Citizens Financial Group Inc., a Providence, R.I., unit of Royal Bank of Scotland Group PLC, says software from ACI Worldwide Inc. helped it spot a data breach at a grocery chain before anyone else — even Citizens' customers — noticed anything was amiss.
In February scammers were caught replacing card readers with skimmers at Stop and Shop Supermarket Cos. stores in Rhode Island. The scammers returned later to get the skimmers and began using the stolen card numbers in California.
"No one had a clue at all that this was going on," said Mark Macheska, the assistant vice president of card risk prevention at Citizens.
His company discovered the scam not because of customer complaints, but because its software, Proactive Risk Manager, raised alerts on dozens of automated teller machine transactions in a very short time.
"One weekend we started getting a lot of what we call ATM velocity alerts showing up for fraudulent ATM withdrawals coming from strictly Rhode Island cards," Mr. Macheska said. The alerts indicate that an alarming amount of money is being withdrawn rapidly from accounts. "We had quite a few cards coming in on Saturday and Sunday."
With a little digging through the data the software provided, "we were able to find that there was a single point … of compromise showing up on all the cards that were having fraud," he said: All the affected cards had been used shortly before the alerts at one of two Stop and Stop stores.
A little shoe leather helped confirm that the stores had been compromised, Mr. Macheska said. "We also ended up, that Monday, calling our corporate security folks who then went into the suspected area for the point of compromise and did locate the skimmers at the checkout counters."
By last month four men from the Los Angeles area had pled guilty to charges of conspiracy and aggravated identity theft for planting the skimmers and using stolen card data.
Ultimately, the damage to Citizens was minor, Mr. Macheska said; it reissued debit cards to prevent further fraud. Though law enforcement agencies told the company that about 1,100 of its debit cards were compromised, in the end only 60 to 70 had been used for fraud, he said.
The scammers were caught when they went back to the stores to harvest new numbers, he said. "They never got a second try." Though they only had one week's worth of cards, "we reissued a lot more than the 1,100" as a precaution.
Mr. Macheska would not say how much the fraud cost Citizens, except to say "it wasn't as bad as we expected." If all of the stolen card numbers had been used, the fraud losses "could have been in the hundreds of thousands, or even close to $1 million."
Citizens alerted law enforcement officials and the grocery chain, which began bolting down the readers in its checkout lines to prevent the scam from recurring.
According to Mr. Macheska, the thieves made themselves easy to catch. "They utilized the cards a short time after stealing the cards," and using the cards all at once made the fraud trend obvious.
Copycats have already learned from these scammers' mistakes, he said. "They're not staying in any particular location as long as they used to," and "they're holding on to the cards for a longer period of time before they're using them."
Derren Jones, the director of product management for fraud and risk management at ACI, said its software is meant to help banks respond quicker to fraud.
In this case, Citizens suffered some fraud, "but they've been able to react extremely quickly," Mr. Jones said. Fraud investigators were "literally looking at the transactions as they happened, calling customers, understanding that it really wasn't the customer, and then knowing exactly what the crook's going to do next."
That pattern made it possible for the crooks to be caught and prosecuted — Citizens knew the criminals would come back to the grocery stores to skim more cards, he said.
"They basically managed to use the local law enforcement and set up a sting operation," Mr. Jones said.
Avivah Litan, a vice president and research director at the Stamford, Conn., market research company Gartner Inc., said the benefit of ACI's software is that it was able to detect fraud that jumped channels from the point of sale to ATMs.
"The nirvana of fraud detection is cross-channel, cross-account fraud detection," she said. "Very few banks have that today."
Very few vendors offer such capabilities, either, Ms. Litan said, but even though such software is expensive to implement, the investment could pay off spectacularly.
"If more banks had this type of fraud detection, you wouldn't have such panic every time there is a breach," she said.
