Chase Hit in ATM Skimming Attacks

Vegas Cases Highlight International Crime Concerns

By , April 9, 2012.
Chase Hit in ATM Skimming Attacks

A grand jury in Las Vegas has indicted 13 California residents for the roles they played in an alleged two-year card-skimming scheme that attacked ATM vestibule entry doors at numerous Chase Bank branches throughout the region.

See Also: Malware & Spear Phishing: How to Defend the Enterprise

According to the indictment, between November 2009 and through November 4, 2011, the crew of 13 allegedly captured data from Chase accountholders who swiped their cards to enter the bank's vestibules, which offer ATM access during off-hours. Copied information included accountholders' card numbers, full names and card expiration dates.

With pinhole cameras, the crew also allegedly collected PINs as they were entered at the ATMs. From there, the gang created counterfeit cards with the stolen details. The indictment does not specify how much fraud is estimated amount to be linked to the scam.

The 13 now face charges for conspiracy and aggravated identity theft. This case is being investigated by the United States Secret Service and Las Vegas Metropolitan Police Department and prosecuted by Assistant U.S. Attorney Kimberly M. Frayn.

Natalie Collins, spokeswoman for the U.S. Attorney's Office, says the ring's connection to another state is typical of Las Vegas-based card-fraud schemes. "We have a lot of rings here that operate in Vegas but come in from other states," she says. "We see it more and more."

In another case, coined Operation Open Market, Las Vegas authorities made 19 arrests in nine states re: card fraud and ID theft. Operation Open Market was an investigation into a transnational crime circuit organization that based its operations in Las Vegas.

Members of the group allegedly bought and sold stolen personal and financial information through online forums and, according to the indictment, engaged in ID theft and counterfeit credit card trafficking.

In the counterfeit card scheme, U.S. Secret Service and U.S. Immigration and Customs Enforcement's Homeland Security Investigations arrested five of the 19 in Las Vegas; the remaining 14 persons were found and arrested in California, Florida, New York, Georgia, Michigan, New Jersey, Ohio and West Virginia. The individuals have been charged with racketeering, conspiracy, and production and trafficking in false identification documents and access device cards.

In total, 50 individuals have been charged as part of the investigation.

"The indictments and arrests in this case are yet another example of how the Secret Service continues to promote the Department of Homeland Security's mission of providing a safe, secure and resilient cyber environment," said A.T. Smith, the Secret Service's assistant director for investigations, in a statement about the arrests. "The successful partnerships fostered by the Secret Service's electronic crimes task forces result in ground-breaking investigations such as Operation Open Market."

"What happens in Vegas got 19 people busted," says Robert Siciliano, a McAfee consultant and ID theft expert. "There will be more skimming, more counterfeiting and more busts in Vegas, and the rest of the U.S., as long as merchants, PCI [the Payment Card Industry Security Standards Council], banks and credit card companies delay EMV or cease to adopt numerous existing measures of card-fraud prevention."

The Europay, MasterCard, Visa standard is a chip-card standard that aims to replace the magnetic stripe currently used on the backs of most U.S. issued payments cards.

"The fight against card fraud is beginning to look like the war on drugs," Siciliano says. "We know there are numerous ways of solving these problems, as exhibited in other countries, but we stubbornly stick to our old ways of doing things. Unless a fundamental shift is made in card technology ,then the broken record of data breaches, skimming, identity-theft rings, cloning and busts will continue."

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE U.S. Postal Service Breach: A Timeline

The U.S. Postal Service on Nov. 10 confirmed a data breach that affected some of its information...

Latest Tweets and Mentions

ARTICLE U.S. Postal Service Breach: A Timeline

The U.S. Postal Service on Nov. 10 confirmed a data breach that affected some of its information...

The ISMG Network