Advertisement

Feds Bust $200 Million Credit-Card Fraud Ring

By D.J. Murphy, Editor-in-Chief

DJ MurphyEighteen people based in New York and New Jersey were charged in federal court Monday alleging they stole at least $200 million in what could be the largest credit-card fraud ring in U.S. history. The complaint brought by U.S. Attorney Paul J. Fishman, alleges an extensive, complicated scheme in which tens of thousands of credit cards were obtained using more than 7,000 false identities.

The perpetrators are alleged then to have enhanced the credit scores of the bogus identities by providing fabricated information to credit bureaus, enabling the identities to qualify for large loans and lines of credit they turned into cash and never repaid.

Complicating the scheme, said Fishman, the accused fraudsters created “dozens” of sham companies that applied for, and received, credit-card acceptance services including merchant accounts and credit-card terminals. They then ran the fraudulent cards through the terminals pouring money from the fake purchases into the merchant accounts, which they raided. When processors caught on to the fraudulent activity and shut the accounts down, the defendants simply created new companies and moved on to new merchant services providers.

The alleged criminals also leveraged several existing businesses that were complicit in the scheme, according to the U.S. Attorney’s Office in Newark, N.J. Several jewelry stores in Jersey City, N.J. allowed the defendants to use the fake credit cards to run fake transactions on their equipment. Law enforcement officials said these businesses operated multiple merchant accounts simultaneously, enabling more fraudulent transactions to be processed before all the accounts were shut down.

Scope ‘Astonishing’

Establishing identities of this nature and “nurturing” them to the point where they could be leveraged to secure loans and lines of credit, is an uncommon form of identity fraud to begin with, according to Dr. Stephen Coggeshall, CTO of risk management solutions provider ID Analytics and a director of the Council for Identity Protection. Doing so on a scale the defendants allegedly did is “astonishing,” he said.

Identity theft (appropriating the real identity of an existing person) and identity manipulation (changing your own identity to perpetrate fraud) are fairly common, Coggeshall said. But creating what he calls “synthetic identities” (fictitious identities that don’t exist but are plausible due to a real social security number and address) is a much more sophisticated crime. It requires applying for credit cards, and probably getting rejected, a few times.

“If they persist, they may get one through on an institution that doesn’t do the extensive checks that some of the larger banks might do, and be able to establish an identity” Coggeshall explained. “But, I’ve never seen an organized fraud on that scale, creating and establishing that many thousands of these synthetic identities and nurturing them carefully. They had to keep track of who’s who, what credentials they were using, what they had applied for and what credit they had gotten in order to establish and nurture these identities to get them up to good credit ratings so they could steal a reasonable amount of money using those identities. The level of care and effort and precision these thieves achieved is astonishing.”

Coggeshall also said catching fraudsters that successfully establish synthetic identities is much more difficult than nabbing those using stolen or manipulated identities. But, he said the fact that the defendants in this case created more than 7,000 identities but used only 1,800 addresses is likely one of the factors that led law enforcement to the perpetrators as commonalities like the same address on multiple cards is a red flag that most antifraud systems catch.

Underwriting Failure?

Creating the identity for a business that doesn’t exist is, if not easy, Coggeshall said, straightforward. Getting a merchant account, however, shouldn’t be. How the “dozens” of fictitious businesses involved in this scam were able to slip through the risk management cracks of processors, acquirers, ISOs and other merchant services providers speaks to overworked underwriters and the natural tension that exists in these companies between diligent risk management and the pressure to onboard merchants, according to Matthew Parker, executive advisor at ContractPal, a New York City software provider that automates part of the underwriting process for merchant services companies.

“Merchant processors have to strike the balance between being too strict and blocking potentially good customers and not being strict enough and letting fraud happen,” Parker said.

Good due diligence takes time and effort in a manual underwriting environment, Parker noted. Some of the things an underwriter might need to do when evaluating a potential merchant client include matching addresses to actual locations, seeing if a company has readily apparent privacy or delivery policies and terms of service, a Better Business Bureau record, complaints on file, a working Website, etc.

“All this takes a lot of time,” he said. “And, frankly, most underwriting departments are swamped. They’re underfunded. The marketing departments have these big pushes and all of a sudden you have tons of applicants signing up and the bottleneck is the underwriting department at a merchant processor.”

