$9 Million ID Theft Scheme Alleged

Duo Charged in Retail Scam that Spans 15 Years
$9 Million ID Theft Scheme Alleged
Georgia authorities say they made key arrests in an identity theft investigation that has connected crimes going back 15 years, totaling $9 million.

The Criminal Intelligence Unit of the Cherokee County Sheriff's Office, with help from the U.S. Secret Service, arrested Robert Smith, 46, of Atlanta, and Robert Hill, 49, of Roswell, Ga., for their alleged involvement in ID theft cases that targeted victims throughout the United States. During the arrests, authorities seized more than $91,000 in cash along with what has been defined as high-end retail property, including a 1999 Lexus and a Harley Davidson motorcycle.

Smith has been charged with five counts of Identity Fraud, 1 count of Conspiracy to Commit Identity Fraud, 1 count of Conspiracy to Commit Retail Property Fencing and Violation of the Georgia RICO Act. Hill faces charges of Conspiracy to Commit Retail Property Fencing and Violation of the Georgia RICO Act.

More than 8,000 compromised identities have been linked to Smith and Hill. According to the Cherokee County CIU, identities were compromised from within the financial system, with suspects using counterfeit driver's licenses to establish credit through retailers such as Best Buy, Target, Sam's Club, Wal-Mart, Home Depot and Lowe's to purchase items that were later sold on eBay for cash.

More arrests are expected.

ID Theft Connects Fraud

The arrests came just days after the U.S. District Attorney's Office in Queens, N.Y. announced closure of the biggest ID theft takedown in U.S. history. [See Biggest ID Theft Bust in History.]

The scheme, which allegedly involved five organized crime rings with ties to Europe, Asia, Africa and the Middle East, resulted in financial losses exceeding $13 million over a 16-month period.

It's just another example showing how ID theft crimes are growing.

In the Smith and Hill case, what stands out is the length of time the scheme spanned. But Julie Fergerson, a board member of the Identity Theft Resource Center and co-founder of the Merchant Risk Council, says the timeline is not so surprising. Banks and retailers likely picked up on and traced fraudulent activity years ago. "But it's hard to hand that over to law enforcement, because it's a small enough amount that the police aren't interested in it," she says.

Outdated Laws Bind Investigations

Fergerson, who also serves as vice president of emerging technologies at Ethoca, which provides credit-card transaction monitoring for retailers, says the challenge over the last decade has been trying to connect several small purchases so that law enforcement will take an interest. "Retailers try to build cases out of the data," so that many small purchases can be linked together.

Given the information released by police investigating the Smith and Hill scheme, Fergerson says it's likely the retail purchases they made, at least in the beginning, flew under the radar because they were small.

"Cases must be at least $50,000 dollars for law enforcement to work them," Fergerson says. "The crooks know this, and they know how to get away with it by spreading the fraud out and buying small amounts at a time."

Because the pair also allegedly made purchases with in-store credit at various merchants, linking the fraudulent purchases would have been challenging. No single card-issuer was getting an overall view of the transactions.

"In this case, I think they probably evolved over time, and improved their technique," which allowed them to fly under the radar for a decade and a half, Fergerson says. "But they slipped up along the way. That's the thing about criminals: They get greedy."

The other challenge: Confirming fraud so that offenders will be prosecuted.

Consumer privacy laws often stand in the way, making it difficult for investigators to confirm identities they suspect have been stolen. "So, law enforcement may think it has a series of transactions that are fraud, but they can't call the bank to confirm that by checking on an identity, because the banks can't reveal anything because of consumer privacy laws," Fergerson says.

Shared Solutions

McAfee consultant Robert Siciliano says that's why financial institutions need to work with retailers to enhance monitoring capabilities, and help merchants understand steps they could take to curb some of the losses.

"There are companies offering scoring mechanisms when a new account application is processed through their technologies," he says. "They look at all the bits of data and score it based on how the PII [personally identifiable information] is being used now and in the past, and the probability of whether the data is being used to commit fraud."

Siciliano also says retailers can glean more by thoroughly reviewing credit scores before opening new accounts.

But there are limits to how much banks and retailers can do. Fergerson says one big piece of the fraud puzzle that is often overlooked is the light jail time criminals face. Most are back on the street committing the same kind of fraud within six months to a year, she says.

"The laws need to catch up and they need to get tougher," Fergerson says. "The current penalties are not a deterrent."

And consumers need to do better jobs of reporting incidents of identity theft. "When consumers do become victims, they need to file a police report," she says. "If you get a whole lot of ID theft victims to come forward, then it becomes more compelling, and the banks and merchants will stop writing off the fraud."

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.