Feb. 1 - KGO - Our advice: Check your credit card statements carefully. It's always a good idea, but especially for anyone who's eaten at a certain Chinese restaurant in San Francisco in recent years.
We've uncovered many scams over the years, but the experts say this goes beyond a scam, that it's an out-and-out crime.
When we met 50-year-old Phau Lam, he took off and kept running and running, until he was out of sight. We know why.
Irene Bartholomew, Victim: "It's a scam. It's a crime and he has to be in jail. That's it. He has to be in jail."
Irene Bartholomew used to have lunch at Lam's Home Menu restaurant on Mission at South Van Ness, before it closed almost a year ago. She was shocked when she checked her bank statement recently and found a new charge for $175 dollars.
She went to the restaurant -- still closed -- and confronted Lam.
Irene Bartholomew: "'Why I was charged $175 dollars for just lunch, you know, a rice plate meal, you know.' And he goes, 'Oh, can you come back, my friend, tomorrow at about 12 o'clock at this time?' I go, 'Okay, I'll come back.'"
And she brought the I-Team with her.
ABC7's Dan Noyes: "What's going on here? What happened?"
Phau Lam, Restaurant Owner: "I don't know."
Dan Noyes: "Why did you bill her ATM card?"
Phau Lam: "I don't bill that."
Dan Noyes: "You didn't bill that, well, who did?"
Phau Lam: "No, I don't know."
Dan Noyes: "Oh, come on."
Phau Lam: "No, I don't want to take a picture."
Phau Lam didn't want to answer any questions about his business. He led us through the back of the restaurant and out the loading dock.
Dan Noyes: "You aren't even selling food and you're billing their credit card? Mr. Lam."
He took off and kept running. On few occasions have we seen someone run so far from our cameras. Lam left the doors to his restaurant wide open. It's clear he was not ready for business -- we found no food on the shelves. But two cash registers and three credit card machines were powered up and ready for action.
We found several receipts for credit card charges dated long after the business had shut down -- one for $800 dollars.
Pat Wallace, Better Business Bureau: "This isn't even a scam. I don't even call this a scam. This is just out and out theft."
Pat Wallace of the Better Business Bureau has received several complaints about Lam charging his former customers' credit cards, months after the restaurant closed.
Pat Wallace: "We found that he not only charged once, but two and three times to the same card. So, I guess he ran through his, all of his credit card records and then started over again at the beginning."
Naveen Nathan had his card charged four times since the restaurant closed, for more than $800 dollars.
Naveen Nathan, Victim: "And the credit card company finally said that there's no way that we can stop these guys charging you. Rather you report this as stolen or lost and we could stop the number and we can issue a new number."
In all, we tracked down 15 people who say they've had fraudulent charges from Home Menu or another restaurant Lam's preparing to open, Asia Taste. All of the bills are for much more than you would expect to pay for a meal at a Chinese restaurant -- $145, $218, $475, up to $935 dollars.
Van Dyke Roth, Victim: "Had he been successful it would have totaled, you know, easily, I don't know, $1,200 dollars or so."
One thing we wondered was why -- why would someone think they could get away with this? And what kind of pressures would drive them to take such risks?
Bank records show that someone using Phau Lam's machines tried six times to charge Van Dyke Roth's credit card, but didn't have the correct expiration date. They finally entered the right date at four o'clock one morning -- the charge went through for $125 dollars.
Van Dyke Roth: "How can someone do that? Just how can someone do that? You're still affecting lives even though it's just a bunch of numbers that you're running through a machine."
We may have found the answer in Phau Lam's court records. In them, a picture emerges of a man with serious legal problems and money troubles. He's been sued at least 16 times in the last 15 years by restaurant vendors, car companies, the government and former business partners.
Shun Lui, Lam's Former Business Partner: "It was $180,000 dollars, we lost."
Shun Lui and his brother, Roy, loaned Lam almost $180,000 dollars to help open his restaurant. What's more, they say Lam ran up tens of thousands of dollars in unauthorized charges on Shun's credit card. So, they sued and a judge awarded more than $200,000 dollars in damages, finding Lam "guilty of actual fraud."
Shun Lui: "Even a penny, he don't pay back."
Another of Lam's partners even filed a police report in 2004, again, for charging customers' debit and credit cards after they dined at the restaurant.
Agatha Okuda got charged $850 dollars.
Agatha Okuda, Victim: "He just kept giving me the run-around, and call back tomorrow, and we'll get in touch with our bank, yeah."
Dan Noyes: "Eight-hundred-fifty bucks, for how much of a lunch?"
Agatha Okuda: "Seventeen dollars (laughs)."
She can laugh about it now. Agatha Okuda's bank finally credited her account. Next stop for us, the authorities. Tomorrow at 6 p.m., we take the case to the San Francisco District Attorney's Office.
By the way, we've tried several times to get some explanation from Phau Lam and his attorneys for what he's done -- no luck
Monday, February 05, 2007
Police: Crooks Stole $30,000 By Cloning Credit Cards
A sweeping high-tech credit card fraud ring is victimizing dozens of banks, cities and people in northeast Ohio, NewsChannel5 reported.
Authorities said the crooks are cloning credit cards and stealing thousands of dollars. They do it by obtaining working credit card numbers, stamping out duplicate cards and then taking out huge cash advances.
Police said two men shown on a bank surveillance camera ripped off nearly $3,000 from National City Bank using fake IDs.