The merchant processor thinks, ‘we spent the money on the marketing, we have to book the business.’ And the pressure to cut corners in the underwriting process mounts, he said, resulting in a situation where entirely fabricated businesses receive merchant accounts and the ability to accept credit-card payments.

Losses May Grow

Law enforcement agents from the FBI’s Cyber Division and the U.S. Secret Service, postal inspectors, representatives of the U.S. Social Security Administration and various financial institutions and merchant services providers were involved in the 18-month investigation. According to U.S. Attorney Fishman, the massive scope of the conspiracy, which began in 2007, may result in the final loss figures eclipsing the $200 million confirmed losses.

Each defendant was charged with one count of bank fraud, which could result in a maximum penalty of 30 years in prison and a $1 million fine.


  • CNP Expo: Adding Insult to Injury - May 21, 2015

    CNP Expo: Adding Insult to Injury

    Businesses often don't know how many orders they have declined in error, but a high number are false positives, according to panelists speaking to a packed session on the final day of the 2015 CNP Expo in Orlando, Fla.

  • CNP Expo: Should I Go With a PSP? - May 21, 2015
    CNP Expo: Should I Go With a 

PSP?

    At a panel discussion on the last day of the 2015 CNP Expo in Orlando, Fla., several PSPs discussed considerations that need to be made when merchants are evaluating partners to assist in facilitating global payment acceptance.

  • CNP Expo: Mobile Payments in a CNP World - May 21, 2015
    CNP Expo: Mobile Payments in a CNP World

    Mobile payments are growing rapidly, but the proliferation of options can be overwhelming for merchants that want to offer the increasingly popular sales channel to their customers, according to panelists at a Thursday morning session at the 2015 CNP Expo in Orlando, Fla.

  • CNP Expo: Omnichallenge - May 21, 2015
    CNP Expo: Omnichallenge

    A seamless shopping experience is the goal for retailers who want to leverage the power of omnichannel commerce, but payments schemes are not easy to establish, even though shoppers have grown to expect everything to be easy, according to panelists at a session on the final day of the 2015 CNP Expo.

  • CNP Expo: Underbanked and Underappreciated - May 21, 2015
    CNP Expo: Underbanked and Underappreciated

    Shopping online without a credit card or bank account is possible, but difficult. And, a growing number of consumers either don’t qualify or don’t want these financial products, but online merchants still want to reach them.

  • 2015 CNP Award Winners Revealed - May 20, 2015
    2015 CNP Award Winners Revealed

    For the first time in its history, exactly half the CNP Awards handed out were presented to companies from outside the U.S., reinforcing the increasingly international nature of the card-not-present industry.


Advertisement


  • CNP Expo: Fraud on the Move - May 20, 2015
    CNP Expo: Fraud on the Move

    Justin McDonald, senior risk management consultant with The Fraud Practice, started a Wednesday afternoon discussion on mobile fraud by pointing out, "Mobile is convenient and immediate for customers, but fraudsters are taking advantage of that as well."

  • CNP Expo: Take Charge(Back) - May 20, 2015
    CNP Expo: Take Charge(Back)

    According to experts speaking at a Wednesday session of the CNP Expo in Orlando, chargebacks are the symptom of a bigger problem: not gathering enough information in the early stages of a transaction.

  • CNP Expo: Hostile Takeover - May 19, 2015
    CNP Expo: Hostile TakeoverPanelists at a Tuesday afternoon session of the 2015 CNP Expo said spoofing someone's identity in an effort to use their account represents 4.3 percent of all login attempts.
  • CNP Expo: Is This Seat Token? - May 19, 2015
    CNP Expo: Is This Seat Token?

    Rick Ricker, vice president of business development for enterprise solutions at 3Delta Systems, led a Tuesday-afternoon panel discussion examining how merchants choose and implement their tokenization technologies.

  • CNP Expo: EMV - What to Expect at Crunch Time - May 19, 2015
    CNP Expo: EMV – What to Expect at Crunch Time

    We all know EMV is coming, the question is, what should online merchants expect? Moderator Paul Tomasofsky, president of the Secure Remote Payment Council, began a panel at the CNP Expo Tuesday by reviewing the history of implementing EMV in other countries and discussing possible solutions for US merchants.

