Secret Service Investigating Rash of Card Fraud in Northwest, Supermarket Wholesaler May be to Blame

The Secret Service is investigating a rash of credit and debit card fraud reported by customers of more than a dozen banks and credit unions in the Northwest. Officials have not yet been able to determine the amount of losses, but hundreds of cards have been compromised. “For the Spokane region, it’s a substantial fraud incident,” Kevin Miller, the agent in charge of the Secret Service’s office in Spokane, Wash., told the Spokesman-Review, calling it the largest outbreak of credit card fraud he’s seen in nine years in Spokane. The reports of misused cards range from purchases of items in Saudi Arabia to multiple purchases of gift cards in grocery stores in the Midwest and California, the Spokesman-Review reported. Officials are finding common points of purchase connected to the fraud spree: supermarkets associated with grocery wholesaler URM Stores Inc. in Spokane, which has launched a forensic review of its systems. Both URM and investigators are trying to determine whether a data breach occurred at URM, which operates a computer network that delivers purchase data at those stores to a global card transaction company, First Data, the Spokesman-Review reported. But how would this breach have occurred? URM does not store the transaction data that ends up being processed by First Data. Instead, URM serves as a real-time pathway for the transaction information to First Data’s main servers. “We are working with member-owners, forensic investigators, bankcard associations, transaction processors, and law enforcement officials, in an effort to determine whether there has been any unauthorized disclosure of payment card information. At this time, we cannot confirm any unauthorized disclosures,” said Ray Sprinkle, CEO of URM, in a statement from the company. Many purchases involve a physical card that someone has produced with the original numbers and name of the cardholder, Mark Smith, CEO of Sears Spokane Employees Federal Credit Union, told The Spokesman-Review. While he doesn’t know exactly when the fraud started, Smith said the thieves’ collection of card numbers may go back several months because of the time it takes to produce counterfeit cards. Many of the fraudulent purchases involve a physical card, with the original numbers and cardholder names. Many of the items purchased are high-value items purchased online and outside the U.S. Thieves have also made smaller purchases at stores in the U.S. How do you think the thieves got away with such a large heist of debit and credit card numbers? We can only guess that this is an inside job at URM or First Data, but we will leave it to the experts to determine that.