[ISN] Debit Card Fraud Tied to OfficeMax Breach

InfoSec News isn at c4i.org
Thu Mar 9 01:33:24 EST 2006


By Paul F. Roberts 
March 8, 2006 

Debit card fraud that has affected customers at a number of credit
unions in central Massachusetts is linked to transactions at office
supply retailer OfficeMax, according to investigators.

Dozens of credit union members in the towns of Leominster and
Fitchburg, Mass., have been defrauded of more than $45,000 in the last
few weeks by criminals in the United States and abroad, according to
law enforcement officials in those towns.

The fraudulent transactions involve cloned Visa debit cards and may be
linked to the theft of blocks of PINs from OfficeMax or an
intermediary processor, sources familiar with the case said.

In Leominster, police know of about 40 victims of incidents at a
number of credit unions in the area, dating back to Feb. 28, said
Detective Scott Wolfeasazder of the Leominster Police Department.

New victims are turning up every day, he said. "Just today I found out
that City Employees Federal Credit Union had seven accounts accessed,
with funds withdrawn from five of them," he said, adding that
Leominster Credit Union has had to close 500 debit accounts because of
the fraud.

Most of the withdrawals are small, up to $500, and many were conducted
in Barcelona, Spain, though ATMs in the United States and Canada have
also been used. In total, the damages are upwards of $30,000, he said.

All the victims the police have reached at this point shopped at
OfficeMax and used a Visa debit card, Wolfeasazder said. "That's the
common denominator on this end," he said.

In neighboring Fitchburg, police know of dozens of residents who have
had debit cards used fraudulently, with totals of around $17,000 in
damages, said Sgt. Glen Fossa of the Fitchburg Police Department.

The transactions date back to mid-February and were linked to ATMs in
Illinois, Turkey, Great Britain and Switzerland, he said.

The random nature of the fraud and its geographic distribution
indicate that the stolen information is being fenced on the Internet,
investigators say.

According to multiple sources, thieves may have made off with PIN
blocks, or groups of encrypted debit card PIN information, as well as
a key to decrypt the information.

That information is being used to format "white cards," or blank
magnetic stripe credit cards, according Fossa and Wolfeasazder.

For the card accounts stolen from Leominster and Fitchburgh credit
union customers, the stolen information appears to be tested in
California first, then used for fraudulent transactions all over the
world, Detective Wolfeasazder said.

Law enforcement does not know if the PIN information was stolen from
OfficeMax or a partner company, or whether it was taken in an
electronic hack or leaked by an insider.

At least one source familiar with the investigation, who asked to
remain anonymous because of the ongoing investigation, named OfficeMax
as the source of the PIN block information.

However, OfficeMax, based in Itasca, Ill., maintains that its network
has not been compromised, according to Bill Bonner, the company's
"We have no knowledge of a security breach at OfficeMax," he said.

Criminals have turned to debit card accounts because they are less
well-protected by anti-fraud technology than traditional credit card
accounts, said Mike Urban, director of fraud technology operations at
FairIsaac, a Minneapolis, Minn., company that monitors ATM and banking

FairIsaac is monitoring a number of ATM fraud incidents around the
country and notifies card issuers when it identifies fraudulent
activity on an account, Urban said. "We are seeing a significant
increase in stolen PIN cards," he said.

More information about the ISN mailing list