Monday, September 27, 2010

Busy week for TIU

TIU is the Technical Investigations Unit: the handful of Lincoln police officers who specialize in white collar crime, financial crime, fraud, and computer forensics.  Det. Sgt. Sandy Myers (one of our most senior and experienced detectives) supervises this unit.  She had a bulging accordion file on her desk Friday that will be expanding even further this morning. 

During the past week, over 300 credit card frauds have been reported.  On Saturday, we had to bring in extra staff to answer phones because the volume was so heavy.  The vast majority of these frauds emerge from two Lincoln businesses, whose credit card processing was somehow compromised over the past several months.  We are not sure how, yet.  It could be a virus, a hacker, or something else.  

While credit card fraud is not unusual, just to give you some sense of what is happening, we had 314 frauds reported in the past seven days, compared to 37 during the third week of September last year.  Although there is always a background level of fraud reported to LPD, the victims in these cases are overwhelmingly reporting that their credit or debit card numbers were fraudulently used, and they were recent patrons of one of these two businesses—as their banks have discovered, as well.

Apparently the criminals who snagged the card numbers and encoded these onto counterfeit cards really kicked into high gear last week as the cloned cards spread far and wide.  Consumers reported fraudulent charges made all over the United States, and in such far-flung parts of the world as Italy, the UK, Brazil, Taiwan, Peru, and Hong Kong. 

I am acquainted with many of the victims personally, and since I have been a customer of the grill at one of the impacted businesses several times this year, I cancelled both my American Express card and my bank debit card, as a precaution.  I suggest that anyone who has used a credit or debit card at these businesses since February do the same thing, or at the minimum watch your accounts and statements very closely.

This international crime spree is clearly the work of a sophisticated criminal enterprise.   Ultimately, credit card companies and banks who have issued these cards will, for the most part, be the ones who suffer the loss, as they stand behind their customers whose accounts were compromised through no fault of their own.  I am hopeful that this investigation can make some progress, but realistically I know at this point the best course of action is to try to limit the loss by ensuring that the vulnerable account holders are aware of the scam, and receive advice on how to minimize their future exposure.

18 comments:

Steve said...

Cash still works at most businesses. Most people would be better off if they didn't have credit cards anyway; they would be forced to live within their means.

I'd put this type of criminal in with the spammers who don't have the courage to face their victims. It's certainly no less of a crime than strong-armed robbery in my book. There is no penalty harsh enough for these gutless pieces of trash.

Anonymous said...

If the businesses in question had lax or negligent credit card security, do they have any liability at all toward either the banks that now have to pick up the tab or to customers who have to go through the hassle of canceling cards and reestablishing identity?

I'm not suggesting they have criminal liability (unless we learn their employees did compromise security) but any civil or ethical liability; or are they just hapless victims as well? Luckily, I don't patronize these businesses so I am hopeful to be in the clear.

Anonymous said...

"Most people would be better off if they didn't have credit cards anyway; they would be forced to live within their means.

Chief,

How easy would travel be, without any personal of government credit cards? Online flight reservations, car rentals, hotels, etc. We won't even talk about online shopping for items and services that one can't find at local retailers. I could go on, but it would be superfluous.

While I agree that cash works everywhere, and prefer to pay that way for anything I can, it sounds like some posters just have something against convenience. I have credit cards, yet live far, far below my means.

Adam C said...

people will actually sell credit card numbers and info online....they don't even have to make counterfeit cards. Indeed, using a counterfeit card would be a great way to get caught. People can shop with the numbers/name/expiration date online, get whatever the heck they want, and simply have their orders be sent to an abandoned address, with a fake name. Also,if the card is obtained physically, instead of the card info via computer systems, it is much smarter on the criminal's part, to sell the card info online to someone, or use it online themselves, instead of walking into a store and using it, and as a result, being caught rather easily.

Tom Casady said...

10:37-

Not my field of expertise. Assuming (and I have no reason to question this at the moment) that the businesses did their due diligence, they are victims just as much or more than an individual account holder or the issuing financial institution. Maybe a lot more. It certainly can't be good for business.

Steve-

In many instances, people use a debit card or credit card to avoid the need to write a check, to accumulate points towards various perks, or to facilitate quick and efficient transactions. Believe it or not, there are some goods and services you can't buy at all if you don't have a card number. My dad used to pay for everything--and I mean everything--with a GM credit card, so he could cash in a huge amount of points for $$ off his next new Oldsmobile. Pay it off every month (like the traditional American Express requires) and it costs you no interest at all.

11:50-

I think it would be difficult, in this day and age, to get by with no card at all--for the reasons you mention. It's possible, it would just be tough--particularly for travel, as you point out. You could live without the online purchases (do you really need that subscription to the Beer of the Month Club?) but it would be very difficult to book airfare or a hotel reservation without something to guarantee it with. I wonder if it is even possible anymore. Seems like it would be the same for baseball tickets. I suppose you could still go to the airline counter with cold hard cash, or visit the local Holiday Inn with a cashier's check to pre-pay your Orlando room, but I don't really know. I'll bet a wad of 20's would raise an eyebrow with the 24 year-old behind the Hertz counter. I am reasonably certain that he or she would have difficulty counting back the change as I did for several years in the grocery business when the cash register just gave you the total.

Rest assured that the last sentence has a few thousand Chief's Corner readers scratching their heads wondering to themselves, "What does counting back the change mean?"