The high-tech part of the crime is actually duplicating credit cards, even cloning the magnetic strip on the back, police said.
In a three-day period last week, the fraud team hit banks in Beachwood, Strongsville, Shaker Heights, Mayfield Heights and University Circle.
The crooks made off with an estimated $30,000.
Bank security and police passed the surveillance photos around and finally caught up with 31-year-old Larry Colbert.
Police said Colbert came to Cleveland from Tennessee to conduct his credit card crimes. Investigators are now trying to find a man and a woman they believe are his partners in crime.
Colbert is facing a host of charges, including fraud and theft.
Authorities said the crooks are cloning credit cards and stealing thousands of dollars. They do it by obtaining working credit card numbers, stamping out duplicate cards and then taking out huge cash advances.
Police said two men shown on a bank surveillance camera ripped off nearly $3,000 from National City Bank using fake IDs.
The high-tech part of the crime is actually duplicating credit cards, even cloning the magnetic strip on the back, police said.
In a three-day period last week, the fraud team hit banks in Beachwood, Strongsville, Shaker Heights, Mayfield Heights and University Circle.
The crooks made off with an estimated $30,000.
Bank security and police passed the surveillance photos around and finally caught up with 31-year-old Larry Colbert.
Police said Colbert came to Cleveland from Tennessee to conduct his credit card crimes. Investigators are now trying to find a man and a woman they believe are his partners in crime.
Colbert is facing a host of charges, including fraud and theft.
Two arrested for credit card fraud
Two people were arrested after a search warrant served at their residence turned up thousands of dollars in fraudulently purchased merchandise on Monday.
Deputies from the San Bernardino County Sheriff's Department arrested Jose Trujillo, 33, and Stephanie Martinez, 31, at their home in Ontario, according to a sheriff's statement.
Macy's employees reported the two made purchases with fraudulent credit cards.
Trujillo and Martinez were arrested after deputies found items from Bebe and Victoria Secret stores in their possession. It was later determined that those items were purchased fraudulently, according to the statement.
Investigators later found $4,000 worth of items from Best Buy and more than $8,000 in stereo and electronic equipment, once they served a warrant at the home. Also found were 12 fraudulent credit cards from 12 different victims, according to the statement.
Investigators expect to find additional victims.
Deputies from the San Bernardino County Sheriff's Department arrested Jose Trujillo, 33, and Stephanie Martinez, 31, at their home in Ontario, according to a sheriff's statement.
Macy's employees reported the two made purchases with fraudulent credit cards.
Trujillo and Martinez were arrested after deputies found items from Bebe and Victoria Secret stores in their possession. It was later determined that those items were purchased fraudulently, according to the statement.
Investigators later found $4,000 worth of items from Best Buy and more than $8,000 in stereo and electronic equipment, once they served a warrant at the home. Also found were 12 fraudulent credit cards from 12 different victims, according to the statement.
Investigators expect to find additional victims.
Funeral director accused of using customer's credit card for online porn
Criminal charges have been filed against a Hippensteel Funeral Home director suspected of using a customer's credit card to access pornography Web sites.
Michael J. Moehring, 31, of Lafayette was charged Friday in Tippecanoe Superior Court 5 with two counts of felony fraud and felony identity deception.
Detective Jeff Rooze of the Lafayette Police Department said a customer had paid for a relative's funeral services in early January using a credit card. About two weeks later, the family found four suspicious charges on their monthly credit card statement.
"They weren't big purchases -- $30, $40. But they questioned it and took the initiative to investigate," Rooze said. "In this case, look what it resulted in."
He said the family was able to track the Internet protocol address to a computer at Hippensteel. Rooze got a subpoena to further narrow it down to a computer that Moehring used.
Hippensteel officials said that Moehring, a licensed funeral director who had worked there since 2003, was immediately terminated upon news of the charges.
Rooze said that Moehring is suspected of using the credit card number on two separate days to pay membership fees to four adult porn sites.
The fees totaled about $179.
Moehring also is accused of using a portion of the dead man's name to create an e-mail address that he used as correspondence for the Web sites, Rooze said.
ADVERTISEMENT
He said both Hippensteel and Moehring have been cooperative in the investigation.
"They are devastated by this," Rooze said of Hippensteel employees.
Police believe it was an isolated incident and do not suspect that there are other victims.
Still, Rooze encourages everyone to carefully check their credit card statements and contact the card issuer and police if there are any suspicious charges.
If convicted of the most serious charge, fraud as a Class D felony, Moehring could be sentenced to up to three years in prison for each count.
Moehring, who was arrested Friday afternoon, after posting a $5,000 bond.
Michael J. Moehring, 31, of Lafayette was charged Friday in Tippecanoe Superior Court 5 with two counts of felony fraud and felony identity deception.
Detective Jeff Rooze of the Lafayette Police Department said a customer had paid for a relative's funeral services in early January using a credit card. About two weeks later, the family found four suspicious charges on their monthly credit card statement.
"They weren't big purchases -- $30, $40. But they questioned it and took the initiative to investigate," Rooze said. "In this case, look what it resulted in."
He said the family was able to track the Internet protocol address to a computer at Hippensteel. Rooze got a subpoena to further narrow it down to a computer that Moehring used.
Hippensteel officials said that Moehring, a licensed funeral director who had worked there since 2003, was immediately terminated upon news of the charges.
Rooze said that Moehring is suspected of using the credit card number on two separate days to pay membership fees to four adult porn sites.
The fees totaled about $179.
