Off topic - NYT article about credit card fraud ("phone in" orders).
August 15, 1999
A Credit Card Loophole Can Ensnare Retailers
By STEVE BARNES
LITTLE ROCK, Ark. -- It was the sort of telephone call a small
businessman dreams of. The caller promised to increase by perhaps 5
percent the $1.6 million annual revenue of the computer sales and
service company that Gary C. McLendon founded in Fayetteville, 16 years
ago.
Scarcely 10 weeks later, however, McLendon is struggling to absorb
hundreds of thousands of dollars in losses to an overseas credit card scam
that has consumed the company's cash reserves and devoured his equity in
its building. "Here I am -- 54 years old and starting over again," McLendon
said.
There were several calls, actually, the first crossing the Atlantic in May. A
man who identified himself as "John Monga" of London inquired after
computer chips retailed by McLendon's company, GCM Computers.
Not one or two or a half-dozen of the chips -- Intel Pentium III-450s and
Pentium III-500s, then priced as high as $700 apiece -- but 20. The caller
said that Whitehall had commissioned him to upgrade a large number of
British government computers.
"I said to myself, 'Oh, boy,"' McLendon recalled.
Monga's enterprise, which he identified as Maple Solutions Ltd., needed
overnight delivery; would McLendon mind accepting a Visa payment?
Not at all, especially after the credit card company authorized the transaction.
McLendon shipped the chips. His eyes were not wide shut, not completely;
two days later he checked his account and found that, indeed, the $20,000
payment was there.
Within 72 hours, GCM Computers, which can be found on the Internet
among the thousands of computer companies, was receiving calls from
people who identified themselves as London associates of Monga who had
learned from him of McLendon's ability to provide Pentium chips quickly.
A man who called himself Calvin Anderson called. An "Edwin Reynolds"
called. "So did some guy with an eastern name, but even he had a very British
accent," McLendon said. All wanted chips. All wanted immediate delivery. All
wanted to pay with a Visa or Mastercard.
McLendon obtained electronic authorizations for all of them. But nine days
after his first shipment to his new British customers, McLendon received a
different sort of telephone call, from Simmons First National Bank of Pine
Bluff, which processed GCM's bank card transactions. A Visa authorization
had been canceled, and as part of its legal contract with the bank, GCM was
now responsible for covering the amount. The bank was debiting GCM's
account.
"I could cover it, so it wasn't that big a deal," McLendon said, especially
since within minutes Reynolds was on the other line, "buying time,"
apologizing for a bookkeeping error that had prompted the charge back to
GCM's account and promising to set things right at once.
"I didn't even know what a chargeback was," said McLendon, who was
nonetheless reassured. "I thought, whew, this isn't as bad as I thought it was.
It was worse. The personal Visa account number that Reynolds provided to
make good the debt was denied authorization. And the wire transfer Reynolds
promised in a subsequent telephone call never materialized.
The next day it was Simmons Bank calling again, advising McLendon that it
had been in contact with Scotland Yard and, regrettably, GCM Computers'
British business had crashed. "All the charges were coming back," McLendon
said. In the 10 days since its first London order, GMC had dispatched some
$1 million in computer parts to Monga and his associates. After some
shipments that McLendon was able to recall, his outstanding balance with
Simmons Bank was about $800,000.
Neither the sum nor the episode was unusual. Law enforcement officials say
the fraud ring that hit McLendon and several other United States computer
companies (including two others in Arkansas) consisted primarily of Nigerian
nationals operating from Britain and the United States. A joint investigation by
Scotland Yard and American authorities has produced several arrests with
more expected, according to James E. Mackin, a spokesman for the Secret
Service in Washington, which investigates credit card fraud.
David Robertson, president of the Nilson Report, a credit card industry
newsletter published in Oxnard, Calif., said: "These people aren't bumbling
thieves. They're pros, and they're highly intelligent and highly organized."
"Some get arrested, sure," Robertson added, "but others come along right
after them, like a stream of ants." Most credit card organizations do not break
down, or disclose, fraud losses incurred by merchants independent of those
borne by banks, but a spokesman for Visa U.S.A. said they account for about
10 percent of total fraud losses, which would put the merchants' share well
into the tens of millions of dollars.
Mastercard International alone experienced $526 million in fraudulent
transactions last year -- eight cents of every $100 in transactions, an increase
of almost 14 percent from 1997.
Much of the losses, experts say, are driven by the Internet, and with
electronic commerce growing, merchants will have to be vigilant about
protecting themselves.
McLendon, who had assumed that his liability was virtually nil, was caught in
a little-noticed clause of bank credit card agreements that puts merchants at
risk for charges not recorded on the premises. Had Monga and his associates
flown to Fayetteville and signed for the computer chips rather than using fax,
telephone and e-mail, McLendon would be home free.
McLendon's lawyers concluded that his best option was a settlement with
Simmons Bank. That agreement was signed in late July, and while it prohibits
either party from discussing its terms, McLendon says he bears the brunt of
the losses.
"The credit card system is badly broken, and it badly needs repair,"
McLendon said. Should a stolen card be used in a sale, he insists, "There's
nothing to alert the merchant that anything's wrong" until the card's rightful
owner sounds the alarm.
Tommy May, the chairman of Simmons, a $1.7 billion bank holding company
and processor of credit card transactions, said, "The industry believes there
are adequate safeguards" for merchants. At the same time, May
acknowledged, it would be naive to consider any security system in the
Internet age foolproof.
Robertson agrees. Even as the industry deploys ever more advanced
technology to thwart thieves, he said, "These are very sophisticated
criminals, and they've defeated every known security system."
Reflecting on 10 days that shook his world, McLendon concluded, "It was a
hell of an education."
Copyright 1999 The New York Times Company |
