WASHINGTON (Feb. 11, 2005) — To Ron Frei, manager of T&T Tire Inc. in Loveland, Colo., it was a routine transaction like a hundred others.
A supervisor from a construction company called to order two steer-axle tires he needed right away at a construction site. To make the sale, he gave his credit card number over the phone.
“Different construction companies will have supervisors in the area who'll run their own credit cards to buy the tires they need,” Mr. Frei told Tire Business. “It's a pretty common way of doing business.”
The credit card number was approved, two workers came by to pick up the tires, and that seemed to be that. But when the same “supervisor” called back the next day to order 10 more tires and asked Mr. Frei to leave them outside for pickup, Mr. Frei became suspicious.
After declining the second order, he discovered the worst: the card number used for the first purchase had been stolen in a case of identity theft. The credit card firm disallowed the purchase, and T&T Tire had been scammed out of two steer-axle tires. A police investigation turned up the name and phone number of the person who made the calls, Mr. Frei said, but the tires were not found.
Ron Lautzenheiser, a former Big O Tires Inc. executive who now owns two Big O dealerships in the Denver area, told an even more lurid tale of AT&T operators contacting his North Fort Collins and South Fort Collins stores early in January, calling on behalf of buyers who wanted to have tires shipped to Ghana and Nigeria. The North Fort Collins order alone, he said, involved nearly $2,900 worth of tires, and both orders were completed by credit card.
Fortunately, someone in Mr. Lautzenheiser's organization smelled a rat and contacted both the U.S. Secret Service—the agency that investigates credit card fraud in the U.S.—and the Federal Bureau of Investigation before any tires were shipped. “The Secret Service was very knowledgeable of this scam,” he noted, adding that within days the same people tried to place similar orders at Big O stores in Kearney and Grand Island, Neb., and in Cheyenne, Wyo.
The extent of the problem
While there are no figures on how much money and merchandise U.S. tire dealers lose to credit card fraud every year, the issue has become one of overriding importance for U.S. retailers and consumers alike.
An Englishman living in New York was sentenced to 14 years in prison last September for stealing credit card numbers from more than 30,000 victims; the estimated cost to consumers from his crimes alone was between $50 million and $100 million over three years. Meridien Research, a Newton, Mass., consulting firm, estimates that credit card fraud losses in the U.S.—considering only those cases that began on the Internet and not including fraud by phone—exceeded $1.6 billion in 2000 alone.
Last October, the Secret Service announced the arrests of 28 suspects in eight states and six foreign countries in the theft and illegal use of some 1.7 million credit card numbers. The financial institutions that issued the cards reported losses of about $4.3 million, according to a Secret Service press release, but potentially the losses could have been hundreds of times more.
According to the Federal Trade Commission (FTC), a total of 161,839 cases of identity theft were reported in calendar year 2002. Of these, 42 percent involved credit card fraud.
“Unfortunately, it's easier than ever before to obtain and use a stolen, outdated or invalid credit card number,” said a spokeswoman for the Federal Trade Commission. “This sort of thing happens in everything from construction equipment to high fashion.”
The Nigerian connection
The scam to which Big O Tires nearly fell victim is a new variation on the “Nigerian 419” swindles that have bombarded the U.S. since the early 1980s, according to Virgil Reichle, a Secret Service agent in Denver.
Traditionally, the “419” scams—so called for Section 419 of the Criminal Code of Nigeria, which relates to fraud—involve e-mail letters purporting to be from high government officials or business executives, describing either a legitimate business deal or a money laundering scheme. The amounts of money mentioned in the e-mails, the Secret Service noted on its Web site, range from $10 million to $60 million, and addressees usually are promised commissions of up to 30 percent for their participation.
Potential “clients” are asked to put up an “advance fee” for administrative costs, bribes, etc., and are always urged to act quickly or else the deal will fall through. Generally the con artists keep asking for “advance fees” until their marks run out of money or they themselves move on to the next scheme.
In the new credit card scams, Mr. Reichle said, the perpetrators conspire to have valuable goods shipped to them using stolen credit card numbers, often using go-betweens that hamper the identification of the true criminals. Eighty percent of such schemes emanate from Nigeria or neighboring West African countries, he added, though a growing number originate in such countries as Belgium, Canada and the United Kingdom.
