Comments

pc February 14, 2011 6:53 AM

I don’t know why it’d amaze you. There’s no security around credit cards at all; they just have a percentage built into their fraud budget, because it’s cheaper than actually going after it.

Dirk Praet February 14, 2011 7:45 AM

The worrying thing is not that even inmates can run such a scheme, it’s that people keep using broken technology whenever taking out their credit cards to pay for stuff.

Clive Robinson February 14, 2011 7:46 AM

“It amazes me that credit card fraud is so easy that you can run it from prison.”

Well all fraud is generaly an easy crime compared to many other types.

As fraud is mainly about (mis)handeling information it can in theory be carried out from any where where you can establish a suitable communications channel.

The hard part with nearly all frauds is realising the proceads of the crime in an untracable way and that’s the bit where most fraudsters come unstuck.

Also many others realy realy don’t know when it’s time to “cut and run” not just with fraud but many other crimes as well.

Yes you can make money out of crime but as many find out that’s just the start of the problem, keeping it’s the hard part…

My father used to point out to me that if you are bright enough to commit the “perfect crime” you are more than bright enough to earn more money honestly.

Clive Robinson February 14, 2011 8:46 AM

It appears the original story is from the NY Daily Times,

http://www.nydailynews.com/news/ny_crime/2011/02/02/2011-02-02_rikers_island_inmates_alleged_credit_card_scam_netted_1_million_from_ipads_and_a.html

What does amaze me is the number of “official newspaper” sites that have “ripped it off” one offender being the UK’s Daily Mail…

The only odd thing that comes out of the story is the group escaped detection by re-encoding the mag-stripe on their own legitimate credit cards etc…

Now I don’t know about others but this sounds like a massive fail in the US Credit Card system. Maybe the Payments Card Industries (PCI) should put it’s own house in order for once…

Captain Obvious February 14, 2011 9:42 AM

What amazes me is that Bruce reads Gizmodo, and uses it as a source. Even I left after the redesign, but when sharing anything interesting from there, I’d share the original link, not the repost.

kingsnake February 14, 2011 9:53 AM

@pc “I don’t know why it’d amaze you. There’s no security around credit cards at all; they just have a percentage built into their fraud budget, because it’s cheaper than actually going after it.”

I don’t know why it would amaze anyone since prisoners have 24 hours a day, seven days a week, for the duration of their sentence, to think of ways to get over on the system. They can be quite inventive.

/s/
Ex-detention officer

Jake February 14, 2011 10:34 AM

I don’t see a problem with “STILL paying for the card”. It’s part of the merchant’s cost of doing business, and I would certainly expect it to be part of the price I pay.

moo February 14, 2011 10:39 AM

@Rich Wilson:

Thats one reason why I prefer to make my in-store purchases with cash, rather than a credit card. I want to give my money to the merchant without the credit card companies skimming off a percentage of it as transaction fees. If you buy with a credit card, the merchant has to pay transaction fees to the credit card company, and is prohibited by agreements with Visa, Mastercard et al. from passing those fees on the consumer. Most people think of credit card purchases as costing “nothing” (i.e. they pay the same price as they would pay with cash) but that is only true for the customer, not for the merchant. Its also usually the merchant who gets shafted when someone defrauds them with a credit card.

BF Skinner February 14, 2011 10:47 AM

@pc “fraud budget”
But buying insurance to reduce your risk is security too isn’t it?

@Clive “original story is from the NY Daily Times”
Better coverage too.

@clive “establish a suitable communications channel”
But controlling for that’s the real trick isn’t it. And a long known vulnerability. Gangsters continue to run thier gangs from the inside and order all manner of nastiness from day to day operations to witness intimdation and murder. But this worked through human outside confederates. As long as the incarcerated are allowed to communicate with people, or their lawyers, a channel is open. Mitnick tells a great ancedotal story about a prisoner gaming the call in / public defenders only line to create an outgoing session.

In Fast Walking Wasco says “God, I love it here, in this joint, you know that, ? … , there’s no place like it in the whole damn world. There’s nothing you can’t do in here, if you got the balls. It’s as simple as that, you just believe in yourself. Follow your star. It’ll lead you right to opportunity…” Prison doesn’t stop business.

Modern day contraband is the cellphone. I’ve seen one overseas prisons RFI asking for signal jamming of the whole range of wireless data transmission methods from wi-fi to satphone.

Odd that this went on for 3 years. I understood that prison phones, ‘cept for lawyer priviledge calls, were all tapped and monitored. If universal wire-tapping of a known population is ineffective at identifying criminal activity how can USG make the claim that broadly based warrentless wiretapping is effective in identifying unknown villians?