  • Starbucks: 'Not Hacked' but User Accounts Compromised - May 14, 2015
    Starbucks: ‘Not Hacked’ but User 

Accounts Compromised

    Starbucks says its popular mobile app has not been hacked, and that may be true, but a report by consumer reporter Bob Sullivan that fraudsters are specifically targeting the mobile app's users to drain their accounts then siphon off even more money when the auto-reload function kicks in appears to be accurate.

  • Mitek Solution Verifies Drivers' Licenses in Real Time - May 14, 2015
    Mitek Solution Verifies Drivers’ 

Licenses in Real Time

    Mitek, the company that first brought mobile check-capture technology to market, this week at a San Francisco technology event launched a solution companies can use to verify identities during account opening that authenticates a driver's license using the scanner of a mobile device.

  • Global EMV Adoption Still in Progress - May 12, 2015
    Global EMV Adoption Still in Progress

    Most of the world has a decade head start on the U.S. in the migration to the EMV standard, but developed regions are still adding hundreds of millions of chip cards years later, according to new data from EMVCo, suggesting the U.S. is in for a long ride.

  • SRPc Establishes Authentication Working Group - May 4, 2015
    SRPc Establishes Authentication Working Group

    The Secure Remote Payment Council (SRPc), a New Jersey-based trade association advocating for more secure online and mobile transactions, today established a working group that will investigate the state of consumer authentication for online payments and promote ideas on how it can be improved.

  • Does Upheaval Signal Problems at MCX? - April 30, 2015
    Does Upheaval Signal Problems at MCX?

    This week, MCX, the merchant-backed consortium working on an in-store mobile payment capability to rival Apple Pay, Google Wallet, PayPal and others endured two pieces of news that could spell trouble for its nascent CurrentC solution.

  • Fraud on the Move: A CNP Expo Session Spotlight - April 27, 2015
    Fraud on the Move: A CNP Expo Session Spotlight

    During a panel discussion at the 2015 CNP Expo, Western Union, Petco, CyberSource and Kount, will share all the ways mobile fraud is different than e-commerce fraud, specific mobile fraud schemes to watch out for and ways they have successfully prevented mobile fraud.

  • CNP Expo Sponsor Snapshot: Ethoca - April 27, 2015
    CNP Expo Sponsor Snapshot: Ethoca

    As the official Anti-Fraud Sponsor at the 2015 CNP Expo, Ethoca is looking forward to the excellent opportunity to talk directly with a wide range of online merchants across multiple categories and discuss how to assist them with their unique fraud mitigation needs.

  • Report: Financial Professionals Favor Chip-and-PIN - April 20, 2015
    Report: Financial Professionals Favor Chip-

and-PIN

    Despite the fact it ignores card-not-present fraud entirely, most financial professionals agree the migration to EMV technology at the point of sale will help them in their fight against fraud, according to a new report from the Association for Financial Professionals (AFP).

  • Retailers, Banks Skirmish Over EMV Deadline - April 6, 2015
    Retailers, Banks Skirmish Over EMV Deadline

    In a letter to card networks and major credit-card issuers last week, the Food Marketing Institute (FMI), a trade group representing thousands of supermarkets and pharmacies, asked that they consider delaying the Oct. 1 deadline to implement EMV capability at their point of sale.

  • Is This Seat Token? A CNP Expo Session Spotlight - April 6, 2015
    Is This Seat Token? A CNP Expo Session Spotlight

    At a hotly anticipated session of the CNP Expo this May, a panel of experts will discuss how tokenization works, important dates surrounding card-network mandates and how some merchants are using tokenization right now as a strategy for PCI compliance and to encourage repeat customers.

Advertisement

 

 

Sign Up Today Free

Receive the twice weekly CNP Report and monthly feature articles providing in-depth examinations of global CNP issues.

Please take a moment and register.
* First Name:

* Last Name:

* Password:

* Confirm Pwd:

* Email:

* Category:

Company:

 
Captcha
Answer:

 

 

CNP Archive

Researching companies or people in the CNP industry? Search our past coverage for targeted news and information.

Search here