AUSTIN (KXAN) — A day seldom passes when a new credit or debit card theft case does not end up on the desk of Detective Brenda Bauzon.
“We get hundreds, possibly thousands, of reports a month,” said the detective in Austin Police Department’s financial crime division.
Relative to other units within the department, financial crimes is tiny with just five detectives working on thousands of crimes. And the victims pile up faster than Bauzon and colleagues can solve them.
The criminals have taken a big lead thanks to technology to the point Bauzon says even the most careful cardholders may still become victims.
“It is not a matter of ‘if,’ it is a matter of ‘when.’”
“My phone rang and it was Discover Card,” said Mart Rushing about the curious phone call from the person asking if he made online purchases at Apple, Best Buy, and Strait Music.
Rushing had not purchased anything from those websites. In fact, he had not purchased anything with the card in recent days with the exception of lunch at Red Lobster.
But ironically, a purchase so simple provided the perfect opportunity for theft.
“What a credit card boils down to is a number,” said Bauzon.
Police say a waitress used her smart phone to take a picture of Rushing’s card, front and back. With a name, credit card number and expiration date, all that was needed was an internet search of Rushing’s name before someone had all the information they would need for an online shopping spree.
And one of the items on the wish list was a $2700 flute from Strait Music.
“I told our staff to not send this flute out,” said Clint Strait with the music store who made the wise decision not to mail the high dollar item, but to require an in store pick-up.
“They used different billing and shipping addresses,” said Strait about one of many red flags raised by the order along with a suspicious story from a man who tried to explain why Rushing, the name on the card, would not be able to pick up the flute.
“I knew it was fake and when I talked to him, I really knew,” said Strait.
Police arrested Manual Muro and Veronica Ramirez for credit card abuse. They believe Ramirez, working as a waitress, stole Rushing’s card number at Red Lobster and worked with Muro to make the bogus purchases.
This particular case ended in an arrest, but that puts it in the minority.
TOUGH TO TACKLE
Policing credit card crime on a local level can be tricky according to Bauzon. Many of the reports she receives steam from thefts and breaches stretching over state lines.
“The cases that scan over multiple jurisdictions can only be investigated on a federal level,” she said. “At APD, we look for local, viable leads.”
As a result, the amount of cases prosecuted pales in comparison to the amount of reports made. At the beginning of this year, only 57 cases of credit/debit card abuse were listed on Travis County’s felony docket.
Even those cases may not carry much consequence.
“Typically, we will put them on probation if they commit one of these crimes unless it is a repeat offender or someone involved in a theft ring,” said prosecutor Gary Cobb.
Like the Austin Police Department, resources for such cases are not as abundant at the district attorney’s office.
“We want to prosecute, but it is a non-violent crime,” said prosecutor Gary Cobb. “I think our community wants us to use more resources against violent criminals.”
NEW WAYS TO STEAL
Cobb said the amount of credit card and debit card theft has not necessarily grown over time, but the nature of the theft has become much more varied with the digital age.
Still, the more things change, the more they stay the same. Having a card stolen out of a purse, wallet or elsewhere is the most common way to become a victim.
“Most of what we still get is the nuts and bolts credit card and debit card abuse case where somebody gains access to the card,” said Cobb.
Once a card is stolen, there are skimmers and card cloning devices that can be bought online. Those devices could put the purchasing power into the hands of those who had nothing to do with the original theft.
“One of the red flags we see is a $1.50 charge at a vending machine,” said Bauzon. The small charge at a vending machine is hardly noticeable on a bank statement and is the perfect test run for stolen and cloned cards.
“Basically they are testing it to see if it works. The initial charge is usually very small.”
With recent breaches at many big box stores, the only way to ensure card information will not be stolen is to only pay with cash. But it is a risk most every cardholder is willing to take because fraud liability protection is offered for just about every debit and credit card. It ultimately means the cardholder will not lose the money which is stolen.
At least not right away.
COVERING THE COST
The apparent apathy towards such crime may be rooted in the consequence.
On the surface, the victim is not impacted by much more than the inconvenience of ordering a new card.
But card companies and businesses feel the cost of the crime much more. And with huge security breaches, the total price tag can put dents into the commercial economy in which the industry and merchants operate.
That is when it will come back around on the consumer.
“Typically, the citizen victim is not going to end up paying for the illegal activities of others,” said Cobb. “Often it is the bank, but those costs are passed off to us. Ultimately, we will pay.”
Liability for breaches and fraud can be hard to place and the Texas House of Representatives recently held a committee hearing on the task of paying for, and stopping, the crime.
OLD AND NEW TECHNOLOGY
At the March 27th hearing, industry experts testified the magnetic stripe credit card system is 1970’s technology. The stripe can be easily read, easily cloned, and easily distributed.
But spokespeople for Visa and Mastercard spoke before the committee and say a change is coming. The “Chip-and-PIN” technology being used in Europe and other parts of the world is expected to become the new standard for those companies and they have targeted October 2015 for when it will happen.
Chip and PIN is already available upon request in the United States. Cards feature a square, metallic, chip and require a PIN to be used. Unlike the magnetic stripe, the chip “scrambles” the card data making it more difficult to decipher and clone.
Although not totally fail proof, once Chip and PIN became the standard in Europe last decade, many countries reported an almost immediate drop in compromised cards.