As we named the first and, so far, only business connected to the case, the city’s larger media outlets are starting to file their reports on the Capitol Hill credit card fraud case we’ve been following since the incidents first began to spike last week. We also have revised totals for financial fraud reports tallied by SPD during the period after combing through the numbers and de-duplicating reports. First, a look at the new coverage.
The embedded video is from Q13 Fox’s report on the situation that follows a line of details very similar to what we reported in our coverage of the Broadway Grill connection to the investigation. One new item of note from Q13: “Investigators do not believe the restaurant nor any of its employees were involved in the fraud, in fact the restaurant’s business accounts were compromised too.”
The Seattle Times report filed Friday night also sheds some light on a few new specifics:
In the Capitol Hill case, investigators think someone outside Washington β and possibly outside the country β used some kind of software or external device to capture credit- and debit-card information when customers used plastic currency to pay for services at least two businesses, Kierstead said.
The theft of information lasted for months, possibly longer, and investigators are working on the theory the information was fenced to other people who began making more fraudulent purchases, he said.
“It’s kind of an insidious thing β they got the information but did not necessarily immediately use it,” Kierstead said.
CHS is working to identify the second business. We’ve asked the provider of point of sale software to the Broadway Grill for a customer list of other restaurants they serve in Seattle. Maryland-based Action Systems, maker of the Restaurant Manager system, has not responded to our request. As we have been reporting, we’ve contacted one business that is frequently named by people who say their accounts were accessed after shopping there. QFC has told us that, so far, they have not been contacted by investigators and are not aware of breaches involving their payment systems. Given how many of us shop at the grocery store, QFC is likely to show up in transactions of victims and non-victims alike.
Meanwhile, we have also learned more about the scale of this situation. Reviewing SPD reporting data, we’ve discovered that some earlier totals of reports were overstated as some incidents were tallied by CHS twice for separate dates. The overall total of reports of financial fraud made to SPD from the Capitol Hill area appears to be around 145 between October 24 and November 5. In that same period, we show 142 additional reports in areas outside Capitol Hill. The SPD report data is not official so we won’t know final tallies until the East Precinct statistics are released.
November 5th data is partial through around 7 PM.
thanks for following this story from the beginning, staying on it, and tracking down all the information. it’s another example of why i follow this blog. nice work!
ditto on the nice job compliment! great coverage of this!
You’ve really helped me follow this. My credit card was one of those slammed. When it was canceled because of the fraud, I used my debit card. Then my debit card got hit too! The only three transactions the two cards had in common were 1) Broadway Grill, 2) QFC on Broadway and 3) Capitol Hill Parking Meters. I’ll be curious to see what you find out next.
Yes, great coverage. On the story early, stayed on it, tons of graphics and facts, can see a lot of work ….
Where next is interesting …. nowhere? If there is a local contact with tons of hard evidence, maybe police action. Remember the banks and all the fiscal layers do NOT want the PR , not their secrets out to the public.
And, all losses are insured, from top to bottom ….. but, I think the number of names out there may be very large and this will go on for some time. Would be nice to know how many people never catch the fraud …. just pay the bill …. I think there might be many, thus, there is still a haul at the end for the defrauders.
I would be very surprised if you got a response from the point-of-sale (POS) vender. That would have already been requested by the authorities. Also, it’s not great advertising for a small business that their product or service was somehow connected with a loss of people’s personal information.
I believe the data was compromised as far back as March 2010, because that is the one and only time I used my card on the hill.
I think we will see that more people have been compromised then reported, especially others like myself who don’t live, work or usually frequent the area – My advice is to look back at least a year for charges you may have made up on Cap Hill.
If you have made charges at one of the two businesses currently being reported as POS breaches (one named and one not – per video) – be proactive (contact your bank and ask for a new account) before the money hits and leaves your account.
I also, filed a report with the police and have a 90 day fraud alert with the 3 major credit bureaus.
my card was a part of this scam :( Thankfully my bank cought it in time and took action. Yay! for USbank.
when it comes to electronic fraud, russian organized crime is only second in skills to MIT students. and my bet is on the russians.
“If you have made charges at one of the two businesses currently being reported as POS breaches (one named and one not – per video) – be proactive (contact your bank and ask for a new account) before the money hits and leaves your account.”
How the hell are we supposed to know if it’s not named? talk about useless information.
