$9 Million ID Theft Scheme Alleged
Duo Charged in Retail Scam that Spans 15 Years
The Criminal Intelligence Unit of the Cherokee County Sheriff's Office, with help from the U.S. Secret Service, arrested Robert Smith, 46, of Atlanta, and Robert Hill, 49, of Roswell, Ga., for their alleged involvement in ID theft cases that targeted victims throughout the United States. During the arrests, authorities seized more than $91,000 in cash along with what has been defined as high-end retail property, including a 1999 Lexus and a Harley Davidson motorcycle.
Smith has been charged with five counts of Identity Fraud, 1 count of Conspiracy to Commit Identity Fraud, 1 count of Conspiracy to Commit Retail Property Fencing and Violation of the Georgia RICO Act. Hill faces charges of Conspiracy to Commit Retail Property Fencing and Violation of the Georgia RICO Act.
More than 8,000 compromised identities have been linked to Smith and Hill. According to the Cherokee County CIU, identities were compromised from within the financial system, with suspects using counterfeit driver's licenses to establish credit through retailers such as Best Buy, Target, Sam's Club, Wal-Mart, Home Depot and Lowe's to purchase items that were later sold on eBay for cash.
More arrests are expected.
ID Theft Connects Fraud
The arrests came just days after the U.S. District Attorney's Office in Queens, N.Y. announced closure of the biggest ID theft takedown in U.S. history. [See Biggest ID Theft Bust in History.]The scheme, which allegedly involved five organized crime rings with ties to Europe, Asia, Africa and the Middle East, resulted in financial losses exceeding $13 million over a 16-month period.
It's just another example showing how ID theft crimes are growing.
In the Smith and Hill case, what stands out is the length of time the scheme spanned. But Julie Fergerson, a board member of the Identity Theft Resource Center and co-founder of the Merchant Risk Council, says the timeline is not so surprising. Banks and retailers likely picked up on and traced fraudulent activity years ago. "But it's hard to hand that over to law enforcement, because it's a small enough amount that the police aren't interested in it," she says.
Outdated Laws Bind Investigations
Fergerson, who also serves as vice president of emerging technologies at Ethoca, which provides credit-card transaction monitoring for retailers, says the challenge over the last decade has been trying to connect several small purchases so that law enforcement will take an interest. "Retailers try to build cases out of the data," so that many small purchases can be linked together.Given the information released by police investigating the Smith and Hill scheme, Fergerson says it's likely the retail purchases they made, at least in the beginning, flew under the radar because they were small.
"Cases must be at least $50,000 dollars for law enforcement to work them," Fergerson says. "The crooks know this, and they know how to get away with it by spreading the fraud out and buying small amounts at a time."
Because the pair also allegedly made purchases with in-store credit at various merchants, linking the fraudulent purchases would have been challenging. No single card-issuer was getting an overall view of the transactions.
"In this case, I think they probably evolved over time, and improved their technique," which allowed them to fly under the radar for a decade and a half, Fergerson says. "But they slipped up along the way. That's the thing about criminals: They get greedy."
The other challenge: Confirming fraud so that offenders will be prosecuted.
Consumer privacy laws often stand in the way, making it difficult for investigators to confirm identities they suspect have been stolen. "So, law enforcement may think it has a series of transactions that are fraud, but they can't call the bank to confirm that by checking on an identity, because the banks can't reveal anything because of consumer privacy laws," Fergerson says.
Shared Solutions
McAfee consultant Robert Siciliano says that's why financial institutions need to work with retailers to enhance monitoring capabilities, and help merchants understand steps they could take to curb some of the losses."There are companies offering scoring mechanisms when a new account application is processed through their technologies," he says. "They look at all the bits of data and score it based on how the PII [personally identifiable information] is being used now and in the past, and the probability of whether the data is being used to commit fraud."
Siciliano also says retailers can glean more by thoroughly reviewing credit scores before opening new accounts.
But there are limits to how much banks and retailers can do. Fergerson says one big piece of the fraud puzzle that is often overlooked is the light jail time criminals face. Most are back on the street committing the same kind of fraud within six months to a year, she says.
"The laws need to catch up and they need to get tougher," Fergerson says. "The current penalties are not a deterrent."
And consumers need to do better jobs of reporting incidents of identity theft. "When consumers do become victims, they need to file a police report," she says. "If you get a whole lot of ID theft victims to come forward, then it becomes more compelling, and the banks and merchants will stop writing off the fraud."