Moehring also is accused of using a portion of the dead man's name to create an e-mail address that he used as correspondence for the Web sites, Rooze said.
ADVERTISEMENT
He said both Hippensteel and Moehring have been cooperative in the investigation.
"They are devastated by this," Rooze said of Hippensteel employees.
Police believe it was an isolated incident and do not suspect that there are other victims.
Still, Rooze encourages everyone to carefully check their credit card statements and contact the card issuer and police if there are any suspicious charges.
If convicted of the most serious charge, fraud as a Class D felony, Moehring could be sentenced to up to three years in prison for each count.
Moehring, who was arrested Friday afternoon, after posting a $5,000 bond.
Customers at 7 Del. banks swindled in debit card scam
Customers of at least seven Delaware banks say money was stolen from their accounts this week, the latest scam where PIN numbers for debit cards have been used to withdraw thousands of dollars from checking and savings accounts.
Customers from Wachovia, Wilmington Trust, PNC, DPL Federal Credit Union, Dexsta Federal Credit Union, Commerce Bank and Delaware National Bank have told The News Journal their money went missing shortly after they shopped at the Rite Aid store in the Graylyn Crest Shopping Center using their debit cards and PINs.
"I went online to check my account and knew I had not made these withdrawals," said Tina Hall, of Brandywine Hundred, who discovered that someone had made three unauthorized ATM withdrawals totaling $1,500 from her PNC account on Wednesday and Thursday. Four days earlier, Hall made a purchase at the Rite Aid store using her debit card and PIN number. When she made a fraud report, bank officials told Hall that two of the $500 withdrawals were made in Montgomeryville, Pa., and the other on MacDade Boulevard in Delaware County, Pa.
PNC spokesman Edward Kozmor confirmed that more than 10 bank customers have been affected by the latest thefts, and the bank is continuing to monitor its accounts.
"If any customer feels that their account has been compromised, they should go to their local PNC bank branch immediately," Kozmor said. "Our customers are not liable for any fraudulent activity on their accounts."
Jody Cook, spokeswoman for the Rite Aid corporation, said the investigation into the origin of the bank robberies is under way.
A company loss-prevention employee visited the Graylyn Crest store Friday morning along with a bank official to investigate the complaints.
The thefts coincidentally occurred the same week that banks sent out reissued credit and debit cards to thousands of customers in response to a massive data breach in December at TJX Companies Inc., parent company of T.J. Maxx, Marshalls HomeGoods and A.J.Wright.
Joel Romaine, vice president of Operations at DPL Federal Credit Union, said the bank sent out about 450 new debit and credit cards in response to the TJX breach.
He said that he hadn't heard from customers about the newest thefts, but advised people to contact the bank immediately if they noticed suspicious activity on their accounts. "The quicker they contact us, the quicker we can get them a new card," he said.
Wilmington Trust spokesman Bill Benintende said the bank learned last month that some of its customers were affected by the TJX data breach, and it has notified those customers and replaced their cards. Many of those customers received their new cards in the mail this week.
The bank is now working with the Delaware State Police on the most recent scam, which it just discovered.
"We started seeing a pattern of fraudulent activity on Tuesday," said Benintende. "Within 24 hours we were on the phone and began calling those clients. Within 24 hours of that, we had printed and issued new cards."
Benintende said the bank continues to monitor the situation "aggressively and proactively."
He could not say how many customers have been affected or how much money had been stolen. "It's still very early," he said.
He recommended that customers not use their PIN numbers, but swipe their debit cards like a credit card and sign a receipt.
Jason Estock, 24, of Brandywine Hundred, said he usually makes purchases with his credit card, but on Jan. 14, when he visited the Rite Aid store in the Graylyn Crest Shopping Center, he used his ATM card and PIN number to make a $1.79 purchase.
"That's the only time in the past two weeks that I used that card with the pin," Estock said.
Early this week, Estock found $980 had been taken from his bank account without his knowledge; $500 on Sunday night at a Wawa convenience store in Lima, Pa, and $480 Monday morning from the Wawa on Naamans Road in Claymont.
Estock's bank, Dexsta Federal Credit Union, took a fraud report and credited the stolen money back into his account as a disputed transaction. He also is awaiting a new debit card from the bank.
Dexsta could not be reached for comment.
Delaware State Police spokesman Cpl. Jeff Whitmarsh said that customers who suspect fraud should report it to their bank immediately.
"The banking industry and the state police in Delaware have a cooperative working relationship," Whitmarsh said. In fraud cases like these, it's more efficient if customers work with their banks first, because a bank can immediately begin an investigation. Police, however, will have to subpoena bank records, a process that takes time.
"If folks think they're a victim of this kind of case, they need to call their bank and make them aware of it," he said.
Customers from Wachovia, Wilmington Trust, PNC, DPL Federal Credit Union, Dexsta Federal Credit Union, Commerce Bank and Delaware National Bank have told The News Journal their money went missing shortly after they shopped at the Rite Aid store in the Graylyn Crest Shopping Center using their debit cards and PINs.
"I went online to check my account and knew I had not made these withdrawals," said Tina Hall, of Brandywine Hundred, who discovered that someone had made three unauthorized ATM withdrawals totaling $1,500 from her PNC account on Wednesday and Thursday. Four days earlier, Hall made a purchase at the Rite Aid store using her debit card and PIN number. When she made a fraud report, bank officials told Hall that two of the $500 withdrawals were made in Montgomeryville, Pa., and the other on MacDade Boulevard in Delaware County, Pa.
