Feds Track Source Of Massive Cards Breach

Register now

Authorities last week discovered what they believe are the sources of the broadening breach of debit card data but were still trying to iron down the individuals responsible for what has become the biggest debit card fraud in history.

Agents with the U.S. Secret Service were meeting last week with representatives of nine area credit unions and banks that reported fraudulent transactions in recent weeks on customers' accounts to determine how the thieves penetrated the affected databases.

The nine area institutions, including Workers CU, I-C FCU, Leominster FCU, Digital FCU, and Metropolitan CU, as well as credit unions and banks throughout the country, have shut down and reissued as many as a million debit cards over the past three months in an effort to stop the fraud. But just last week authorities in Los Angeles reported new incidents of fraud on local accounts.

Officials with the Secret Service declined to comment last week, not wanting to compromise the continuing investigation. But Leominster Police Officer Scott Wolferseder, who is working with the Secret Service, said investigators have traced the source of the transactions to a site in Oakland, California, where the availability of funds on individual accounts is apparently tested, before an account is penetrated.

The debit thieves, using preauthorized debit, known as PAD, usually test the targeted account with a $1 debit to determine whether the account is active and has funds, before signaling accomplices, many of them overseas, who then use so-called white, or blank, debit cards with magnetic stripes preprogrammed with the targeted account information to withdraw cash from ATMs on those accounts, according to Wolferseder. "Hours later, at various ATMs around the world you see the accounts being tapped," he said.

While the investigators have apparently located the California site where the accounts are being "tested," they have yet to find a physical location for the operation, Wolferseder said. "They've yet to find an actual physical location of a business," he said.

The fraud has reached many of the biggest financial institutions, including Citibank, JP Morgan Chase, Wells Fargo, Bank of America, Wachovia, PNC and First National City Bank, all of which have cancelled debit cards and reissued them over the past few months.

Dozens of credit unions, including State Employees CU (North Carolina, The Golden 1 CU, Bethpage FCU, Suffolk CU, Teachers FCU, Notre Dame Employees FCU, White Sands FCU, Aggieland FCU, Carolina Trust CU, and many others,) have also reported closing down breached accounts.

The credit unions are reporting that they have discovered fraudulent transactions originated on accounts from such far-flung places as Russia, Ukraine, Spain, Pakistan, South Korea, South Africa and England. "They're going into ATMs all over the world and withdrawing cash," said Officer Wolferseder.

While as many as one million debit cards have been blocked and reissued, authorities believe only a small number, less than 1%, have been used for fraudulent transactions. But credit unions and banks are canceling all of the accounts in question as a safety precaution.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER