FBI widens probe of debit-card theft

The FBI has expanded its investigation into a debit card fraud that has mostly affected 200,000 consumers in the Western United States, saying that the case might be linked to other debit card thefts around the country.

The FBI's Sacramento bureau initially took control of the investigation. Last week, it was moved to the FBI office in Charlotte, N.C., after officials there learned that the case might be related to one of their investigations, said Special Agent Karen Ernst, the spokeswoman for the Sacramento office. She and FBI officials in Charlotte declined to provide details about the Charlotte investigation.

Starting late last year, banks and credit unions, mostly in California, began issuing new debit cards after some account holders discovered fraudulent withdrawals at overseas ATMs. Banking officials said they traced the problem to a security breach involving at least one major retailer.

Neither the banks nor credit card companies, such as Visa and MasterCard International, would disclose the name of the merchant.

As first reported by CNET News.com, an initial investigation into the matter revealed that the case might involve two separate retail chains--one that has acknowledged a problem and another whose possible role is uncertain.

Asked whether the FBI's investigation in Charlotte involved any retailers, Ken Lucas, the bureau's spokesman, declined to name industries or particular businesses but said that "there's a potential out there that a number of companies could be involved."

One company that has acknowledged a security breach is the United States' largest retailer, Wal-Mart Stores.

In December, Wal-Mart acknowledged that credit cards used by some customers who bought gas at the company's Sam's Club stations between Sept. 21, 2005, and Oct. 2, 2005, had been compromised. Many Sam's Clubs also accept debit cards.

There are more than 500 Sam's Clubs in the United States.

But the trail doesn't end with Wal-Mart, sources close to the investigation have said. As investigators began to look into the rash of unauthorized charges, they found that a large number of people whose debit cards were compromised had one thing in common: They previously had shopped at office-supply chain OfficeMax, said a banking source familiar with the case. Two law enforcement sources also said OfficeMax is part of the investigation but did not provide details.

None of the sources, who requested anonymity due to the ongoing investigation, knew for certain whether OfficeMax had suffered a security breach.

OfficeMax said it has not suffered any security breaches.

According to one banking official close to the case, OfficeMax has been queried by at least one financial institution about the matter.

[william080886]

My check debit card was used that way in January

16 items were bought using my check debit card in January, but the items were shipped to me. I got a new card. I also put a 90 day fraud use on my card.

[hadaso]

They should use statistical methods

Investigators of abuse of stolen credit/debit card numbers should use statistical methods to correlate abuse with data about where the cards were previously used.

OfficeMax might not be aware of breach of security because it might involve just a few employees, and the data might be stolen by a cashier without any problem in their own system. At the point where the card is being read the data can be compromised using a hardware keyboard-logger, just like those used in in public web access points. The Retailer might not be aware that an employee does this.

[ChristinaFell]

Debit Card Theft Victim Is PISSED

I found out yesterday that my card # was stolen and used to purchase large amounts of merchandise from the ***** Sporting Goods Website. This caused our account to be over $700 overdrawn! Don't woryy you'll be refunded the stolen funds they all keep saying, Yeah! In 7 to 10 business days after the police report is recieved. What these people don't seem to understand is, everything we had was in that account! We don't carry cash and our checks are direct deposited, so how am I supposed to care for a family of 6 for 2 weeks on $5 in change???? Then the detective tells me the perp most likely will never be caught! Like Hell!!! This is one issue I will not let go untill someone is held responsible!