Card-Cloning Scam Targets National Retail Chain
Recently, nearly two dozen Americans have been indicted in connection with a card-cloning scam that specifically targeted a national retail chain based in Chicago, Illinois. This criminal operation involved the installation of malicious software on multiple computers belonging to the unnamed retailer, which offered a wide range of products including clothing, electronics, toys, furniture, and home decor.
Between 2016 and 2017, the malware enabled a co-conspirator to capture the data of over three million credit cards, debit cards, and gift cards used at 400 branches of the retailer. This stolen information was then sold to another individual for $4 million in Bitcoin, transferred through 66 transactions.
The buyer of the stolen data then made it available for sale on two separate websites, attracting over 3,000 users interested in purchasing the acquired information. An indictment unveiled on May 25 in the Northern District of Illinois implicated 22 individuals from nine different states, primarily in their late 20s or early 30s, residing in California or New York.
These defendants allegedly utilized the purchased data to make unauthorized purchases at various businesses nationwide, such as gas stations, hotels, and restaurants, between August 2016 and July 2020. Approximately 80 individuals in Illinois fell victim to this fraudulent activity.
All but two of the indicted individuals have been apprehended and are now part of the federal court system. The remaining fugitives are believed to have fled overseas. The Department of Justice has confirmed that the investigation into this card-skimming scheme is still ongoing.
Legal Consequences for the Defendants
According to the indictment, the defendants are accused of acquiring payment card data ranging from 1,000 to 2,000 skimmed cards. One defendant, Barry Shi of Rosemead, California, allegedly purchased the data of at least 18,742 payment cards, with over 13,249 used at the Chicago retailer’s stores, in exchange for approximately $507,273 in Bitcoin.
Wire fraud carries a potential sentence of up to 20 years in federal prison, while aggravated identity theft mandates a consecutive two-year prison term.
As the investigation progresses, authorities are working diligently to bring all involved individuals to justice and prevent similar fraudulent activities in the future.