Two recent ID theft reports come from the Sooner State. In the first, Waukomis police arrested a pair of suspects, charging them with possession of several stolen social security numbers, plus stolen checks and credit cards. According to police, the suspects are involved in an ID-theft ring that stretches from Enid, OK, to Amarillo, TX.

News reports suggest that the ring raided rural mailboxes and cars in shopping center parking lots. Police said they also found stolen drivers' licenses and birth certificates in the suspects' vehicle.

Preliminary estimates suggest that the pair had as many as 50 victims, many of whom had no idea their identities had been stolen.

The second report indicates that a "jury duty" scam seen in other parts of the country has hit Oklahoma. Apparently, the elderly were targeted by scam artists posing as court officials who telephone the Oklahomans to inform them they had failed to appear for jury duty, and that warrants had been issued for their arrest. Using the ruse of wanting to verify the elders' identity, the fraudsters convinced their targets to divulge their birth dates and social security numbers.

News reports indicate that Oklahoma Attorney General Drew Edmondson reminded constituents not to reveal personal information by telephone, and asked that suspicious calls be reported to authorities.

The recent breach of debit card numbers and PINs is estimated to have affected 600,000 customers. Customers complained of unauthorized PIN based charges happening across the US and internationally. Debit cards had to be deactivated and reissued to prevent losses to any customer account which may have been effected. Two of the hardest hit institutions are naturally two of the largest, Bank of America and Washington Mutual. Both of these institutions have reacted now by offering an alert service. Sanjay Gupta, Bank of Americas e-commerce executive said "We're giving customers more ways to detect fraud and keep an eye on their accounts. They can decide what they want to hear about and where they want to be told."

While these two banks have different programs, each has some of these features available; email and text messages being used to alert customers when passwords are changed, purchases or withdrawals exceed a user-specified dollar limit, or when the balance falls below a user-specified threshold. Emails may be sent to a home or work email address and even Blackberry and Treo devices.

It still appears that PIN and debit card information was retained somewhere, and that this data was accessed and used. Storing encryption keys and customer data is prohibited under section 3.2.3 of the Payment Card Industry data security standards. OfficeMax, thought to be a key source of this massive breach, said that an independent and an internal investigation by security experts found no indication that their customer information was breached.

The FBI and Secret Service are still investigating. But the finance industry is beginning to ask itself the more important question, could this happen again? Security programs such as the two above should gain in popularity and provide better protections against the recurrence of an event such as we've just seen.

It isn't over until the losses have been totaled, but at least it is coming to an end.

14 people were recently arrested by New Jersey authorities in connection with one of the costliest debit card thefts we have seen. Ties led to international gangs but search and arrests warrants were made in Florida, Georgia, Massachusetts, and South Carolina. This was costly in more ways than one. It appears that a weakness in the payment system allowed PIN numbers to be retained when a debit card was used. These numbers were accessed and the criminal had the card number, and the PIN upon which we rely for security. This is akin to keeping the key to your front door on a hook next to the door knob.

While it hasn't been announced, many trace the fault back to OfficeMax and other merchants. OfficeMax has denied such breach was made to their systems. Regardless, the data was obtained and used from some source. It was an informant that lead police to the alleged perpetrators and the arrests began two weeks ago.

In addition to the charges bank customers saw on their accounts from places including Great Britain, Pakistan, Romania and Spain, banks had to reissue hundreds of thousands of debit cards as a preemptive measure to prevent direct monetary losses. Those banks should be applauded for their proactive measures and for having a plan and the facilities in place to handle the identification and reissuance. Financial institutions have paid a huge price in more ways than one. But the integrity of this payment system is in tact, though in need of refinement. What data is obtained, and retained must be questioned, as well as the security of that data.

This event will also remind financial institutions that customers can take security precautions with their debit cards, but still suffer losses. It is the institution that suffers the greatest loss. The card used wasn't an "authorized access device" and the consumer would have no liability. It is also a reminder that customers using internet banking will suffer from fewer unauthorized transactions. Using a home banking product, your customer will more quickly detect these transactions and alert you. So all institutions can learn from this, preparedness, infrastructure, data security, and marketing all go hand in hand.

$50 Million Ponzi Scheme Gets Shut Down
Some BankersOnline users have mentioned "12DailyPro" in the threads in Operations and elsewhere under Stormpay Pyramid schemes. The SEC alleged that Charis Johnson raised more than $50 million from more than 300,000 investors. He convinced them that they could earn a 44 percent return on their investments in 12 days by looking at internet advertisements.

Ponzi schemes are a type of illegal pyramid scheme named for Charles Ponzi, who duped thousands of New England residents into investing in a postage stamp speculation scheme in the 1920s. These work on a pyramid basis and new funds are required to pay old investors.


Caught Skimming
In San Antonio, TX federal grand jury indicted Shadi Ismail Mohamed Banihani, a former Houston gas station employee, and Samer Mohamed Al-Khatib, on charges of conspiring to possess and use unauthorized ATM cards. It is believed Banihani captured customer information using a skimming machine at the Houston gas station where he worked and shoulder surfed to get the PINs or got them from the customers themselves. A Texas Department of Public Safety trooper conducted a traffic stop and found $85,000 in the car with 254 ATM and various receipts. The extent of the crime is not yet known.

In a related note, CitiBank imposed transaction blocks on PIN initiated transactions on some of its cards. Suspicious transactions were seen in the UK, Russia and Canada after a U.S. retailer suffered a security breach.

There appeared to be a media blackout in the U.S. on this story. But a CitiBank customer reported problems on a blog entry and that fueled wild speculation that their ATM network had been compromised. CitiBank has since released a statement which stated "Recently, we became aware of fraudulent ATM cash withdrawals on Citi-branded MasterCard credit and debit cards used in three countries on customer accounts that had been possibly compromised in previous retailer breaches in the US." "To protect customer accounts that were affected, we placed a special transaction block in those three countries on PIN based transactions. We are currently reissuing cards, as appropriate, to affected customers."

CitiBank took action to protect the deposits of their customers, but neglected the public relations side of the issue. This is truly a global economy with global communication capabilities.