CRM Chutzpa: Best Buy Credit Card Thief Sought Loyalty Rewards
Written by Evan SchumanA group of credit card thieves in Seattle tried to maximize their profits by using their stolen credit card data to open a loyalty card account with Best Buy, where they could get could extra benefits along with their stolen products, according to a federal probable cause document filed Nov. 19. One had tried a similar rewards scam with a Home Depot reward card and a Sears gift card.
According to a probable cause document, the defendants’ lack of discretion may have done them in. Best Buy regional loss prevention officer Steve Castillo "noticed a strange pattern of purchase activity," according to the federal filing. How strange? The reward card was linked to 77 different credit card accounts between April 2007 and June 2008. And it was used to make 125 separate credit card purchases totaling $252,000, the filing said.
A few inquiries quickly established that at least 44 of the credit cards associated with the reward card had been reported stolen and federal authorities expected that number to rise sharply as more people are contacted, the filing said.
The two defendants, Gabriel K. Lang and Billy Morris Britt, were charged with the crowbar type of credit card thefts. Specifically, they are accused of physically breaking into gym lockers and stealing credit cards and then using that data to create bogus credit cards and identification documents with their headshots.
The credit cards and ID were then used to purchased "high-end electronic equipment, including notebook computers, digital cameras, televisions and iPods," which would then be sold through EBay.
Thus far, it’s fairly traditional, even down to using EBay as a convenient laundry. (New tagline: "Ebay: Fence to the most elite street gangs in America.") But it’s when they applied for a Best Buy rewards card that things get interesting.
Best Buy and a federal investigator traced the Yahoo E-mail address used to open the Best Buy rewards account and then subpoenaed the IP address history of any attempts to access that account. The most frequent IP address used was owned by Comcast Cable and another subpoena delivered the address.
Stakeouts and other techniques—using video surveillance of the person using that gift card—resulted in the arrests. But Best Buy’s Castillo was running his own probe as well.
Castillo started searching on EBay "looking for sellers who were using the site to sell items with the same model numbers of the high-dollar items that were being purchased using" the suspect rewards card and were in the Seattle area, the probable cause document said. He then found that items purchased with that loyalty card quickly went up on the site under the name of an Ebay seller called Nexusi. An investigation of Nexusi lead to the same suspects, the document said.
One big tip-off came when one of the suspects tried to sell some Apple hardware. "The Apple computers sold through this account were listed for sale at $100 below the normal retail prices for these computers and iPods sold through the account were listed for $50 less than the normal retail prices for the iPods," the filing said. But given that Apple never discounts—other than a one sale a year for students—Castillo suspected something improper. Apple then confirmed that the suspect’s company was not an authorized Apple reseller.
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
