Capitol Hill residents and business owners continued to file reports of fraudulent credit card transactions with the police department on Saturday as the financial — and irritation — toll from the crime wave continues to mount.
18 more fraud reports were filed by people in the Capitol Hill area on Saturday. With Friday’s reports, that brings the total number of incidents reported to Seattle Police since we first reported a wave of fraudulent activity around the Hill to 41, according to data collected by CHS. The total number of accounts impacted is higher as we’re hearing from some victims who had not reported the fraud to police. If you have found that your account was compromised, contact your financial institution and then report the fraud to SPD at (206) 625-5011 (non emergency line). Note: The non-emergency line appears to be staffed on limited schedule so you may not be able to make a nighttime report. We’re checking on the schedule.
As we’ve been seeing, anecdotes from people who found new fraud over the weekend include shopping at various Hill locations — many on or near Broadway — involve a wide variety of financial institutions and include reports of small test transactions followed by large purchases at stores from around the country and, frequently, the globe.
Here is the map of locations where people filed reports on Saturday. Each green dot represents a report of financial fraud made to Seattle Police.
Again, we’ve included this second citywide view to show how concentrated this fraud wave is. On Saturday, 18 of 20 reports in the city were on or near Capitol Hill.
We are still looking for the first statement on this wave from local officials. So far, SPD has been reluctant to say anything but acknowledge that there does appear to be a highly unusual cluster of fraudulent activity in the area. SPD has not yet said that any of these incidents are skimming. We’re told detectives are busy investigating the situation and have not been available to provide briefings on the situation. Meanwhile, we are also in contact with the Secret Service’s Electronic Crimes Task Force but their Seattle office has not yet confirmed their involvement in the investigation.
CHS commenters have shared details of their experience with the fraud. The major theme from the conversation to date has been scale: This is an amazingly large wave of fraud. We have asked readers to not post local business names due to the harm the speculation can do and the unlikelihood that compiling these lists will show anything more than where CHS readers shop most often. If you disagree with this, we’re open to feedback. For now, we ask that your feedback not include a business list.
We’ve also been looking through news reports from across the country for similar situations. A report by the National Association of Convenience Stores describes the mechanics of fraud waves of similar attributes, size and scale to what we are experiencing:
Skimming is a catch-all term for a range of ploys designed to defraud credit and debit card users. Numerous techniques abound, but the method ref erenced by Wallace is particularly wor risome for convenience store owners in Nevada, Florida, California and Texas, where a high volume of interstate traf fic circulates through a concentrated group of stores.
Thieves compromise fuel dispensers by opening the unit and inserting a memory device between the customer interface and the payment system. The device looks like an open circuit board, two inches square, with ports that con nect to the card reader and PIN pad.
Once the card information has been intercepted, it’s transmitted wirelessly to a personal computer and then either transferred onto a blank credit card or stored in bulk. That fully functioning credit or debit card can then be used for making purchases or withdrawing money from a linked account, as seen in the Las Vegas case.
Once the skimming device is in serted into the pump, it can be weeks or months before it is detected. During that time, every transaction is recorded and stored for criminal use. Dispensers can easily service more than 100 customers each day, so even after a week’s time this adds up to a huge amount of stolen data.
For another example of how this played out recently, here’s a story from August in Gainesville, Florida:
NACS payment consultant Gray Taylor said that several years ago, a waiter or waitress could skim maybe 10 credit cards on a shift, and the information for those cards could be sold online for $50 a card.
“Today the prices are much lower, so (criminals) have been looking for bigger and bigger troves of credit cards and they are looking at places where they can pick up hundreds or thousands — places like gas pumps, parking garage terminals,” Taylor said.
Now, instead of having someone on-site swiping cards with a skimmer, hundreds and sometimes thousands of cards can be swiped with about $100 worth of electronics, Leonard said.
Maynard said the schemes are not the work of a local criminal.
“This is the work of international criminal organizations,” Maynard said. “There have been some ties to China and other countries.”
While gas station pumps have been the target in these scenarios, we have also read reports of similar schemes targeting other point of sale systems. Additionally, we have found examples with situations resulting in more than 100 victims perpetuated by one person with a skimming technology at their disposal.
There is also the possibility of new, more sophisticated attack involving a breach of a data system and collection of payment information. We haven’t found any examples of this kind that struck a local area in a way as focused as this wave — but, given the rate at which these criminals evolve and adapt, nothing seems outside the realm of possibility when it comes to how this information has been collected. The mechanics of the rest of the equation described above — the distribution of the information and execution of the fraud at other locations — definitely fits what we’re seeing on the Hill.