PNC spokesman Edward Kozmor confirmed that more than 10 bank customers have been affected by the latest thefts, and the bank is continuing to monitor its accounts.
"If any customer feels that their account has been compromised, they should go to their local PNC bank branch immediately," Kozmor said. "Our customers are not liable for any fraudulent activity on their accounts."
Jody Cook, spokeswoman for the Rite Aid corporation, said the investigation into the origin of the bank robberies is under way.
A company loss-prevention employee visited the Graylyn Crest store Friday morning along with a bank official to investigate the complaints.
The thefts coincidentally occurred the same week that banks sent out reissued credit and debit cards to thousands of customers in response to a massive data breach in December at TJX Companies Inc., parent company of T.J. Maxx, Marshalls HomeGoods and A.J.Wright.
Joel Romaine, vice president of Operations at DPL Federal Credit Union, said the bank sent out about 450 new debit and credit cards in response to the TJX breach.
He said that he hadn't heard from customers about the newest thefts, but advised people to contact the bank immediately if they noticed suspicious activity on their accounts. "The quicker they contact us, the quicker we can get them a new card," he said.
Wilmington Trust spokesman Bill Benintende said the bank learned last month that some of its customers were affected by the TJX data breach, and it has notified those customers and replaced their cards. Many of those customers received their new cards in the mail this week.
The bank is now working with the Delaware State Police on the most recent scam, which it just discovered.
"We started seeing a pattern of fraudulent activity on Tuesday," said Benintende. "Within 24 hours we were on the phone and began calling those clients. Within 24 hours of that, we had printed and issued new cards."
Benintende said the bank continues to monitor the situation "aggressively and proactively."
He could not say how many customers have been affected or how much money had been stolen. "It's still very early," he said.
He recommended that customers not use their PIN numbers, but swipe their debit cards like a credit card and sign a receipt.
Jason Estock, 24, of Brandywine Hundred, said he usually makes purchases with his credit card, but on Jan. 14, when he visited the Rite Aid store in the Graylyn Crest Shopping Center, he used his ATM card and PIN number to make a $1.79 purchase.
"That's the only time in the past two weeks that I used that card with the pin," Estock said.
Early this week, Estock found $980 had been taken from his bank account without his knowledge; $500 on Sunday night at a Wawa convenience store in Lima, Pa, and $480 Monday morning from the Wawa on Naamans Road in Claymont.
Estock's bank, Dexsta Federal Credit Union, took a fraud report and credited the stolen money back into his account as a disputed transaction. He also is awaiting a new debit card from the bank.
Dexsta could not be reached for comment.
Delaware State Police spokesman Cpl. Jeff Whitmarsh said that customers who suspect fraud should report it to their bank immediately.
"The banking industry and the state police in Delaware have a cooperative working relationship," Whitmarsh said. In fraud cases like these, it's more efficient if customers work with their banks first, because a bank can immediately begin an investigation. Police, however, will have to subpoena bank records, a process that takes time.
"If folks think they're a victim of this kind of case, they need to call their bank and make them aware of it," he said.
Hackers access card numbers
Banks are reissuing millions of debit and credit cards after a hacker gained access to TJ Maxx and Marshalls databases, putting customers' financial information at risk of theft.
It's going to cost banks about $20 for each reissued card, according to Joseph Pietroski Jr., president of the Maine Bankers Association.
The stores' parent company, TJX Companies Inc., said it discovered the unauthorized intrusion into its computer systems in mid-December 2006. But it didn't announce the breach publicly until Jan. 17, 2007.
Mark Walker of Maine Bankers Association said CitiBank already has reissued at least 1 million new cards. TD Banknorth's number of reissued cards is in the tens of thousands. Bank of America announced Thursday it will reissue an untold number of cards, Pietroski said.
Walker said usually the reissued cards are attached to new account numbers.
"Banks are absorbing an awful lot of cost for this thing," Pietroski said Friday.
Mark Young, vice president of operations at Maine State Credit Union, said the credit union has been notified by Visa that approximately 3,100 Maine State Credit Union cards were affected. A total of 7,400 Visa credit cards and 8,500 Visa debit cards were issued by the credit union.
Young said it appears the breach involves millions of card accounts across all major payment brands accepted by TJX.
"The credit union's card services department reacted swiftly to the notification by blocking each card that may have been affected, ordering new cards and notifying each member to inform them of the situation," Young said Friday.
"Members were also reminded that account holders would not be responsible for any fraudulent charges resulting from the compromise."
In Massachusetts, 28 banks were contacted by credit card companies indicating some customers had personal information that may have been exposed, according to the Massachusetts Bankers Association.
Walker said most of the affected banks are in Massachusetts and New Hampshire. Only about a half-dozen Maine banks are affected.
Pietroski said a breach doesn't necessarily mean accounts have been tapped. Banks often choose to reissue cards as a preventive measure to head off fraudulent charges.
"If TJX had let the banks know early on that the cards had been compromised, then the banks could have responded a lot quicker," Pietroski said. "I don't know the depth of the information compromised. That's the scary thing."
William Lund, director of the Maine Office of Consumer Credit Regulation, said a new state law enacted Wednesday requires individuals, businesses and other entities to notify consumers and state regulators when there has been a security breach of computerized data containing the consumers' personal information that could result in identity theft.
"If these breaches had taken place a couple weeks later, TJX would have had to either call an office like ours or the attorney general's office and also send out individual letters to consumers," he said.
