In New York this weekend, huge arrests have been made, unravelling an identity theft ring involving counterparts in China, Europe and the Middle East. 111 people were arrested and more than 85 are in custody.

The Herald Sun reported on Saturday that five separate criminal rings operating out of Queens, New York have been dismantled:

They were hit with hundreds of charges, said Queens District Attorney Richard Brown, calling it the largest fraud case he’d ever seen in his two decades in office.

“These weren’t holdups at gunpoint, but the impact on victims was the same,” Police Commissioner Raymond Kelly said. “They were robbed.”
The enterprise had been operating since at least 2010 and included at least one bank and restaurants, mostly in Queens.

Authorities say the graft operated like this: At least three bank workers, retail employees and restaurant workers would steal credit card numbers in a process known as skimming, in which workers take information from when a card is swiped for payment and illegally sell the credit card numbers. Different members of the criminal enterprise would steal card information online.

The numbers were then given to teams of manufacturers, who would forge cards from Visa, MasterCard, Discover and American Express. Realistic identifications were made with the stolen data.

The plastic would be given to teams of criminal “shoppers” for spending sprees at higher-end stores, including Apple, Bloomingdale’s and Macy’s. The groups would then resell the merchandise oversees to locations in China, Europe and the Middle East.

All told, more than $US13 million ($13.4 million) was spent on iPads, iPhones, computers, watches and fancy handbags from Gucci and Louis Vuitton, authorities said.

The suspects also charged pricey hotel rooms and rented private jets and fancy cars, prosecutors said.
Detectives with language skills spent hours translating Russian, Farsi and Arabic during the investigation, Mr Kelly said…

And, Mr Kelly said, criminals are getting more sophisticated. “Thieves have an amazing knowledge of how to use technology,” he said.

“The schemes and the imagination that is developing these days are days are really mind-boggling.”

Could this be happening in Australia?

The cold hard facts are – yes! The ‘beauty’ of identity crime – and why it’s so lucrative, is because criminals can be part of a worldwide network – they are no longer reliant on simply their own knowledge and skills.

So skimmers can then on-sell credit cards and details on ‘carder’ sites which are then purchased by other criminals, often in other countries. Or as was the case in the NY ring – skimmers can be working out of one country but the network’s origins can be spread across the world.

This makes the criminals so much harder to catch and that much more powerful.

In the Australian Crime Commission’s Crime profile series on Credit Card Fraud, they say that card fraud has grown rapidly in the past decade:

“…counterfeiting or skimming of credit cards cost Australians more than $45 million,” the ACCC says.

The Australian Crime Commission gives a list as to some of the ways criminals have misused credit cards in Australia:

How Card Fraudsters Work

Card skimming—the criminal copies information from the card’s magnetic strip from which counterfeit copies can be made. Common scenarios for skimming are restaurants or bars where the skimmer has possession of the victim’s credit card out of their immediate view. Skimming may also occur where criminals put a device over the card slot of an ATM which then reads the magnetic strip as the user unknowingly passes their card through it. These devices are often used in conjunction with a pinhole camera to read the user’s Personal Identification Number (PIN) at the same time. Criminals may also tamper with EFTPOS terminals in order to gather card information.

Buying credit card information—in 2009, credit card information was the most commonly sold item in the underground economy, accounting for 19 per cent of the items for sale. Stolen card data can be sold for as low as US 85c per card when bought in bulk. Criminals may couple this information with details harvested from social networking sites to commit frauds.

Counterfeit cards—criminals gain details of a current valid cardholder, usually from the internet. They then emboss blank white plastic cards with stolen numbers and the magnetic stripe on the card is encoded with matching numbers and the signature panel on the card installed. Identifying logos and colour printing are then added to mimic a real card.

Fraudulent use of debit card PINs—cardholders may disclose their PINs unwittingly or through coercion or through methods such as skimming. Stolen cards and PINs may be used to make unauthorised cash withdrawals.

Card theft—criminals steal cards and make purchases by forging the cardholder’s signature, or alter the encoded details on the card or even transfer those details to a counterfeit card or to several cards.

Application fraud—criminals obtain the personal details of a real person (such as from utility bills or bank statements stolen from post boxes, or through social networking sites), and use this information to acquire credit cards in that name. The offender then uses the cards to buy goods or services. Alternatively, a criminal uses false identification details to obtain a legitimate card in a false name. Legitimate cards will then be issued to an individual who will later default on paying monies owed and abscond.

Account takeover—criminals gather information on an intended victim (using the same techniques described above), then contact that person’s card issuer masquerading as the genuine cardholder and asking for mail to be redirected to a new address. The criminal then reports the card lost and asks for a replacement to be sent.

Internal or employee fraud—unauthorised transactions on business credit cards perpetrated by a criminal who has deliberately infiltrated an organisation, or an employee who has criminal motivations.

Hacking—criminals may hack into databases of account numbers which are held by internet service providers or other businesses that hold customer information, or by intercepting account details which travel in unencrypted form. Or, they may interfere with bank computers in order for sums in excess of account credit balances to be withdrawn.

Online scams—customers who make use of false credit card details or merchants who fail to honour online agreements.

Phishing—sending an email to a user that makes false claims in an attempt to trick them into revealing credit card information so money can be obtained from accounts.

Stored value card fraud—card readers are being programed to deduct greater value from the card than that authorised by the user, or sales staff could intentionally deduct greater sums than they are authorised to deduct. Sums which are rounded off to the nearest five cents could then be skimmed to the terminal owner’s advantage.

Carding—a process criminals use to verify the validity of stolen card data. To do this, criminals will present the card information they have obtained to buy something small on a website that has real-time transaction processes. If the card is processed successfully, the thief knows the card is still good.

In many of these scams, it is not only the victim’s finances which are being stolen – it is also their ability to obtain credit. When scammers gain access to a victim’s credit file, they are able to take out loans in the victim’s name. Once these unpaid loans are defaulted on – creditors will place a default listing/s on the victim’s credit file, which remains on their file for 5 years.

So not only do they lose money, but their chances of getting loans, mortgages, even mobile phone plans are destroyed for 5 years if they are victims of identity theft in this way.

And, unlike a bank – which often has insurance to cover unauthorised transactions, there is no safety net for identity theft victims in the Australian credit reporting system. The victim often has a difficult time having these adverse listings removed – and needs to provide lots of documentary evidence to prove they did not initiate the credit, to negotiate with creditors to have the offending entries removed.

So how do people protect themselves against becoming victims of credit card fraud?

There needs to be a psychic shift in much of the Western world about the way people think about credit cards – they need to be as secure if not securer than money, as they can be more of a danger to people’s financial security if misused than cash.

Here are some ways people can protect themselves against identity theft from credit card fraud:

– Always check the ATM or EFTPOS terminal for any suspicious boxes that could be skimming devices. If in doubt – don’t use it.
– Always cover their PIN when using terminals.
– Never let anyone walk out of sight with their credit card
– Always check their card statements and report any unauthorised transactions – however small – to the bank immediately.
– Regularly keep up to date with what is on their credit file. People can check their credit file by obtaining a written report for free every 12 months – but if they are suspicious of or vulnerable to fraud they can also for a fee obtain a credit report more often. If there are any discrepancies of credit or adverse listings that should not be there they should act immediately to notify Police.

If people need help with credit repair following identity theft from credit card fraud, they can contact a credit rating repairer, such as MyCRA Credit Repairs, who can help restore their ability to obtain credit. Call them tollfree 1300 667 218.

Image: worradmu /