Authorities Bust Two-Dozen More In Int'l Card Fraud Ring

Authorities have arrested almost two-dozen members of an international ring over the last two weeks that they believe is responsible for a broadening credit card fraud that is forcing dozens of credit unions and banks to cancel debit cards by the thousands.

The ring is loosely connected to a similar group arrested in December, known as shadowcrew.com, along with another arrested earlier last year that recruited members all over the country from Internet chat rooms to use stolen account information to manufacture counterfeit credit and debit cards. Those cards were then used to withdraw cash and buy merchandise, which was in turn exchanged for cash. As many as 150 suspects have been arrested in the U.S. over the last year in connection with the loosely related card-fraud schemes.

Lt. Detective Thomas Cooney, of the Hudson County Sheriff's Department, just outside of New York City, said the suspects have confederates overseas who are using the pilfered card information to withdraw cash and buy goods in far flung places such as Russia, Latvia, Romania, Bulgaria, Estonia, Ukraine, Spain, South Korea, England and Pakistan-the same sites dozens of credit unions have been reporting fraudulent transactions on member accounts over the past year. The Hudson County Sheriff's Department joined with local police in New York, Georgia, South Carolina and Florida to arrest the suspects in recent weeks. Since then, the case has been taken over by the FBI and the U.S. Secret Service, who are working with international agencies and law enforcement in as many as a dozen countries to trace the fraud, Cooney said.

Coast-To-Coast Fraud

Credit unions from California to Massachusetts and on down to Texas and Florida have been reporting fraud emanating from those foreign locales in recent months as well as from U.S. sites, forcing them to block accounts and reissue cards at an alarming cost. CUNA Mutual Group, which provides cards insurance for 5,500 credit unions-94% of all credit unions with cards programs-said claims for card fraud soared to $100 million last year, only 45% of which was covered by insurance, either because of increased deductibles or loss limits. Credit unions paid the remainder of the claims out of pocket.

Richard Nobile, president of I-C FCU in Fitchburg, Mass., 40 miles west of Boston, said his credit union cancelled hundreds of cards after they were notified by Visa that there were unauthorized cash withdrawals at ATMs coming from Romania, Russia, Spain, Pakistan and U.S. states Illinois, Florida and California. "Once we got the list from Visa we shut the accounts down and issued new cards," he said. Members, said Nobile, are not liable for any of the fraud-related losses.

A half-dozen credit unions in the Fitchburg area, including Fitchburg Municipal Employees FCU, Workers FCU, Digital FCU, Leominster FCU, and Metropolitan CU, as well as local banks Sovereign Bancorp and Fitchburg Savings Bank, were hit in the latest round of fraud and forced to cancel Visa cards.

So were Aggieland CU, Central Florida Educators FCU, Carolina Trust CU, The Golden 1 CU, Educational Employees CU and United Local CU, Suffolk FCU, Bethpage FCU and Teachers CU, White Sands FCU, Notre Dame FCU and dozens of others.

Mega-banks such as Citibank, Bank of America, Wells Fargo and Washington Mutual, have all been hit, and have joined credit unions in taking extraordinary steps to pinpoint and block the fraudulent transactions. Jim Blaine, president of State Employees CU in North Carolina, said his credit union was forced to cancel and reissue more than 20,000 Visa debit cards in the latest round-the third time in the past year the credit union has cancelled more than 20,000 cards.

"Every time we do that it costs us more than $100,000," he said.

The credit union giant, which lost about $200,000 in the latest round of cards fraud, has put a block on transactions coming from entire countries, including Romania, Russia or Spain, and selected transaction activity, such as gas in Canada or restaurant bills over $100 in Mexico. The $13-billion credit union is working with Fair Isaac & Co.'s Falcon Fraud Manager to pinpoint patterns of fraudulent activity in order to block them. State Employees CU has reported fraudulent transactions coming from as many as 12 countries, including Romania, Russia, England, Spain, Mexico, Ukraine and South Africa.

"We get one of these breaches every single day," said Blaine.

Det. Cooney of the Hudson Valley Sheriff's Department, said they are confident that the latest group of suspects collared is responsible for the majority of the recent card fraud. Group members were arrested with thousands of cards-Visa, MasterCard, Discover and American Express-made out to hundreds of different credit union and bank issuers. Many of the cards were even blank, with just the magnetic strip programmed, according to Cooney, whose department trailed suspects all the way down the East Coast to Florida to witness them making fraudulent ATM cash withdrawals at ATMs.

Authorities also seized a warehouse full of electronic merchandise that the group was buying with the counterfeit cards and either selling to a New Jersey "fence" or on eBay.

What Is Source of Breach?

Law enforcement is still working to determine the source of the data breaches. Visa originally notified credit unions and banks that accounts of consumers who had shopped at national chains Office Max and Sam's Club were suspect and should be flagged. OfficeMax officials acknowledged working with authorities but said they do not believe they were the source of the data leaks. Sam's Club officials also said they do not believe they were the source of the recent rash of fraud.

Det. Cooney said they believe the suspects were obtaining the information from numerous retailers by hacking into their databases.

Suspects arrested in the last few weeks are already starting to plead guilty. Frank Robertson and Christopher Mack, believed to be the ringleaders in the recent case, pleaded guilty last week to charges of identity theft, just days after their arrest, and at least a half dozen others, all facing stiff prison sentences, are expected to have entered guilty pleas by the end of this week, according to Cooney. "They know we've got them," he said.

Cooney and other law enforcement agents believe, however, that critical cards information is still out there and readily available in cyber-space and will be used for more credit card fraud.

Leann Phelps, VP-Card Services at SECU, is one of those skeptics. "We believe that a new batch of these card numbers has hit the streets again," she said. "For the last week we've seen a new flurry of fraudulent activity."

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER