For years, an employee of Cubic Corp -- the company that makes the automatic fare card systems for most of the subway systems around the world -- forged and then sold monthly passes for the Boston MBTA system.
The scheme was discovered by accident:
Coakley said the alleged scheme was only discovered after a commuter rail operator asked a rider where he had bought his pass. When the rider said he'd purchased the pass on Craigslist, the operator became suspicious and confiscated the ticket.
An investigation by the MBTA Transit Police found that despite opening electronic gates, the printed serial number in the MBTA database did not show the card had ever been activated. Hundreds of similar passes in use by passengers were then discovered, investigators said.
Although you'd think the MBTA would poke around the net occasionally, looking for discount tickets being sold on places like Craigslist.
Cubic Transportation Systems said in a written statement that it is cooperating with authorities. "Our company has numerous safeguards designed to prevent fraudulent production or distribution of Charlie Tickets," the statement said, referring to the monthly MBTA passes.
It always amuses me when companies pretend the obvious isn't true in their press releases. "Someone completely broke our system." "Say that we have a lot of security." "But it didn't work." "Say it anyway; the press will just blindly report it."
To be fair, we don't -- and probably will never -- know how this proprietary system was broken. In this case, an insider did it. But did that insider just have access to the system specifications, or was access to blank ticket stock or specialized equipment necessary as well?
EDITED TO ADD (5/22): More details:
On March 11, a conductor on the commuter rail’s Providence/Stoughton Line did a double-take when a customer flashed a discolored monthly pass, its arrow an unusually light shade of orange. The fading, caused by inadvertent laundering, would have happened even if the pass were legitimate, but the customer, perhaps out of nervousness, volunteered that he had purchased it at a discount on Craigslist, Coakley said.
That raised the conductor’s suspicion. He collected the pass and turned it over to the Transit Police, who found no record of its serial number and began investigating. Working with State Police from Coakley’s office, they traced it to equipment at the Beverly branch of Cubic Transportation Systems Inc. and then specifically to an employee: Townes, a 27-year-old Revere resident.
Auditing could have discovered the fraud much earlier:
A records check would have indicated that the serial numbers were not tied to accounts for paying customers. But the financially strapped MBTA, which handles thousands of passes and moves millions of riders a month, did not have practices in place to sniff out the small percentage of unauthorized passes in circulation, Davey said.
Posted on May 20, 2011 at 7:44 AM