credit card fraud and securityIf you’re a savvy consumer there’s no way you’ll buy a knockoff Rolex or fake Gucci handbag made in China and passed off as the real deal. But what if the item itself was genuine but the credit card that was used to buy it was a fake? Presented with a valid receipt and a genuine item, even a cautions buyer would not know that fraud was involved and the item was indeed contraband.

That’s what a cell of thieves in California was counting on when they went on one spending spree after another with a nearly limitless supply of fake credit cards. They would load up on pricey items from high-end boutiques and turn a tidy profit by reselling to unsuspecting buyers looking for a good deal. The buyers never suspect these were technically stolen goods since they came with a valid receipt.

How Does This Kind of Scam Work?

First, it’s important to have some realistic plastic cards. Jose Rolando Renderos is accused of taking the cheapest route and importing the cards in bulk from China. They came pre-printed with logos like MasterCard and Wells Fargo, adding trademark infringement to the list of deeds these crooks would be charged with.

Next the thieves need to steal some real credit card numbers. This can be done electronically at points of sale using a number of technologies including:

  • Keystroke logging equipment that records numbers punched in manually on the keyboard (a favorite low-tech approach since this data is not protected in any way).
  • Malware that seeks out and downloads Point of Sale (POS) transactions along with the data encoded on the credit card strip (this software may be installed remotely).
  • Card skimmers which are physical devices that fit over a card swipe slot on an ATM, gas pump or other POS terminal.
  • An accompanying device can be placed over the pin pad to capture pin numbers as well.

Next the fraudsters have to emboss and encode the cards with the appropriate data. The equipment to do this is easy to legally acquire and simple to use. Thieves can then deploy these faux cards in a variety of ways depending on what other forms of ID they have on hand.

  • Using cards that are embossed to match the name on a fake ID.
  • Making transactions without using a pin by running the card as ‘credit’ instead of ‘debit’ and verifying with a signature.
  • Swiping a card with a working mag stripe and entering a skimmed pin to avoid any suspicion at all on the part of a clerk.
  • Using bullying, misdirection and other social engineering tricks to avoid close scrutiny of the card or the transaction.

In the end more than 12,000 fake cards were recovered in this Los Angeles fraud investigation and 90,000 more blank cards were collected in San Bernardino the counterfeit card ring got busted.

What Can Business Owners Do to Protect Themselves and Customers?

There’s plenty of excellent advice already available for how to train clerks to spot a fake card. But keeping customer data safe from “skimming” in the first place is even more important. Subway and Barnes & Noble learned firsthand recently how big a black eye a brand name can take when customer credit card data is routinely exposed to scammers. Now that there is encryption technology to cost-effectively keep transactional POS data secure and a business may be legally liable if it doesn’t take proactive loss prevention steps. If there is a breach, business owners should immediately seek legal advice about the best way to notify customers and assess the degree of exposure.

The following two tabs change content below.

Bruce Robertson

Bruce Robertson is a private investigator and founder of Tristar Investigation, California’s premiere detective agency. Bruce is also a media commentator for the investigation industry, featured in the New York Times, CNN, History Channel, MSNBC, Los Angeles Times and many more. You can find him on Google+ LinkedIn and YouTube.