178 Arrested in Card Fraud Raids

Police in 12 Countries Target Spain-Based Fraud Ring
178 Arrested in Card Fraud Raids
In what is being called one of the largest credit card fraud ring busts to date, the Spanish Interior Ministry says police in 12 countries have arrested 178 people suspected of being part of an international crime gang.

According to a statement from the Spanish ministry, these arrests resulted from a two-year investigation and included raids in France, Italy, Germany, Ireland, Romania, Australia, Sweden, Greece, Finland, Hungary and the United States, where eight of the suspects were arrested.

Police say this alleged gang was involved in credit card fraud, robbery with violence, extortion, sexual exploitation and money laundering. The group is believed to have made more than $24.5 million from its illegal activities.

During their raids, police found 11 laboratories for falsifying credit cards, as well as more than 120,000 stolen credit cards and 5,000 cloned cards.

'Masterminds Are Spreading'

The significance of these arrests, according to industry analysts: They point to organized crime, and they suggest that its leadership may be shifting.

"This is definitely organized crime," says Jasbir Anand, a fraud expert at ACI Worldwide, a global payments solution provider based in Toronto, Canada. "These 178 arrests are significant. The 120,000 stolen cards are significant. These are not the kids who are on YouTube selling card skimmers; this was a group with lots of people involved to accumulate card data."

Avivah Litan, a security analyst with Gartner, says the bust is noteworthy for its size and location - that it was based in Spain, not Eastern Europe. "To me it's a bad sign," Litan says. "It shows that the masterminds are spreading and are no longer just confined to Eastern Europe."

Card fraud is a global problem. But historically the sophisticated crime rings associated with manufacturing cloned cards have stemmed from Central and Eastern Europe. Anand says these latest arrests show the international reach of the ring. "Data is very easy to send over borders; it is very portable, [and] the nature of crime is international," Anand says. "The card data can be stolen anywhere, and then used anywhere in the world. In this case, it looks like it was a very organized ring."

Stronger Security Needed

The message to the U.S. financial services industry, the analysts say, is: It's time for improved payment card security.

Specifically, Litan says, the U.S. must consider adopting the Europay, MasterCard, Visa (EMV) standard, which relies on chip and PIN - not the traditional magnetic stripe, which is more susceptible to fraud. EMV has been adopted in virtually every part of the world -- including Canada and Mexico -- for the storing of payment-card data. But the U.S. remains a notable holdout, with industry leaders citing the expense of EMV migration as a barrier.

"Until we get rid of the mag-stripes on the backs of the cards, we're going to keep having these problems," Litan says. "The chip is the stronger standard, so doesn't make sense to look at [a separate standard] for the U.S. We're using the same technology we used in the '70s and '80s ..."

Anand says he agrees with the idea of the EMV standard as a means to help prevent fraud. "But fraud on its own, right now, does not warrant the cost and time that would be spent converting to Chip and PIN/EMV model in the U.S."

This argument may change, he notes, if the losses continue to escalate. "EMV is not the only answer," Anand says. "[But] eventually it will be the sensible choice."

For more on international fraud investigations, hear what former prosecutor Kim Peretti has to say about the TJX and Heartland Payment Systems data breaches.

Managing Editor Tracy Kitten contributed to this report.

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.