft after she allegedly used a “skimmer” to steal credit card information from as many as 135 customers. The investigation was initiated by the King County Sheriff’s office after evidence was brought to it by a fraud investigator at BECU, who had linked violations to several member accounts to the Tukwila Wendy’s restaurant.
Bruce Dragt at FirstData blogs about Visa’s initial guidance on tokenization best practices. He says, “Having discussions around tokenization, as an industry, is essential to its future. I like how Rob McMillon articulates the difference between a tokenization and encryption in his latest blog post.”
Idan Aharoni RSA’s Speaking of Security, blogs about the trend of automated credit card stores proliferating in the fraudster underground. Historically, whenever an underground product has been packaged into a “kit”, allowing it to be easily traded and shared, there is a boom in its usage. The availability of phishing kits in the underground help prove it. Before kits were available, only fraudsters who were technically savvy were able to clone sites and set up scams. Even though cloning sites do not require deep understanding in programming or even computers in general, they still left a lot of wannabe fraudsters out of the equation. After phishing scams became easier to launch through the use of a kit, new doors opened to many unsophisticated fraudsters and not much needs to be said about the volume of phishing.
Richard Oliver at the The Federal Reserve Bank of Atlanta blogs in Portal and Rails, “Over the past several weeks, battered by the never-ending news of one new payments fraud scheme after another, I lapsed into a daydream in my office about a mythical Fraud Village, where fraudsters go to shop for their wares. He recounts several fantasy fraud scenarios and concludes, “the Internet has in fact become a virtual shopping mall for crooks intent on striking innocent, poorly educated, and singularly unaware business owners and consumers.”
WCTV Florida reports two men are now behind bars – and are collectively facing 55 charges – for their alleged connection to a massive bogus credit card scheme. A Wakulla County Sheriff’s Office press release said investigators, with assistance from state and federal law enforcement agencies, captured two men who were allegedly involved in a massive scheme to defraud hundreds of victims across the United States and other jurisdictions of millions of dollars of cash through identity theft.
Consumers Union calls on regulators to require mobile payment providers to abide by strong consumer protections. In an article published on PRNewswire, Consumers Union contends recent news stories have highlighted how consumers in the U.S. soon will be able to pay for products and services with a wave of their smart phones. But while mobile payment technologies may offer a convenient new way to pay for goods and services, consumers could be at risk of losing money when mistakes are made by merchants and processors or as a result of fraud, according to Consumers Union, the nonprofit publisher of Consumer Reports.
Emily E. Smith at the Oregonian reports Sealtiel Chacon Zepeda was standing at a Fred Meyer sales register spending a gift card when curiosity struck. After spending 20 hours on the Internet researching how gift cards work, Zepeda purchased a magnetic card reader online, began stealing blank gift cards, on display for purchase, from Fred Meyer and scanning them with his reader. He would then return some of the scanned cards to the store and wait for a computer program to alert him when the cards were activated and loaded with money. Using a magnetic card writer, Zepeda then rewrote one of the leftover stolen gift card’s magnetic strip with the activated card’s information, thus creating a cloned card.
The U.K. Press Association reports two young London members of a “training school for scams” have been jailed for their roles in a series of bank card frauds thought to have cost more than £250,000. Abul Ullah, 18, and Mohibur Rahman, 20, were part of a gang posing as fraud investigators who tricked people into handing over their cards and details. Ullah and Rahman admitted to charges in which these were used to buy a laptop computer for £1,024 and a Rolex watch worth £8,870. They have not been recovered. Police said they were part of a gang that recruited “feral” youths involved in drugs and street violence as a “stepping stone” to more sophisticated crime.
CreditCardProcessing.net writes that if you run a mail order company or internet business, you’re faced with an increased risk for fraudulent credit card transactions with credit card processing than retailers operating a physical bricks-and-mortar place of business. For online and mail order companies, you don’t see the person or the credit card and it can be difficult to know if you’re dealing with a legitimate customer or not. In 2006, more than $60 billion dollars were lost by merchants accepting credit cards and debit cards as payment for online or mail order products and services.
The American Banker reports that Bonneville Bancorp is taking an unusually drastic — and seemingly counterintuitive — approach to fighting fraud. To make sure its customers use their PIN codes, shoring up security for debit purchases, it is prohibiting signature debit payments in some states. Though PIN codes provide an additional layer of security, signature debit transactions generally earn issuers more money, and observers say it is unheard of for a bank to consider its fraud losses severe enough to switch off that revenue stream. According to a notice on Bonneville’s website warning of “high amounts of fraudulent card activity in California, Florida and Georgia,” customers in those states must use their PIN codes for any debit transactions. “No signature transactions will be allowed,” the notice asserts.
