Thursday, December 07, 2006

Walmart Employee Scams Customers via Electronic Checks

Processing checks electronically is becoming a standard practice, brought about the Check 21 law, or ACH (Automated Check House) processes.

Electronic checks save businesses a lot of money in processing costs.

Walmart is one business taking advantage of electronic checks - and when a check is written to Walmart - it's scanned in their point-of-sale system - then returned to the customer. From there, everything is handled "electronically."

I read a story put out by KRTK Houston about a Walmart employee, who scammed a customer by keeping the check (supposed to be returned), then used it to purchase merchandise and gift cards numerous times.

KRTK Houston story with video presentation, here.

When the customer noticed the fraudulent transactions on her account, she reported it to the Walmart and the employee was arrested.

The story also indicates that there are other victims out there that haven't been identified yet.

According to the story, the customer isn't being made whole by her bank because she didn't discover the transaction within thirty days and Walmart isn't refunding her money, either.

When check fraud occurs, victims are normally made whole by their bank, who goes after the business by charging them back for the transaction. If a business refunds the customer for their losses, the customer might be able to have the transactions charged back to them, also.

My guess is that Walmart isn't refunding the money because the bank still might charge-back the transactions to them?

Of note, it's probably not completely fair that Walmart is the only one being mentioned in the article. There is no mention of what bank is involved. I hope Walmart and the bank have since sorted this whole thing out and taken care of the people, who were victimized as a result of this.

After all - it only makes sense to do so - processing checks electronically saves them a lot of money by not having to process paper and if more stories surface (like this one), it's likely to affect "consumer trust."

I read consumer tips all the time that we should use our credit cards versus debit cards because they offer better protection in the case of fraud.

Tom Fragala (CEO of Truston) wrote a great post about this, here.

Wednesday, December 06, 2006

Store Detective Discovers Traveling Credit Card Ring

I came across an interesting story about how a store detective at Target caught a group of traveling credit card fraudsters in Washington.

The store detective noted suspicious behavior - customers purchasing large amount of gift cards and did a little checking. When he did, he discovered that the cards being used were counterfeits.

When the merry trio was arrested at a bank down the street, police discovered maps to area retailers, a lot of counterfeit credit cards and - of course - gift cards.

After being identified, the authorites determined that the fraudsters had traveled to Washington from California.

The fraudsters claim that they were using the gift cards to buy things for themselves. Let see, they travel from California to Washington and use numerous counterfeit credit cards to obtain merchandise for themselves?

And the authorities aren't buying their story either -- they are being charged with "leading organized crime."

My guess is that they were going to find a way to convert the gift cards to cash. I recently wrote about the problems associated with gift card fraud and how they are being fenced on auctions all over the Internet:

Why Buying Gift Cards on Auction Sites isn't a Good Idea

Normally - I write from a broader perspective - but this story illustrates how we might be rubbing elbows with some fairly sophisticated "criminal types," while out doing our Christmas shopping.

Jeremy Palowski of the Olympian wrote the story, which attracted my attention to this, here.

Sunday, December 03, 2006

An Identity Theft Protection and Recovery Service Based on Trust

The new identity theft protection and recovery service by Truston is live. The service is unique because it doesn't require you to give up your personal information, which could be stored in a database, and used to commit identity theft if it falls into the wrong hands.

In case you've missed the weekly stories, databases are being compromised all the time and according to the Privacy Rights Clearinghouse (which is keeping tabs), 97,326,222 people in the United States have been compromised by data-breaches since February, 2005.

I probably need to make a disclaimer that this number might grow before I publish this post. Nonetheless, here are the ugly statistics as of this writing.

Tom Fragala, who is the CEO and a former identity theft victim himself did a great post on his blog describing the service:

myTruston is a web-based service that protects you from identity theft. It is simple and safe.

How simple? One minute sign up. And myTruston works by providing you a recipe-like format, one task at a time, for dealing with identity theft. That goes for both prevention and recovering from fraud.

Why is it safe? Because our members never send us any confidential personal information. All we need is your email address to help you. Every other prevention and recovery service requires you to give them your name, address, SSN, and even power of attorney.

What does it cost? Our prevention services will always be free! And our recovery services are free until January 2007.

We’re getting some nice kudos from people. You can see an updated list here. One example:

"Very slick. You're a genius for coming up with something so simple yet effective & helpful. I'll definitely spread the word." - Jed Tucker, myTruston member

The bottom line is that finally we have a resource where someone can protect themselves and recover (if they are victimized) without putting themselves at additional risk.

And even I had no problem "navigating" it!

Here's the previous post, I did about myTruston:

Truston - An Identity Theft Service I Trust

If you would like to check out myTruston, link here.

Saturday, December 02, 2006

Terrorism on the Internet?

SITE (The Search for International Terrorist Entities) has published an analysis of a new "how to beat Internet security" magazine sent out to password protected "jihadist forums."

SITE reports:

The first issue of what is indicated to be a periodic magazine, Technical Mujahid [Al-Mujahid al-Teqany], published by al-Fajr Information Center, was electronically distributed to password-protected jihadist forums today, Tuesday, November 28, 2006. This edition, 64-pages in length, contains articles that primarily deal with computer and Internet security, in addition to other pieces explaining Global Positioning System (GPS) satellites and video types, editing, and encoding into different formats. The editors of the publication state that it was written to heed the directives of the Emir of al-Qaeda in Iraq, Abu Hamza al-Muhajir, and his call for technical support. Material such as this, regarding anonymity on the Internet, concealing of personal files locally on a computer, and utilizing all schemes of encryption, is to serve as electronic jihad, and a virtual means of supporting the Mujahideen.

Full analysis, here.

In another story out there, CIO Today is reporting:

According to the U.S. Computer Emergency Readiness Team (US-CERT), a joint venture between the U.S. Department of Homeland Security and private industry, threats were found on an Islamist Web site calling for attacks against U.S. financial Web sites through December, until the "infidel new year."

CIO Today story, here.

According to the story, there has been no evidence of any attacks and the alert is only to caution the industry.

Nonetheless, similar activity has been seen in the recent past:

Israeli Sites Under Attack by Islamic Hackers

I wonder how many attacks never happen because of some dedicated individuals at US-CERT and SITE?

International Identity Theft Gang Tied to Bank

The Serious and Organised Crime unit, the UK's financial crimes warriors, have delivered a significant punch to an organized identity theft gang, believed to have been in operation for ten years.

The gang, which seems Eastern European in origin, operated behind the cover of a "Moscow Bank" in Great Britain and Spain. Victims have been traced throughout Europe and the United States.

Fake identities and cloned credit cards were used to purchase "electrical goods," which were later fenced on eBay. The illicit proceeds of these transactions were "laundered" via PayPal and WorldPay accounts.

The TimesOnline reported:

Police discovered bogus passports, council tax documents, electoral registration applications, and bank statements as well as employment references from both an unsuspecting firm of solicitors and a fake one that were used to create false identities.

Cloned credit cards were used to buy cameras, computers, iPods, computer games, Royal Mint coin collection sets and other goods such as Liverpool FC strips from a variety of website traders. These items were then auctioned on eBay.

Link to TimesOnline story, here.

Unfortunately, a lot of the evidence was destroyed when one of the alleged gang members (while handcuffed) hit a power switch that wiped out the information.

Because of this - the true monetary implication will probably never be able to be determined from this activity.

Of course, even if the information was recovered, it's entirely possible that there are other databases that have yet to be discovered, or never will be.