Biggest ID Theft Bust in History

111 Arrested, Charged in $13 Million Scheme
Biggest ID Theft Bust in History
The biggest ID theft bust in history is the result of equally impressive international cooperation, observers say.

On Oct. 7, the District Attorney of Queens County, N.Y., and City of New York Police announced the results of a two-year investigation that resulted in the biggest identity theft takedown in U.S. history.

The elaborate scheme, which involved five organized crime rings with ties to Europe, Asia, Africa and the Middle East, resulted in financial losses exceeding $13 million over a 16-month period.

So far, 111 individuals have been indicted, and authorities say 86 are now in custody.

McAfee consultant Robert Siciliano says the bust is a reflection of more international cooperation. "Despite bad blood between countries and their politics, when it comes to fraud regarding economic systems, governments and their security forces are coming together like never before," he says.

The Bust

Dubbed "Operation Swiper," the investigation involved physical surveillance, intelligence gathering and court-authorized electronic eavesdropping on dozens of telephone conversations, many of which required translation from Russian, Mandarin Chinese and Arabic.

The fraudsters' focus: credit card fraud, which exploited magnetic-stripe weaknesses the criminals could use to their buying advantage in the United States. Chip-and-PIN technology, known as the Europay, MasterCard, Visa standard in other parts of the world, is not widely deployed in U.S.

More than 90 of the defendants have been charged with Enterprise Corruption under New York State's Organized Crime Control Act. They are accused of being members and associates of organized criminal enterprises that operated in Queens County and elsewhere. Between May 2010 and September 2011, the defendants allegedly defrauded thousands of unsuspecting consumers, financial institutions and card brands, including American Express, Visa, MasterCard and Discover Card.

According to the indictments, the defendants fraudulently obtained credit card numbers that were used to create counterfeit credit and identification cards.

Card numbers are believed to have been sent to crime bosses from individuals in Russia, Libya, Lebanon and China. U.S. employees at restaurants, bars, retail stores and financial institutions also have been linked, using handheld skimming devices and illegal websites to collect consumers' card details.

The counterfeit cards were supplied to hired shoppers who were instructed to purchase high-end electronics and other merchandise, items that could easily be fenced and re-sold, usually over the Internet. Some of the shoppers also have been accused of using counterfeit cards to stay in five-star hotels and rent luxury cars during their so-called shops. In one case, a shopper allegedly commissioned a private jet to travel from New York to Florida.

Fraud analyst and consultant Jerry Silva says the busts should serve as a wake-up call about the growing threat of insider fraud. The use of money mules at restaurants and bank branches is a particularly disturbing part of the case.

"For banks, this calls for renewed focus on employment policies, security measures at the point of customer contact and, at the legislative level, new and stiffer laws and penalties covering workers entrusted with sensitive information - and I would include waiters and merchants in the same breath as bank tellers and representatives - that are found to be misusing or collecting financial data."

Some 20 defendants also have been linked to suspicions of burglaries and robberies throughout Queens County. Seven have been accused of stealing approximately $850,000 worth of computer equipment from the Citigroup Building in Long Island City.

"This is by far the largest - and certainly among the most sophisticated - identity theft/credit card fraud cases that law enforcement has come across," said District Attorney Brown. "Credit card fraud and identity theft are two of the fastest growing crimes in the United States, afflicting millions of victims and costing billions of dollars in losses to consumers, businesses and financial institutions. ... Even after the culprits are caught and prosecuted, their victims are still faced with the difficult task of having to repair their credit ratings and financial reputations. In some cases, that process can take years."

EMV: Lessons for the Financial Industry

International cooperation among various law enforcement agencies and governments cannot be ignored. John Buzzard, who tracks card transaction anomalies for FICO's Card Alert Service, says that level of global interaction is helping to bring down more crime rings than the average consumer realizes.

But the case also highlights the need for a more global approach to payments security. The United States' slow migration away from mag-stripe payments is definitely enabling a sweet spot for fraud.

"The move to chip cards will make an enormous difference in the way our industry manages risk, with the ultimate goal being a significant reduction [in fraud]," Buzzard says. "The U.S. has finally set its sights on chip cards, and over the course of the next three to four years we are going to see a tidal wave of work (and some critical debate) for getting this incredible milestone accomplished. The U.S. is a criminal's playground right now, but this arrest is an excellent beginning."

It's clear the U.S. needs to move to EMV, many experts agree. And Visa's recent announcement to support such a move will undoubtedly prove to be the catalyst U.S. card issuers need.

"MasterCard and the other card brands need to do the same thing, beyond the small ATM-Maestro-related announcement by MasterCard following the Visa one, in order for the global card industry to finally eliminate the Achilles heel of the card industry - magnetic stripes on the back of the cards," says Gartner analyst Avivah Litan.

Enforcement and Global Cooperation

Litan says the international perspective of this bust is interesting. "I think this does point out that U.S. law enforcement has beefed up in multilingual capabilities in Russian, Mandarin and Arabic, which is critical to its activities, and is a big improvement over the situation pre- 9/11," she says.

The bust also highlights the growing global nature of financial fraud. That said, organized crime rings are not localized, but their operations often are, says Aite analyst Julie McNelley. "While the operation spanned the five continents, the focus of this bust appears to be the hub of the operation in Queens," she says.

Unfortunately, many more entities were likely involved and will never get charged.

Neal O'Farrell says scams like the one in Queens are taking place in most large cities, and most times go undetected, uninvestigated and unprosecuted.

"We know there are scams like this being run in almost every city, usually in the $500,000 to $1 million range. That usually makes them too big for local law enforcement to investigate and too small for federal agencies to pick up," O'Farrell says. "The big problem we're seeing is that because the low- to mid-level crooks and gangs are going unchallenged, they simply have more time to get better, perfect their art, steal more, and hide their tracks. By the time law enforcement uncovers them, there's little left to prosecute."


About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.