The numbers were sent to the Florida defendants?who specialized in manufacturing bogus credit cards complete with embossing, logos, holograms and properly encoded magnetic strips?from a group of Eastern European residents who specialized in collecting the stolen credit card numbers, the Secret Service said.
That Eastern European group of fiduciary Fagans obtained those numbers from many different sources, but many of the numbers were traced back to two specific major retail data breaches: last year's TJX breach and a 2005 Polo Ralph Lauren breach, said a Secret Service case agent involved in the investigation and who asked that his name not be used.
Credit card numbers from the TJX theft have reportedly found themselves in multiple bogus credit card and giftcard probes, including a major giftfraud probe?which was also in Florida?as well as investigations in Alabama, North Carolina and Virginia.
Beyond the card numbers taken from Polo and TJX, the Florida group also used skimmers at restaurants to steal numbers along with "multiple hacks from the last five years," said Brian Camerieri, who is the supervisor of the Secret Service group leading the probe as well as the assistant to the special agent in charge of the Secret Service's Miami field office.
The numbers were quite global, with victims in the U.S., Europe, Asia and Canada, among other places, and impacted "more than 300 banks," Camerieri said.
Authorities watched as the Florida defendants sent "large amounts of money" to the Eastern Europe team using an Internet payment system called E-Gold, which Camerieri said was considered a company that "didn?t verify anything" in terms of identification and was a good choice "if you wanted to disguise who you are and launder money."
The defendants "were able to provide fictitious information to set up the account," said the case agent, who added that the lack of verification meant that, to the defendants, people could "just give (E-Gold) whatever (name and address) you want to give."
The Secret Service issued a statement that said "more than 200,000 credit card account numbers were recovered in connection with the ring's activity, which was responsible for fraud losses of more than $75 million. Additionally, agents seized two pick-up trucks, $10,000 cash and one handgun in connection with the case."
But Camerieri said that dollar amount wasn't a specific amount and was merely a rough estimate based on a conservative guess that each card could bring $500 of fraud and that the actual number of card numbers the group was charged with having was 172,000. That actually comes to $86 million, but the announced figure was made even more conservative, possibly because not all cards had been used at the time of the arrests. Making the estimate released even more conservative is the fact that, typically, Camerieri said, the fraud on a bogus credit with a stolen credit card number is much higher than $500.
Credit card thieves have to play with various time limitations. If a credit or debit card is physically stolen through deception?such as a pickpocket--the thieves assume they have barely an hour or two before the card owner discovers the theft and alerts their bank to suspend the card. If the card is taken through force?such as during a mugging?thieves assume they have mere minutes.
In both of those physical situations, the objective is to use the card as quickly as possible. Popular approaches are to use it quickly to make an expensive purchase and then discard the card. Buying a high-dollar amount of giftcards right away is also popular because it can buy the thief several additional days to spend the money before authorities can connect the stolen credit card to the stolen giftcards.
But when thieves steal large numbers of credit cards?the TJX breach, for example, involved the thieves accessing the credit card data of some 46 million consumers--the cards are sometimes changed, but they are often not touched until some fraud is discovered. That gives the fraudsters plenty of time to create fake cards and to sell them to other thieves. Once fraudulent activity starts, it keeps going until the credit card company detects a fraudulent pattern and calls the consumer or until consumers receive their next credit card statement and notify their bank.
In the Florida case, the defendants ran a diversified fraud business, Camerieri said, with numbers being sold in addition to various types of credit cards. The credit card plants the defendants ran created full cards?complete with embossing, bank and credit card logos, holograms and properly encoded magnetic stripes on the back?as well as so-called white plastic, which is just a plain card with the properly encoded magstripe.
The white plastic cards are popular because they are cheaper than the full cards (which often sell for between $50 and $100 each). Although they can't be used when dealing with retail employees, they work well with self-checkout systems such as gas stations and supermarket checkout. "We?ve seen a lot of HomeDepot," Camerieri said, referring to the home improvement chain's extensive use of self-checkout lanes. "You can pay at the gas staton all day long with that stuff."
Other retailers seen repeatedly in this case were Wal-Mart and Lowe's and "all of the electronics chains," said the case agent.
Those arrested were Miguel Alegria, 46, of Hialeah, FL; Raynier Pupo, 22, of Miami, FL; Ariel Montero, 32, of Aventura, Florida; Javier Padron-Bravo, 35, of Aventura, FL; Julio Lopez, 30, of Hialeah, FL; and Anett Villar, 26, of Hialeah, FL. Charges against some of the defendants included aggravated identity theft, counterfeit credit card trafficking and conspiracy.
Cuban Nationals Alegria, Pupo, Montero and Padron-Bravo all plead guilty in late June to the conspiracy counts, in exchange for a plea agreement with the government for the other charges to be dropped, Camerieri said.
Alegria, Pupo, Montero and Padron-Bravo are scheduled for sentencing in September, which is when the judge will decide whether to accept the plea agreement.
The probe started with the Secret Service's Nashville field office and their investigation of Lopez and then Villar, who the Secret Service described as Lopez's girlfriend. An agent went online while undercover and tried to do business with Lopez, whose screen name was Blinky. Agents borrowed the suspect's online name for the probe's codename and Operation Blinky soon had a cooperating?and still unidentified?defendant.