For the time being, Lund said people should monitor their credit reports to make certain they don't fall victim to identity theft. He said there are three steps people can take to protect themselves.
"First, look at your credit reports. You can do that under the law without charge once a year," Lund said. "The second step is to put a fraud alert on your credit report.
"And the third step, under Maine law, consumers are permitted to freeze their files, which locks access to a credit report without the consumer's specific permission. That's the most protective step a consumer can take."
Lund said people can access all three credit agencies -- Equifax, Experian and Trans Union -- at http://www.annualcreditreport.com
Calls to local branches of Kennebec Savings Bank, Gardiner Savings Bank, TD Banknorth and Bank America were unreturned Friday.
On Monday, a lawsuit seeking class-action status was filed in federal court in Boston accusing TJX of negligence for waiting to publicly announce the intrusion and for failing to protect consumer credit- and debit-card information in its computers.
The lawsuit, filed on behalf of a West Virginia woman, seeks credit-card monitoring for affected customers and compensation for damages.
David Loughran of the Maine Office of the Attorney General said the Massachusetts attorney general also is investigating TJX.
"We're working with the Massachusetts attorney general's office on this to protect Maine consumers from credit card and other fraud," Loughran said.
Mechele Cooper -- 623-3811, Ext. 408
mcooper@centralmaine.com
Reader comments
Ben of Cliff Island, ME
Feb 3, 2007 5:13 PM
I believe that this article downplays the impact of this "data breach." My card number was one of those stolen, and I spent most of last Sunday afternoon and parts of Monday and Tuesday dealing with the mess, and there'll be more to come. This is far more than the $20 impact quoted by the article.
The real question is why was TJX keeping our credit card number on file months after we last shopped at their store (the South Portland Home Goods)?
al375 of Dresden, ME
Feb 3, 2007 10:01 AM
I think it is definately time to go back to cash only. It is inconvenient but at least your identity is safe when you make purchases. Many stores, especially the larger grocery chains, treat checks as debit devices - so checks are no longer safe either. Except for banks, businesses don't charge interest or fees for using cash.
GreatNana3 of Augusta, ME
Feb 3, 2007 8:29 AM
I can't imagine a worse time of year for TJX to I hope they are fined "big time" for deriliction of duty. Even if I am not one of the customers that is notified it still reduces my confidence in the security of using credit/debit cards. This is not the first breach of security - it seems to me that it is only a matter of time before there is a major problem. Can you imagine: your credit card info is stolen - and used to finance terrorism. You spend years regaining your "good name" - if ever. I don't even want to think about it . . . .
It's going to cost banks about $20 for each reissued card, according to Joseph Pietroski Jr., president of the Maine Bankers Association.
The stores' parent company, TJX Companies Inc., said it discovered the unauthorized intrusion into its computer systems in mid-December 2006. But it didn't announce the breach publicly until Jan. 17, 2007.
Mark Walker of Maine Bankers Association said CitiBank already has reissued at least 1 million new cards. TD Banknorth's number of reissued cards is in the tens of thousands. Bank of America announced Thursday it will reissue an untold number of cards, Pietroski said.
Walker said usually the reissued cards are attached to new account numbers.
"Banks are absorbing an awful lot of cost for this thing," Pietroski said Friday.
Mark Young, vice president of operations at Maine State Credit Union, said the credit union has been notified by Visa that approximately 3,100 Maine State Credit Union cards were affected. A total of 7,400 Visa credit cards and 8,500 Visa debit cards were issued by the credit union.
Young said it appears the breach involves millions of card accounts across all major payment brands accepted by TJX.
"The credit union's card services department reacted swiftly to the notification by blocking each card that may have been affected, ordering new cards and notifying each member to inform them of the situation," Young said Friday.
"Members were also reminded that account holders would not be responsible for any fraudulent charges resulting from the compromise."
In Massachusetts, 28 banks were contacted by credit card companies indicating some customers had personal information that may have been exposed, according to the Massachusetts Bankers Association.
Walker said most of the affected banks are in Massachusetts and New Hampshire. Only about a half-dozen Maine banks are affected.
Pietroski said a breach doesn't necessarily mean accounts have been tapped. Banks often choose to reissue cards as a preventive measure to head off fraudulent charges.
"If TJX had let the banks know early on that the cards had been compromised, then the banks could have responded a lot quicker," Pietroski said. "I don't know the depth of the information compromised. That's the scary thing."
William Lund, director of the Maine Office of Consumer Credit Regulation, said a new state law enacted Wednesday requires individuals, businesses and other entities to notify consumers and state regulators when there has been a security breach of computerized data containing the consumers' personal information that could result in identity theft.
"If these breaches had taken place a couple weeks later, TJX would have had to either call an office like ours or the attorney general's office and also send out individual letters to consumers," he said.
For the time being, Lund said people should monitor their credit reports to make certain they don't fall victim to identity theft. He said there are three steps people can take to protect themselves.
"First, look at your credit reports. You can do that under the law without charge once a year," Lund said. "The second step is to put a fraud alert on your credit report.
"And the third step, under Maine law, consumers are permitted to freeze their files, which locks access to a credit report without the consumer's specific permission. That's the most protective step a consumer can take."
Lund said people can access all three credit agencies -- Equifax, Experian and Trans Union -- at http://www.annualcreditreport.com
Calls to local branches of Kennebec Savings Bank, Gardiner Savings Bank, TD Banknorth and Bank America were unreturned Friday.