Steve said...

I said cash works at "most" businesses, and "most" people would be better off (as I recall the average balance on credit cards is well over $1,000). That being said, I too have cards and use them wisely (pay no interest and earn points toward gift cards in the process). Still, the use of cards is not without its hidden costs. Most retailers charge more than they otherwise would in order to pay the credit card companies their share of the purchase (which, in the aggregate, is a huge amount). Some companies charge more for card purchases than for cash purchases as well.

Though it might be convenient to use cards (and I agree it is), I can't think of anything I really need that I can't pay for with cash.

Anonymous said...

Nothing more annoying than getting change back from a transaction by a clueless clerk. If they did count the change back to you they would start with the coins and place them securily in your hand followed by the bills smallest to largest. Nowadays you get some idiot who throws a wad of bills at you and then dumps the coins on top of the bills just to have them slide all over and end up on the floor - brilliant!

Anonymous said...

And why is the police department involved? No one stole a purse wallet or the like, is it not a civil matter between the bank and the business operations? Looking for fame and fortune or what? The customer is out nothing the crimes were committed in cyber or elswhere. Add this to the list of things LPD no longer does please! Waste of time and news media...

JIM J said...

Thanks for letting my phone ring off the hook. Many people called me and thought their radio broke. Even radio shack did not know until noon Monday. The city could have let us know in advance that the digital change over has started, I have my new digital scanner and could have sold the old ones sooner on ebay. The programming of the new work horse is a bit slow as details trickle in from blog posts ect.

Anonymous said...

Comments seem slow, so here's a somewhat-unrelated story on the ineffectiveness of texting-while-driving bans, per the IIHS. Makes sense, habitual texters just hold the phones lower to prevent visual detection, thus spend even more time looking even further away from the road. The related stories )regarding the many other distracted driving threats) linked in the middle are worth reading too.

By way of disclosure, I never txt, and have texting disabled at my cell service provider, but I still think these laws are just enacted as a feel-good stop-the-letters-and-phone-calls measure after pressure from surviving relatives who delusionally blame the phone instead of the person.

You're big on traffic enforcement and accident prevention, from what I remember, so this stuff might be right up your alley.

Anonymous said...

Jim J,

No digtal changeover happened. Due to conflicts with Nextel 800 MHz band freqs (namely the freqs around 860 MHz), The area RACOM system (and the Lincoln- Lancaster Cty public service talkgroups) were rebanded at 10am Monday. The radio reference DB will surely be updated soon, so you'll be able to update your analog scanner the easy way soon enough.

mike said...

so chief,

being from lincoln originally born and raised... i know its been some time but evidently looks like the grove is bringing back amatuer night weds... although tommy isnt hosting it your friend foes kwabena mensah from your local hip hop promotion company (grdinstone entertainment) from heidlebergs and grand room and sir tango's ...also famous for the old club blue on south 11th street is promoting it... as well as your almost famous shane harrington ( melissa midwest) ex husband...
apprears will be in full effect the first weds of october...... as we all know.... good luck!!!!


any comments cheif?

Anonymous said...

11:34

It's not a civil matter. A fraud and theft have occured. it's the same as if someone steals your checkbook and writes a few hot checks. After much grief to you in trying to reconcile the matter, you may not be out anything. But someone, a business, or a bank, eats the loss. And the cost of all this is passed on to others, such as you and me, or anyone that does business with that bank or card company. Just because a portion of the fraud takes place in cyberspace, it began in Lincoln, hence the involvement of the LPD.

256

Tom Casady said...

11:34-

You are way off base. Our local financial institutions have suffered a huge loss from these crimes. It's not just the national credit card companies. This enterprise has victimized a few hundred Lincolnites, and there was an important need to forewarn others of their potential exposure.

5:19-

Yes, I have a comment:

Ugh.

Anonymous said...

Chief-Interesting to me that a few days ago you were getting criticized for not spending enough time talking about the credit card fraud. Now the critics blast you for spending too much time on it. DIYD,DIYD.

256

Dave said...

I had been following these frauds as they were happening on the scanner. There sure seemed to be a bunch of them coming in.

I noticed an article later identified two local business as the source where the numbers were coming from. Was this from a dishonest employee recording numbers, or was it as I theorized being done by a skimmer installed on an ATM?

It's interesting that this crime happened as it did, as I had just read an article elsewhere on the web of this happening in other parts of the country, and that a skimmer was involved. Just has me all curious how it was pulled off.

Of course I understand if the investigation is still ongoing you won't be able to elaborate much of what was going on, but I do look forward to some sort of feedback.

Thanks Chief and keep up the great work!

Zen said...

Skimmers require physical access and technical know-how. I doubt it was an ATM-the controls on those usually log when they are opened and closed and it's pretty easy to trace. Not a lot of people have physical access to the insides of an ATM. A cash register isn't as difficult, and a card swiper connected to a computer can have its data stream bypassed to a thumbdrive. Much easier and more difficult to trace back. It still requires physical access. The other alternative is someone saved a chunk of their transaction DB and just uploaded it to the web. It still requires physical access most of the time, though you can scan the server logs to see if there are any unknown IP's attempting to connect. One would think that the transaction server for a tiny country club in Lincoln, NE would be closed to public remote access, but who knows. Most likely you'll find that this is something connected to someone with the club in some capacity.

JIM J said...
This comment has been removed by the author.