Richard Steven Hack February 14, 2011 11:00 AM

Reading the original piece (and that was a circus since Gawker Media hasn’t been displaying in my Firefox for a while until I adjusted an exception rule in AdBlock Plus!), I see only a mention that the ringleader coached a relative over the phone.

I see no evidence that they actually did anything illegal on the prison phone system – the “coaching” referred to might have been in some sort of verbal code. I suspect most of the information was passed during prison visits or in some coded way from gifts sent in and material sent out via the mail. While all of that is inspected, it wouldn’t be that hard to evade the prison censor. Anything done during visits would be impossible to detect.

So in that respect it’s no surprise this could be done as virtually everything was done by confederates on the outside. That’s SOP for prisoners.

NobodySpecial February 14, 2011 11:20 AM

These are Americans of course – from a British prison you can mastermind stealing a plane load of gold and escaping through the sewers in a fleet of British cars.

Peter A. February 14, 2011 11:24 AM

@Rich Wilson:

Yes, you pay for the card even if you pay full bill every month – in the merchant’s payment processing fees. But you pay the same price for your goods even if you pay in cash – the merchant just gets a little bit richer (possibly not much; cash convoy services and/or bank cash deposit services cost him, too). You may sometimes get a slight discount when you propose to pay in cash, but are you going to do it every time you buy at your grocer’s?

Actually it is a win-win situation. Merchant gets a sale now, not the next day, when the client comes back with cash – or never if the client changes her mind. Client gets her shiny new goods now and don’t have to worry if she has enough cash in her purse. Banks get their share. Everybody’s happy! well, maybe the client not so much after all, when the bill arrives 🙂

Other reasons for not using a credit card (fraud risk, traceability, shopaholism, etc.) aside, paying in cash does not give you any financial gain over using a credit card a “smart” way – and often the other way round.

Ananymous Moi February 14, 2011 11:32 AM

@moo

“and is prohibited by agreements with Visa, Mastercard et al. from passing those fees on the consumer”

If only. In the UK travel companies routinely pass on a credit card “fee” that is several times the actual cost
(http://news.sky.com/skynews/Home/Business/Which-Launches-Super-Complaint-Into-Credit-And-Debit-Card-Surcharges-With-Office-Of-Fair-Trading/Article/201102215928212?lpos=Business_Second_UK_News_Article_Teaser_Region_0&lid=ARTICLE_15928212_Which_Launches_Super-Complaint_Into_Credit_And_Debit_Card_Surcharges_With_Office_Of_Fair_Trading)

Pj February 14, 2011 12:54 PM

A friend recently had her purse stolen and within one HOUR thieves had racked up $1,000 worth of charges…at local GROCERY stores. No word yet on if they bought out the whole meat-section at one store, or stamped duplicate cards and hit multiple stores individually.

Another friend insists that signing her card “Check My ID” helps prevent fraud…yet I can’t recall the last time a cashier actually looked at the back of my card for a signature, much less even touched my card since most places have me swipe (or wave RFID) it myself.

Guy February 14, 2011 1:06 PM

The credit card companies may be doing us a favor with their lack of security. Carjackings have been on the rise since many older vehicles (desirable for parts) now have anti-theft devices. There will always be thieves, but if credit cards are enhanced with smartcards or other uncopyable electronic validation, there could be a similar trend when they are forced to steal the card.

Given this, it is possible that there would be a higher societal cost if the credit card companies improved their security.

Is there such a thing as ‘societal security’ or ‘sociological security’, that looks at the cost/benefit of private security practices on society as a whole?

RSX February 14, 2011 2:39 PM

Apple products stolen? No sympathy for the company, feel bad for the victims though. The credit card companies will just pass along the ‘difference’ to their other customers, write some insurance forms, get reimbursed by Joe Taxpayer..Just the cost of doing business, I think credit cards should be overhauled and made into something new.

Misleading headline anyway. The prisoners never had any Apple goods, nor did they buy or sell anything. The guy running it from prison was just giving orders so everyone on the outside could do the dirty work. People asked how the ring was busted – The prison either intercepted an outgoing message or someone finked on him. And when you’re dealing with 25 accomplices, eventually someone is going to slip up and spill the beans. Now its just a matter of rolling on each other to get a better deal then the guy on top of him. This is why a good rule in criminal behavior is to never trust anyone – No honor among thieves, but that goes for legitimate business also.