On Monday, a lawsuit seeking class-action status was filed in federal court in Boston accusing TJX of negligence for waiting to publicly announce the intrusion and for failing to protect consumer credit- and debit-card information in its computers.
The lawsuit, filed on behalf of a West Virginia woman, seeks credit-card monitoring for affected customers and compensation for damages.
David Loughran of the Maine Office of the Attorney General said the Massachusetts attorney general also is investigating TJX.
"We're working with the Massachusetts attorney general's office on this to protect Maine consumers from credit card and other fraud," Loughran said.
Mechele Cooper -- 623-3811, Ext. 408
mcooper@centralmaine.com
Reader comments
Ben of Cliff Island, ME
Feb 3, 2007 5:13 PM
I believe that this article downplays the impact of this "data breach." My card number was one of those stolen, and I spent most of last Sunday afternoon and parts of Monday and Tuesday dealing with the mess, and there'll be more to come. This is far more than the $20 impact quoted by the article.
The real question is why was TJX keeping our credit card number on file months after we last shopped at their store (the South Portland Home Goods)?
al375 of Dresden, ME
Feb 3, 2007 10:01 AM
I think it is definately time to go back to cash only. It is inconvenient but at least your identity is safe when you make purchases. Many stores, especially the larger grocery chains, treat checks as debit devices - so checks are no longer safe either. Except for banks, businesses don't charge interest or fees for using cash.
GreatNana3 of Augusta, ME
Feb 3, 2007 8:29 AM
I can't imagine a worse time of year for TJX to I hope they are fined "big time" for deriliction of duty. Even if I am not one of the customers that is notified it still reduces my confidence in the security of using credit/debit cards. This is not the first breach of security - it seems to me that it is only a matter of time before there is a major problem. Can you imagine: your credit card info is stolen - and used to finance terrorism. You spend years regaining your "good name" - if ever. I don't even want to think about it . . . .
Detecting fraud means casting wide net
Detecting some fraud means casting wide net Think you've heard most of the tips about preventing identity theft?
You know, shredding documents, checking your credit reports and credit-card statements, keeping your Social Security number to yourself and not falling for phishing schemes or the infamous Nigerian scam.
Actually, there's no such thing as identity-theft prevention, experts say. But, you can reduce your exposure. Here are some ways not often spoken about:
Check for fraudulent account activity in your name, urged Troy Allen, chief fraud solutions officer at Kroll Inc. in Nashville, Tenn. You're entitled to a free consumer report once a year from each of two data warehouses, the Shared Check Authorization Network, which has retailers among its clients, and Chex Systems Inc., whose members are financial institutions. If someone has opened an account using your name, the details will show up on these reports.
Check your Social Security earnings and benefits statement each year. Someone may have stolen or purchased your identity and used it to get a job in your name, as some illegal immigrants are suspected of doing at the Swift Inc. meat processing plants in Colorado, Allen said. "They need your name to live." You'll be liable for the taxes on all that income until you prove it's not yours.
Find out if someone has stolen medical services using your name. If you've applied for life, health or disability insurance during the past seven years, you can find out what insurers know about you by calling the Medical Information Bureau at (866) 692-6901, Allen said. Be sure the codes on your free report match your medical history.
Medical identity theft is "when somebody builds up hospital bills or other medical bills using your name and Social Security number," said Linda Foley, founder of the nonprofit Identity Theft Resource Center in San Diego. You are responsible for the charges, unless you successfully dispute them.
Health-care thieves may target your wallet, mailbox, discarded billing statements or a provider's database, said Alex Johnson, head of the special investigative unit at The Regence Group in Portland, Ore., an affiliation of health-care plans. Never give out your health-insurance number and be sure to study your medical bills and explanations of benefits just as you would a bank statement.
Don't let your teen download free music and videos. Not only does it illegally infringe copyrights, but cybercriminals can download a remote-control tool into the family computer that tracks everything anybody does on it, including typing in personal account numbers, warned Ken Colburn, founder of Data Doctors Franchise Systems Inc. in Tempe, Ariz.
Don't open e-greeting cards from strangers. You could be diverted to a third-party Web site that attaches a keylogger, sends it to your computer and then captures everything you do on it, said Roger Thompson, chief technology officer of Exploit Prevention Labs in Atlanta.
Don't carry your child's Social Security card and don't permit your teen to do so, urged the Council of Better Business Bureaus Inc. Also, don't let your child post his or her phone number, address or school name online. It's a red flag if credit-card offers or other notifications start arriving in your child's name.
Delete personal information from company and family Web sites. Be sure your information is not available via online directories and searchable databases, said Tom Walton, vice president at AlliedBarton Security Services in King of Prussia, Pa.
If someone calls and says you failed to appear for jury duty, don't give out any personal information, Foley said. "No county in the country is going to call you and ask you for information like that to remind you that you've failed to show up for jury duty."
Ask for details if you get a seemingly mistaken call from a creditor, urged Troy Allen. Don't hang up. "Find out why they think you are that person, because you might be." Don't give out any personal information.
Use one low-limit credit card exclusively for Internet shopping, said Jim Ruel, a senior vice president at The Hartford insurance company in Connecticut.
"We haven't even begun scratching the surface of what's going on out there," said Kroll's Allen. "We're not even close"
You know, shredding documents, checking your credit reports and credit-card statements, keeping your Social Security number to yourself and not falling for phishing schemes or the infamous Nigerian scam.