“Sometimes they'll send a cashier's check for, say, $23,000, and tell the subject to keep $10,000 and wire back the rest,” Mr. Reichle said. “A lot of people don't realize it's counterfeit.”
Many of the Nigerian or Nigerian-style scams involve “reshipping” schemes in which unwitting middlemen are enlisted, according to David Ostertag, field investigations manager at Discover Financial Services in Chicago.
“The con artists will put out an ad or an e-mail that says, 'Work from home,'” Mr. Ostertag said. “People who answer the ads are hired to receive packages at their homes, relabel them and ship them to another address. The reshippers think they're getting $20 per package to put the new labels on and send the packages off.
“What generally happens is that the reshippers get flooded with packages over a two-day period,” he added. “They paste the labels on the packages and send them off to a warehouse somewhere, from which the packages get redirected to their real destination—usually Nigeria or Russia. The reshippers never get paid, and the next thing they know, there's a federal agent knocking on their doors.”
In other cases, Mr. Ostertag said, a purported “construction company” might order tires, tools, etc. over the phone using a bad credit card number. “They'll give a legitimate address for delivery, but the 'employees' will be standing out on the curb to unload the truck,” he said.
How to defend yourself
The FTC and credit card companies make copious materials available to consumers on how to avoid credit card fraud:
* Keep an eye on your cards during all transactions;
* Shred all receipts before discarding them;
* Report all questionable charges promptly and in writing to the credit card company; and
* Don't give out your credit card number over the phone except to companies you know are reputable.
In general, however, credit card companies don't concentrate much on the retailing side of credit card fraud. “We try to catch fraud on the consumer side,” Mr. Ostertag said. “It's more efficient for us to try and identify it at the authorization level.”
Just as consumers should be leery as to whom they give their credit card numbers over the phone, so retailers should be wary when accepting numbers over the phone, no matter how common it is for them to do that, Mr. Reichle said. “I wouldn't say not to take phone orders, but I would advise them to be careful,” he said.
The FTC spokeswoman also advised caution in accepting over-the-phone credit card orders. “The number-one thing is to validate the sale before making the shipment, and not to take anything for granted, including authorization,” she said.
On its Web site, software marketer WISCO Computing offers a number of precautions for retailers when accepting both over-the-phone and Internet credit card orders. These include:
* Keeping an encrypted list of “good customers” who have made legitimate purchases in the past.
* Sending a confirmation e-mail to customers within 30 minutes of a completed sale—30 minutes the retailer can use to check if the credit card number is valid. (This does, however, create an additional step in the sale, which in turn could lead to lost sales, WISCO admitted.)
* Taking extra precautions if the credit card billing address and the mailing address are different.
* Establishing a holdover policy for large orders. Most credit card thefts are reported within 24 hours, WISCO noted, but it can still take another 24 hours for a phony number to turn up in the databases used by credit card companies.
* Checking to see if multiple orders are going to the same address but using different credit cards.
* Sending an “alternate thank-you page” in case of orders shipped to non-English-speaking countries, explaining that you need either a faxed photo of the credit card being used or a Xerox of the credit card bill and offering to deduct $3 from the total amount for taking this trouble.
Both the FTC and the Secret Service offer consumer information on identity theft. An FTC booklet, “Identity Crime: When Bad Things Happen to Your Good Name,” offers tips on minimizing risk, filling out police reports, as well as numbers and Web sites to contact for information on specific types of identity fraud. The Secret Service distributes a CD video and CD-ROM training tool, “Identity Crime: An Interactive Resource Guide.”
There is also a government toll-free number to call for information and help—(877) ID-THEFT (438-4338)—as well as a government Web site, www.consumer.gov/idtheft.
The Secret Service has a minimum threshold of $100,000 for the credit card fraud cases it investigates, Mr. Reichle told Tire Business, but the office of every state attorney general is set up to take credit card fraud complaints, as is every local police department. “Your local P.D. is where I would start,” he advised.