Card Fraud Linked to Fast Food Chain Costs Thousands

This is the first time we have heard of customers of a major national fast food chain being the victims of retail credit card fraud. Hundreds of victims lost thousands of dollars in October and November after thieves use malware to pull the Bojangles customers’ card information, and sold the numbers to a third party. The criminals took the scam of step further, making new cards with magnetic strips (cloned cards). Investigators say hundreds of customers of at least five Bojangles restaurants in Asheville, Waynesville and Hendersonville, N.C., along with stores in Greenville, S.C. and western Tennessee were impacted. "We have all been inundated with fraud reports," Lt. Chris Chandler an officer with Waynesville Police, told ABC News 13 in Asheville. "We've even had five of our officer's cards compromised."  The fake cards have been used all over the U.S. to not only fraudulently charge credit cards, but also to withdraw cash from bank accounts. Some of the victims have had their entire bank accounts wiped out, and one individual’s card was fraudulently charged $19,000. In some cases, the thieves tried swiping multiple cards at various stores until one of the cards worked. "They would slide five different cards before one was successful and they, the clerk, allowed that transaction to go through," Chandler said. Even though the rash of card fraud has been linked back to Bojangles, the fast food chain is not saying how its customers’ card numbers were compromised. “Bojangles' is aware that the credit card information of some customers may have been compromised at a small number of restaurants operated by a single franchisee, including one restaurant in Newport, Tenn. Steps were immediately taken to safeguard customer data by using a dial-up method for credit-card transactions that is secure,” according to a statement from the company. However, Johnny Caldwell, director of operations for 34 Bojangles in Western North Carolina, Tennessee and South Carolina, provided a few more details in a statement to ABC News 13. “We've had a third party contracted to review and secure our systems several weeks ago. The banks have been in touch with our office and taking care of our customers. We want all our customers to know it is safe to use credit cards in our stores.” We are still trying to figure out why Bojangles’ customer data was not protected. How does a multimillion dollar company not have secure servers for its customer transactions? According to local police, the credit card reader at one store was connected to the restaurant's Wi-Fi network, which appears to have been the hackers' point of entry. At the same time, it is difficult to criticize retailers and restaurant companies that are the victims of credit card fraud. It is becoming such a common occurrence among companies large and small, particularly as thieves become more technologically savvy and find ways to circumvent the security measures already in place. In addition, we may get more information as the investigation continues. Multiple police agencies are involved, including Asheville police, Haywood County detectives and investigators from law enforcement agencies in South Carolina and Tennessee, according to ABC News 13.