Actually, there's no such thing as identity-theft prevention, experts say. But, you can reduce your exposure. Here are some ways not often spoken about:
Check for fraudulent account activity in your name, urged Troy Allen, chief fraud solutions officer at Kroll Inc. in Nashville, Tenn. You're entitled to a free consumer report once a year from each of two data warehouses, the Shared Check Authorization Network, which has retailers among its clients, and Chex Systems Inc., whose members are financial institutions. If someone has opened an account using your name, the details will show up on these reports.
Check your Social Security earnings and benefits statement each year. Someone may have stolen or purchased your identity and used it to get a job in your name, as some illegal immigrants are suspected of doing at the Swift Inc. meat processing plants in Colorado, Allen said. "They need your name to live." You'll be liable for the taxes on all that income until you prove it's not yours.
Find out if someone has stolen medical services using your name. If you've applied for life, health or disability insurance during the past seven years, you can find out what insurers know about you by calling the Medical Information Bureau at (866) 692-6901, Allen said. Be sure the codes on your free report match your medical history.
Medical identity theft is "when somebody builds up hospital bills or other medical bills using your name and Social Security number," said Linda Foley, founder of the nonprofit Identity Theft Resource Center in San Diego. You are responsible for the charges, unless you successfully dispute them.
Health-care thieves may target your wallet, mailbox, discarded billing statements or a provider's database, said Alex Johnson, head of the special investigative unit at The Regence Group in Portland, Ore., an affiliation of health-care plans. Never give out your health-insurance number and be sure to study your medical bills and explanations of benefits just as you would a bank statement.
Don't let your teen download free music and videos. Not only does it illegally infringe copyrights, but cybercriminals can download a remote-control tool into the family computer that tracks everything anybody does on it, including typing in personal account numbers, warned Ken Colburn, founder of Data Doctors Franchise Systems Inc. in Tempe, Ariz.
Don't open e-greeting cards from strangers. You could be diverted to a third-party Web site that attaches a keylogger, sends it to your computer and then captures everything you do on it, said Roger Thompson, chief technology officer of Exploit Prevention Labs in Atlanta.
Don't carry your child's Social Security card and don't permit your teen to do so, urged the Council of Better Business Bureaus Inc. Also, don't let your child post his or her phone number, address or school name online. It's a red flag if credit-card offers or other notifications start arriving in your child's name.
Delete personal information from company and family Web sites. Be sure your information is not available via online directories and searchable databases, said Tom Walton, vice president at AlliedBarton Security Services in King of Prussia, Pa.
If someone calls and says you failed to appear for jury duty, don't give out any personal information, Foley said. "No county in the country is going to call you and ask you for information like that to remind you that you've failed to show up for jury duty."
Ask for details if you get a seemingly mistaken call from a creditor, urged Troy Allen. Don't hang up. "Find out why they think you are that person, because you might be." Don't give out any personal information.
Use one low-limit credit card exclusively for Internet shopping, said Jim Ruel, a senior vice president at The Hartford insurance company in Connecticut.
"We haven't even begun scratching the surface of what's going on out there," said Kroll's Allen. "We're not even close"
Bargain hunters unfazed by fraud threat
TORONTO -- Assurances from Winners and HomeSense that a security breach reported last month did not involve Canadian debit-card transactions isn't making much of dent with customers of the two retail chains.
Not much can keep them from their bargain hunting.
The deals to be found at Winners make the risk of becoming the victim of credit card fraud worthwhile, said Sherry Croney as she slowly sifted through the blouse racks at one of the chain's cavernous stores in downtown Toronto.
Croney said she never uses her credit card when clothes shopping, and even if she did, a security breach wouldn't stop her.
"The prices (are) unbelievable," she said. "You see really nice stuff that you'd normally see for like one-hundred-and-something and it's excellent."
Winners' president, Michael MacMillan, appealed to Canadian customers directly yesterday with full-page ads in at least two of the country's largest daily newspapers, saying he believed the transactions using debit cards issued by Canadian banks weren't involved in the breach.
"Based on our investigation, we can now report we believe transactions using debit cards issued by Canadian banks were not involved in the systems breach," the ad read.
MacMillan went on to reassure customers the company has beefed up security of its computer systems.
TJX Companies, the U.S. parent company of Winners and HomeSense, revealed last month it was the victim of a massive security breach.
The company discovered in mid-December that customers' credit and debit card information had been stolen from its computer network, which included data from its Winners and HomeSense stores in Canada.
Updating its investigation earlier this week, TJX noted that debit cards issued by Canadian banks didn't seem to have been compromised.
Not much can keep them from their bargain hunting.
The deals to be found at Winners make the risk of becoming the victim of credit card fraud worthwhile, said Sherry Croney as she slowly sifted through the blouse racks at one of the chain's cavernous stores in downtown Toronto.
Croney said she never uses her credit card when clothes shopping, and even if she did, a security breach wouldn't stop her.
"The prices (are) unbelievable," she said. "You see really nice stuff that you'd normally see for like one-hundred-and-something and it's excellent."
Winners' president, Michael MacMillan, appealed to Canadian customers directly yesterday with full-page ads in at least two of the country's largest daily newspapers, saying he believed the transactions using debit cards issued by Canadian banks weren't involved in the breach.
"Based on our investigation, we can now report we believe transactions using debit cards issued by Canadian banks were not involved in the systems breach," the ad read.
MacMillan went on to reassure customers the company has beefed up security of its computer systems.