If the Grill is the only place, and I am doubting that, then I agree the culprits snatched the information several months ago, even a year back. I haven’t been to the Grill since 2009 and probably used my card.
There is another place that is a common thread with people I know, too. Businesses on Pike, west of Broadway, show some correlation to people being scammed. My friend and I were hit within two days after using our cards at one establishmet there. Of course, this wouldn’t coincide with the long term time-factor theory. I guess we won’t know until all the information comes out.
My card was declined at a cafe on Broadway on Thursday due to this scam, one people are mentioning as a possible source of the scam. They were so kind to me and very understanding and let me have my latte for free. I will be back this weekend to thank them, offer to pay, and use my CASH (I actually don’t have a choice in that matter at this time) to buy another one of their fine lattes.
That is kind of impressive.
Which is why we consumers should demand this information from businesses, as a condition of our patronage. We are entitled to know the brand and level of POS security they have. If we start refusing to shop at places that won’t give this info, the businesses will fall in line, just like online businesses did – every one has a link about how they protect your security.
Our fraudlent charges were on our AMEX card which we’ve used on the hill and ended up with fraud charges from Guatemala… I’ve already heard from a number of friends that they too have been hit. The fraud charges all occured within the last month.
My BECU card was compromised too – a charge of 8.40 at STD Solutions and 6201.00 somewhere in Greece. Both charges were caught and rejected by BECU before they hit my account. Does anyone know if I should still file a police report even though I don’t have to dispute any charges? I wonder if I should call just to help the data reporting.
The 7-10 days waiting for a new BECU card is really hard… but if anyone else is like me and needs to visit a credit union to get cash out while they wait for a card, Salal CU on 15th gives you fresh chocolate chip cookies. And lemonade!
My debit account was used some place in Deleware on October 26th. The only place I’ve been to that was mentioned was the Broadway Bar and Grill…
I get the impression from the comments on this series that people think credit card fraud is a super huge deal, as if they’ll get stuck with the charges.
It’s not a big deal, and you won’t get stuck with the charges. My card was hit, I called the card company, they blocked the charges, closed the card, and issued a new one. Then I went about my life exactly as before. At worst, it’s a minor nuisance.
My debit card was shut down/actually retained by Bank of America because I moved to Portland and was using it here and they thought it was because of this fraud thing. I’ve had one helluva time getting it back. UGH
If you worried about your credit card being compromised, call the bank and have them issue a new card.
How do you think these companies make up for their losses from fraud such as this – by passing it on to the consumer thru higher prices and fees.
This is interesting crime. You, Wendy, get your money back, with a smile. You are a really important factor in the consumer banking business, tens of millions of Wendyies and just as many Bobs. (hundreds of millions of you, China and India now use plastic)
So, they, after the loss, the bank goes to its insurer and gets the loss covered. Remember the insurance company, part of an international consortia, charges for its services, and makes a profit.
Banks are bit hush hush, bad PR. Police, FBI, Secret service don’t want to tell the world just how it is done, a blueprint will generate more fraud.
The banks of the USA make outrageous profits on cards, ie. they borrow from the Fed at 1 per cent and charge you 19 to 29 per cent …. historic spread.
I have had my home broken into several times, I still steam, scream, angry, put out and miss some of my personal stuff that was taken.
Not the same … if these numbers were hacked by pros outside of the US and the cards made out of the US …. who will get arrested? Someone from the Russian mafia, sure …
Another friend just called, her checking emptied via debit card fraud, B. of A. not very help full …. hmmmm, they need to wise up.
Thanks CHS!,
I really appreciate your coverage and find that you are the most extensive and honest source of information on this subject. I was unfortunately another victim of this credit card fraud (discovered Fri night Nov 5th just an hour after ONE SINGLE over $1,300 charge wiped out my card.) I called my credit card company and they said the charges were made at some shady bar/nightclub with the spanish name for G-String in the name-in BOGOTA, COLUMBIA, SOUTH AMERICA. I have heard other cities mentioned like Hong Kong, Milan, etc so this just confirms that this truly is a very sophisticated INTERNATIONAL CRIME.
After cancelling my card, I called the Seattle Police Department. I got a claim # but since it was now after 9pm (on a Friday night) there was no one in the Fraud Claims Department. I left a message but will have to call back on Monday to make sure this is filed and reported in connection with this scandal. So check back on Monday for improved stats because I notice this happened since your last update.