TS February 14, 2011 3:47 PM

@PJ
“Another friend insists that signing her card “Check My ID” helps prevent fraud…”

Many places don’t bother to even look at the card if it’s under $25, much less check the signature.

Still, here’s a funny article about whether people even bother to check the signatures.
http://www.zug.com/pranks/credit/

Rich Wilson February 14, 2011 4:36 PM

“Actually it is a win-win situation.”

My issue is that credit companies have very effectively hijacked the development of cashless systems. Paying via a plastic card needn’t cost 5%. 1) require a 2nd form of authentication (PIN). Not perfect, they can be skimmed and social engineered, but it would reduce fraud. 2) don’t give out cards based on only DoB and SSN.

The worst part about it is the very devious ‘cash back’. As an individual, it is in my best interest to use my 1% back credit card for everything, even though that costs merchants more than if I use a debit card. In fact when gas prices spiked in the US in 2008, gas station owners were getting pinched because the card fees ate up an ever increasing portion of the sale, but their commission from the oil company remained fixed per gallon.

I have been in some stores that charge 25 cents to use a debit card, because they can, but nothing to use a credit card, because they’re not allowed to. Ends up costing them more in fees.

It’ll grant, it’s ingenious, but it’s hurting the consuming public.

Dr. T February 14, 2011 4:56 PM

@moo: “… I prefer to make my in-store purchases with cash, rather than a credit card. I want to give my money to the merchant without the credit card companies skimming off a percentage of it as transaction fees….”

Cash payments are not cost-free to merchants. They have to expend labor counting the cash and making change, checking for counterfeit bills (and losing the money if they miss one), moving cash from registers to safes and then from safes to banks, and recording the cash deposits. Also, banks charge businesses for depositing bills and coins. Merchants with heavy cash flows have to increase physical security (safes, cash chutes, secure counting rooms, security cameras and monitoring rooms, etc.) and may need to add security personnel to guard against robbery from without and within. When you figure total costs for most merchants in the USA, the ranking of payment types by cost (least to most) is debit card, credit card, cash, and personal check.

In some businesses (such as bars, restaurants, hair cutting salons, etc.) employees who receive cash payments can fail to record the transaction (or record it as a lesser value) and pocket the cash. For these businesses, cash is the most costly method of payment.

moo February 14, 2011 5:22 PM

@Dr. T:

Interesting. I guess it doesn’t help the merchant much to pay by cash, after all. I’d still rather not give the fees to the blood-sucking credit card companies, though.

Dr. T February 14, 2011 6:36 PM

I prefer to pay by credit card, because I get to earn interest on “spent” money for an average of 40 days (half a month plus the 25 day grace period).

The issue that irks me most about credit card companies is that they don’t invest enough in security to reduce the high levels of fraud (which the merchants and therefore the consumers pay for in the end).

John Galt III February 15, 2011 12:28 AM

Rikers is a dark place; see, for example:
The Lords of Rikers
The juvenile unit of the New York City jail is a survival-of-the-
fittest finishing school for the roughest kids in New York.
And an upcoming case alleges the guards run the show.
http://nymag.com/news/features/70978/
Not sure why it is a surprise that the guards run the show; the real surprise is how they do it, using inmate muscle.

Shane February 15, 2011 11:21 AM

Wait, so what exactly is surprising here? Gang leaders, drug lords, mob kingpins… they don’t seem to have much trouble conducting their business from prison. Why should CC fraudsters be any different? See Charles Manson + cell phone for a recent example.

RSX February 16, 2011 2:49 AM

It’s also against the merchant agreement for the store to ask for ID when making a credit card purchase. This requires some sort of comment as to why this might be, but I dont have one..With all the fraud, one might think that credit card companies would force stores to check ID.

ccguy February 17, 2011 10:20 AM

RSX – I’m in the MSP business. Merchant are supposed to authenticate the card by matching the customers signature with the signature on the card.

Reasons IDs are against the rules:

Fake IDs are historically easy to make and asking for ID may make someone pay in cash instead.

Megan Denyer February 26, 2015 7:07 AM

From a business perspective, reducing credit card fraud starts with the human element – specifically – with comprehensive security awareness training. While companies often spend untold sums of money on the latest and greatest hardware and software products, they fail to recognize the importance of training and educating employees on security issues, threats, and best practices. There are a multitude of programs available online, many for free, so there’s really no excuse. Want to stay in business, then protect cardholder data by training your employees on important security issues and threats – it’s really that simple.
From a personal perspective, individuals just need to be very careful as to who they give their cardholder data information to, and watch out for fraudulent charges, which means reviewing monthly statements and looking for any anomalies.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.