Hundreds of credit and debit cards were skimmed at Canadian coffee shops, including Starbucks, before being used at banks in Seattle to withdraw nearly half a million dollars in cash.
Canadian bank investigators noticed a lot of their customers' account information was being used to withdraw money in Seattle, and they asked Boeing Employees Credit Union to help.
Everyone who withdraws money at a BECU is caught on videotape. That simple security tool helped lead to the arrest of Canadian citizen, Dennis Nguyen.
"We could provide the information that they needed, the video and the photos, that ultimately led to the arrest in this case," Todd Pietzsch of BECU told KIRO 7 Eyewitness News reporter Amy Clancy.
According to court documents filed by a U.S. Secret Service agent, Nguyen was part of a crime ring that skimmed the account information off of bank cards at a number of coffee shops, including multiple Starbucks coffee shops in British Columbia. Documents show that he possibly used a pay-pad skimming device.
That data was then allegedly counterfeited onto hundreds of white plastic cards that were taken across the border into Seattle and used to withdraw a lot of money. Much of the money, more than $200,000, was withdrawn from BECU.
Investigators say the members of the so-called "Coffee Shop Gang" tried to withdraw nearly $400,000 more. They allegedly lined up with multiple cards, put them in an ATM and took out as much as they could with each card before going on to the next card until they were out of cards.
Some of the suspects seen in the BECU security video were recognized by law enforcement. However, only Dennis Nguyen was behind bars and charged with a crime on Tuesday night.
Court documents reveal the names of others, and Nguyen referred to himself simply as "a middle man," so more arrests are possible.
So far, all of the victim accounts are with Canadian banks.
Starbucks said it is aware that some of its Vancouver customers' accounts may have been compromised and it is now taking steps to protect security at those stores.
Zack Hutson of Starbucks Global Communication provided this statement to KIRO 7 Eyewitness News:
We have not been contacted by the US Secret Service and we are not aware of their investigation. However, we have been working closely with authorities in Canada to support them with a similar investigation involving a small number of stores in the Lower Mainland area of British Columbia where debit pin pads may have been compromised.
The security of our customers' data is a top priority for Starbucks, requiring constant vigilance. We are committed to safeguarding data customers share with us and we work closely with law enforcement and financial institutions to support their investigations as soon as they alert us to potential compromises.
We have taken important steps to protect our customers' debit card data in British Columbia, including alerting our partners (employees) to report irregular behavior, checking pin pad serial numbers daily, and installing security cables to prevent pin pads from being compromised. In the US, our stores do not use debit pin pads. Instead, they use a different technology in which customers' cards are swiped at the point-of-sale (POS) system by our baristas.
If customers are concerned about their data being compromised, they should contact their financial institution as well as local law enforcement.
Lorraine Wilson at Vancity, a British Columbia bank where many of the targeted customers bank, provided this statement to Clancy:
In Canada all major financial institutions are migrating to chip technology and the industry has set dates for conversion to chip. As you are probably aware, the new chip card technology contains an embedded computer chip which stores and processes data. Chip cards and chip terminals work together to provide added security by validating the card and the cardholder. Chip cards have improved security over purely magnetic stripe cards; however, no technology is 100% invulnerable to fraud, skimming is also way down due to chip technology.
Complete migration to chip technology in Canada will take several years and point-of-sale terminals aren't required to be converted to chip until December 31, 2015.
Following are some tips we share with our members on how to prevent credit card skimming?
• Use your hand or body to shield your PIN when you are conducting transactions at an automated teller machine (ATM) or at a point-of-sale terminal.
• If an ATM or a point of sale terminal appears to have been tampered with, contact us immediately.
• Under no circumstances provide anyone with your credit card PIN, especially over the phone. Provide personal information only when you are sure you know who you are talking to and there is good reason to provide it.
• You should treat your card like it is cash and make sure you never lose sight of it. If possible follow a waiter back to the payment terminal in a restaurant. This may look awkward and silly, but it's essential to prevent your credit card being cloned and misused.
• Shred old receipts and credit card bills. And be sure they are completely destroyed.
• Check your card statements regularly. Always report unauthorized or suspicious transactions to your financial institution immediately.
Our Security Guarantee : If you incur losses due to unauthorized online banking or debit card transaction activity you will be reimbursed as long as you fulfill all of your responsibilities under the Account and Services Guide.