Also have to say that Seattle Times Nov 5th headline, “CREDIT-CARD-FRAUD SCHEME BROKEN UP ON SEATTLE’s CAPITOL HILL” is misleading since this was anything but broken up when my digits were used later that Friday night. In the article, they go on to say that The Secret Service “were immediately able to put a stop to the fraud”. Well if that was the case, why did I still get my credit card ripped off Friday night?
My intention is not to blame so much as WARN that people STILL NEED TO BE VIGILANT! It’s still in the process of unfolding for alot of us.
I also am a regular of The Broadway Grill and will continue to be. Everything points to the fact that this was not committed by an employee but a much more elaborate computer-hacking scam. PLEASE GET OUT AND SHOW YOUR SUPPORT FOR THE BROADWAY GRILL (this really could have happened to any business and probably did more than we are being told right now..Bring Cash if it makes you feel more comfortable)but these guys have and are working really hard to bring The Grill to a new level of quality. The people that work there are some of the most acknowledging, courteous, and helpful people in the industry. Their bartender was deservedly rated best bartender in Seattle. They continue to be one of the leading places to SUPPORT THE CAPITOL HILL COMMUNITY. And it continues to be one of the most FUN & REAL places on The Hill. Now it is OUR TURN to show them HOW MUCH WE SUPPORT THEM!
I actually had written a much longer comment originally, explaining cybercrime, state sponsored hackers, and why it’s possible no one may end up in jail. Then I wrote about how financial transactions like a single credit card swipe work since there are a lot of things involved that most people don’t know.
I was proof reading it and thought, “Nobody is going to want to read this.” So it ended up being the short comment that you responded to.
To keep this brief, the merchant has no way of knowing who or how many people/companies are involved in a single credit card transaction.
I read earlier this year where some credit card processing service had out-sourced part of the transactions to India, and all the consumer information had been stolen.
Firstly, I’m really sorry you guys have to deal with this shit. Yeah, it’s a bummer. I’m only okay laughing about this because I know you will all get your money back. But seriously, G-String nightclub? STD solutions? And huge charges from target? These identity thieves are total weirdos.
If everyone used cash only we wouldn’t have this problem. Nor would banks be so large.
I moved off the hill and out of Wa back in July and now live in Chicago. I got notice from my bank that my card was a victim of fraud. Maybe I am also a victim as well? 99.99% of my transaction were done on the hill and find it very odd that I was hit with fraud just days of my friends who live and or shop on the hill.
Com’n Greg ,there was no fraud. You just don’t want people to know you shop @ Target :D
Yes yes yes – carry a bag of silver dollars … counting pennies.
Less plastic, not a chance.
We received a fax at work from them, only it was marked DELTA, offering a trip to Jamaica and Hawaii for $199.00 excluding Air fare. I fell for it to give to my son and wife for a honeymoon. They charged $500.00 to Citi Card and said I would recive all the documents within 3 days, and it was a 5 star hotel. I never have received anything, and they keep sending me e-mails to sign NOW. I Contacted City Services to dispute charges and they were very nice and said they would, but they would be investigating. It wasn’t a five star hotel, it was a 3, and comments said, don’t go there, it is a dump. Say a prayer for me. I dislike people that do such things.
Thank you.
Justin, do you really think ASI would give you a client list to blast all over this blog and scare readers away from local businesses? Bravo ASI for turning you down. If they provided a list, God help them with version numbers, they would do nothing but hurt their customers and aid hackers.
Businesses have no choice but to take cards. A single POS solution generally involves multiple components from multiple vendors. If you saw how this sausage is made, you might have a different perspective. As you seem to have a good dialog with a local Dinerware vendor, why not have her show you all the components that card data passes through before it gets to visa.
Sean, generally agree with you about not get too worked up over this, but for some of us there are additional inconviences. In my case my partner is out of the country for 8 weeks on medical mission work and now the cards that are needed to periodically get money are inactivated. Additionally, the banks won’t send replacement card to the out of country location, only to the home address (understandably why), but have to eat the additional cost of turning around ti express ship replacement cards to the partner to be able to access accounts again for money to live off of. Not the end of the world, and this is likely a minority situation, but it is additional aggrevation and cost.