TJX Companies, the U.S. parent company of Winners and HomeSense, revealed last month it was the victim of a massive security breach.
The company discovered in mid-December that customers' credit and debit card information had been stolen from its computer network, which included data from its Winners and HomeSense stores in Canada.
Updating its investigation earlier this week, TJX noted that debit cards issued by Canadian banks didn't seem to have been compromised.
Getting defensive
Take proactive steps to protect your identity, personal information.
GALESBURG - Lori Brittingham has first-hand experience with identity theft.
The East Galesburg resident became a victim in September when someone stole checks sent to her from her credit card company out of her mailbox. In November she noticed $6,300 of extra charges on her statement.
"(Whoever did it) called the credit card company and said they were me," Brittingham said. "They did it over the phone. Then the money was transferred from my credit card to their bank account."
Brittingham said the only information the thief needed was her mother's maiden name, which people who know her knew as well.
"They did five different transactions in a month's time, so I didn't know that this was going on," Brittingham said.
She made the mistake of not checking her statement in October. Instead, she wrote her usual check to the credit card company without verifying all the transactions registered to her account. She never noticed the checks were missing from her mailbox.
"I never look at those checks, I just tear them up and throw them away," Brittingham said. "They didn't come with the bill so I would've never known that I didn't get them."
Brittingham was able to prove she hadn't used the checks and the charges were removed from her account. And she learned her lesson about protecting personal information.
Chris Kieffer is the vice president for electronic banking for First Bank in St. Louis. He said people tend to be more reactive than proactive when it comes to protecting themselves from credit card fraud and identity theft.
"The biggest things I tell people to be aware of is stay in touch with your bank account, review credit card and bank statements and make sure there's nothing on them you don't recognize, and annually pull a credit report on yourself," Kieffer said. "These are proactive steps any consumer can take."
For credit card offers that are sent through the mail, Kieffer suggests a shredder. Most of those offers will have a lot of your personal information on them already.
"Protect that information about yourself," Kieffer said. "It's just as easy for somebody to tape it together as it is for you to tear it apart once or twice."
Kieffer said online banking is safe on bank sites, but to be cautious of fake e-mail correspondence from banks, called phishing. These e-mails claim to be your bank trying to secure personal information about you. They will link you to a site that looks similar to your banks site. Kieffer said banks will never send e-mails like that to your private account.
"Banks are never going to validate through that mechanism," he said. "If something doesn't look right, don't use it. If you have questions ask a branch employee."
For online shoppers, Kieffer advises getting to know the merchant.
"Make sure it's somebody reputable," he said. "Fraud happens after the fact when we don't know where we're shopping or who we're using as a vendor."
And Brittingham has some advice, too. After her experience she had the limit on her credit card lowered to only $300.
"Never have a limit that's more than you're willing to lose," she said. "Whatever you might spend if you were somewhere and needed to buy something."
And she's learned another lesson.
"I will read every statement that I get," she said. "It's just been a complete nightmare."
GALESBURG - Lori Brittingham has first-hand experience with identity theft.
The East Galesburg resident became a victim in September when someone stole checks sent to her from her credit card company out of her mailbox. In November she noticed $6,300 of extra charges on her statement.
"(Whoever did it) called the credit card company and said they were me," Brittingham said. "They did it over the phone. Then the money was transferred from my credit card to their bank account."
Brittingham said the only information the thief needed was her mother's maiden name, which people who know her knew as well.
"They did five different transactions in a month's time, so I didn't know that this was going on," Brittingham said.
She made the mistake of not checking her statement in October. Instead, she wrote her usual check to the credit card company without verifying all the transactions registered to her account. She never noticed the checks were missing from her mailbox.
"I never look at those checks, I just tear them up and throw them away," Brittingham said. "They didn't come with the bill so I would've never known that I didn't get them."
Brittingham was able to prove she hadn't used the checks and the charges were removed from her account. And she learned her lesson about protecting personal information.
Chris Kieffer is the vice president for electronic banking for First Bank in St. Louis. He said people tend to be more reactive than proactive when it comes to protecting themselves from credit card fraud and identity theft.
"The biggest things I tell people to be aware of is stay in touch with your bank account, review credit card and bank statements and make sure there's nothing on them you don't recognize, and annually pull a credit report on yourself," Kieffer said. "These are proactive steps any consumer can take."
For credit card offers that are sent through the mail, Kieffer suggests a shredder. Most of those offers will have a lot of your personal information on them already.
"Protect that information about yourself," Kieffer said. "It's just as easy for somebody to tape it together as it is for you to tear it apart once or twice."
Kieffer said online banking is safe on bank sites, but to be cautious of fake e-mail correspondence from banks, called phishing. These e-mails claim to be your bank trying to secure personal information about you. They will link you to a site that looks similar to your banks site. Kieffer said banks will never send e-mails like that to your private account.
"Banks are never going to validate through that mechanism," he said. "If something doesn't look right, don't use it. If you have questions ask a branch employee."
For online shoppers, Kieffer advises getting to know the merchant.
"Make sure it's somebody reputable," he said. "Fraud happens after the fact when we don't know where we're shopping or who we're using as a vendor."
And Brittingham has some advice, too. After her experience she had the limit on her credit card lowered to only $300.
"Never have a limit that's more than you're willing to lose," she said. "Whatever you might spend if you were somewhere and needed to buy something."
And she's learned another lesson.
"I will read every statement that I get," she said. "It's just been a complete nightmare."
Subscribe to:
Posts (Atom)