Saturday, February 11, 2006

Is Office Max the Point of Compromise in the Debit Card Theft Case

CNet is reporting that the point of compromise in the debit card case affecting Bank of America, Washington Mutual and Wells Fargo is Walmart and possibly Office Max. I hate to admit this, but last week, I received a letter from one of these banking institutions suggesting I might be a fraud victim. When I went on-line to check my account, I discovered on a certain day there were numerous unexplained transactions.

To make it more interesting, it was from a old card number that I had since long replaced. The magnetic stripe on the card in question had stopped working properly and then was cracked by a sales clerk trying to get it to work.

When speaking to the fraud department at my bank, they confirmed that the transactions were magnetically "swiped." This would lead me to deduct that my card must have been cloned.

A day, or so later I read the article written by David Lazarus of the San Francisco Chronicle saying a major office supply retailer was the point of compromise. I then realized that I might very well be one of the victims of this AND Office Max is where I frequently buy office supplies.

Please note that Wells Fargo's possible involvement isn't being reported by CNet, but was reported by the San Francisco Chronicle:

"Wells Fargo reiterated only that the bank protects customers "if we discover they are at risk for unauthorized transactions." However, multiple Wells Fargo customers told me they've received new debit cards from the bank via FedEx."

The article from the San Francisco Chronicle stated that Visa and Mastercard (who issue cards via numerous banks) as saying they warned banks last month of a breach at a retailer.

Since most retailers accept Visa and Mastercard, which are issued by a multitude of banks, in theory numerous banks could be compromised. Retailers don't discriminate as to which bank the cards were issued at. Here is the story from CNet:

Web of intrigue widens in debit-card theft case

The article also quotes the FBI as saying this case is related to one at the Golden 1 Credit Union last November, where debit cards were compromised by a skimming device at a Sacramento merchant.

Golden 1 cancels 1,300 cards when area hit by fraud

Again, I find it odd that if the point of compromise was in fact a merchant in Sacramento, that only Golden 1 cards were compromised.

Either certain cards are more friendly for cloning (counterfeiting) purposes, or there is more to this than meets the eye.

In this case and possibly the one now, there is a lot of speculation that the breach was a result of an inside job. Organized fraud gangs are known to solicit and recruit people on the inside of organizations to steal information.

So far as the Sam's club angle, I'm not sure how this might tie in. As in most of these cases, it seems as little information is released as possible.

One thing in common is that all the breaking news seems to be coming out of Northern California, which is where my card was compromised.

No one is sure why the retailer's identity is being kept a secret, but some openly suspect it's to minimize liability from California's strict disclosure laws. Here is a previous post, I did on proactive legislation in California regarding matters like this:

Terminating Identity Theft in California

For anyone, who has been violated by this, here is a link from the Privacy Rights Clearinghouse, explaining the laws and what your rights are:

California Identity Theft Laws

If suspicions are true (that the secrecy is to skirt the intention of the law), then perhaps Bank of America, who started the flurry of reports is the most honorable one on the block. After all, they took the initial steps to protect their customers AND since then it seems a lot of evidence has been uncovered that they weren't the only one's compromised.

Keeping things quiet sometimes aids law enforcement's efforts to apprehend the "bad guys," but at this point there seems to be a lot of "law enforcement and banking industry sources" making comments on this case.

Let me specify that this is all mere speculation on my part and to say otherwise wouldn't be fair. I can't even be sure my case is part of this, but when I compare it to the breaking news, the similarities are amazing.

I guess it just goes to show, we are all at risk of becoming a victim of Fraud, Phishing and Financial Misdeeds AND I plan to follow this story closely, if out of nothing more than a personal interest.

For the article from the San Francisco Chronicle, click on the title of this post.

No comments: