Smart SpendingSmart Spending

How to steal $200 million

Con men used credit card fraud to rob banks. The real scandal is how easy it was.

By Money Staff May 19, 2014 12:21PM

This post comes from Brett Arends at partner site MarketWatch.

MarketWatch on MSN MoneyI always knew it was possible to fool the American financial system. But I never realized just how easy it was.

Locked credit card © Francisco Cruz/SuperStockLast week, in a federal court in Trenton, N.J., Khawaja Ikram became the ninth person to plead guilty for his involvement in a gigantic credit card fraud case that netted more than $200 million.

I was so intrigued I had a look at the documents that the Federal Bureau of Investigation submitted to the courts relating to the case.

What I found: Stealing a fortune from the big banks was a piece of cake. It was so easy it makes you wonder why any robbers bother putting on a face mask and running in the front door waving a gun.  Apparently all you really need is a laptop and a mail drop.

These guys stole "hundreds of millions of dollars," according to the Federal Bureau of Investigation. They spent the money on luxury cars, expensive clothes, gadgets, and even spa treatments. They also stockpiled millions of dollars in gold bullion and large amounts of cash.

So how did they do it? Apparently it was a simple three-step process.

The first was to create a fake identity. I had assumed this involved contact with criminal enterprises, faked documents, all the other stuff we associate with gangsters. And often it did. But there was also a simple mechanism. You know your credit-card company often asks you if you want to add an "authorized user"? They did.

They would make up a fake person and add him or her as an authorized user on their card. And, hey presto, the dumb credit-scoring machines would start creating records for that person.

So long as they didn't try to use a Social Security number already in use, there was no problem. The fake person came into being on some server somewhere.

And once that fictitious user existed, they just started apply for lots more credit cards in that person's name. Ka-ching!

The second step was to pump up that user's credit score. Now, the credit-scoring system is almost designed to be gamed. It pays little or no attention to things that you might imagine it would -- like your income and assets and so on -- and looks mostly at whether you pay off your bill on time. That's it.

So once these guys had the credit cards for their fictitious person, they would use them to make small purchases, and then paid off the bill on time. Easy.

Making things even simpler, they started out by applying for credit cards with small limits. Those were easier to get. But as they kept buying candy and hamburgers with the cards and then paying it off, the computer systems got more and more impressed and pumped up their score, while raising their limits. Ka-ching!

At this point they could have used these cards to go on a shopping spree, but instead these guys did something clever. They set up sham companies, and then just applied to the credit card companies for card terminals — like the ones you see in any convenience store — so that these companies’ “customers” could pay by card.

And once they got those terminals, they used the cards to go “shopping.” They bought a fortune at these fake companies, the information went through to the card companies, and the card companies deposited the money in these sham companies’ bank accounts.

Ka-ching! Ka-ching! Ka-ching!

We’re talking hundreds of millions of dollars.

Now in this particular instance, the people involved ran a racket so huge they were bound to get caught in the end. They faked thousands of identities. They ran a scam across eight different countries, from the U.S. to Pakistan to Romania to Japan. And, most foolishly of all, they hung around waiting to get caught.

But I'll bet there are people out there doing this on a low level scale, stealing maybe $5 million, and then vanishing into the ether.


More from MarketWatch

May 19, 2014 1:49PM
And here I am putting in 45 hrs/week like a sucker.
May 19, 2014 1:45PM
May 19, 2014 2:04PM
Our politician do it daily, they enter congress with nothing and come out multi millionaires.
May 19, 2014 1:35PM
A fool and their money are soon parted.And a con man will always find a way to help them out.
May 19, 2014 2:46PM
Yet banks screw the general public for millions in fees, etc but that's legal. Wells Fargo Bank got fined millions but another Judge over turned the settlement,,,wink,wink.
May 19, 2014 2:44PM
Silly, only the "job creators" can steal like that.
May 19, 2014 1:38PM
How would you know if a SS# was already in use or not?
May 19, 2014 2:16PM

It is one thing to steal something to eat, a totally different thing to steal because you don't want to work an honest job. Since there is no way they can get enough labor out of crooks like these, they should just execute them. It may not deter them all, but there would be no repeat offenders.

The banking industry needs to be more accountable for this sort of thing, too. If they bothered to verify the information submitted to them, these lines of credit would never get issued.

May 19, 2014 2:46PM
Nothing is worth going to prison for.
May 19, 2014 3:15PM
solid article.  quitting my day job as we speak... changing name to Leslie Chow, international criminal.
May 19, 2014 3:00PM
wouldn't the original person who the offer to add an authorized user be implicated? or was this person a phony as well? either way, they had a strategy going in but not a strategy going out.
May 19, 2014 3:07PM
The entire credit scoring system is a sham and scam.  It was devised by Fair Issic who was't even an American - figuring that was the best way to put the screws to America.   The politicians bought it hook line and sinker.   Now we are paying the price.   Sign up for a credit card, use it to capacity - pay it off - and your score goes DOWN.   Nowhere in the world is the credit system so messed up as ours.

May 19, 2014 2:46PM
The Flash Boy do it everyday and the government doesn't do a thing about it. Boy just to look at those offshore accounts. The market is rigged and they just say things like what difference does it make.
May 19, 2014 3:31PM
So Easy even a Caveman can do it@@@
May 19, 2014 3:59PM

I worked in the industry.  The banks are okay with fraud as long as the interchange fees they collect exceed the level of fraud. 

That was basically the answer I got when I stated how insecure the Near Field Communications chips they were touting as the next big thing were.  The truth about those is that they are so insecure that with the right equipment you can get all the card info from every NFC device in about a 16 foot radius in seconds then take it to a computer and break the cypher in about 8 minutes.  Once you have the root keys to the cypher you can decrypt any NFC device that uses that root key. 

Will they replace all the cards once the root key is broken or all the iPhones with one built in?  Nope.  Can you reprogram them with a new root key?  Nope. 

In Europe where NFCs are used effectively they make you use a PIN for any transaction over 20 Euro.  Not so here.  You can wave those chips up to the transaction limit (which can be thousands of dollars) and they go right through.

May 19, 2014 3:55PM
As a former law enforcement officer I can tell you this type of thing happens so much that it is unbelievable and most do NOT get caught, Its the ones that get greedy that the feds look into but if its a few million most just walk away. 90% are foreigners most from the middle east or from Mexico living in the USA illegally.
May 19, 2014 2:48PM
Anybody up for teaching a class in this? How about a class on being a crony? Either one works for me.
May 19, 2014 3:47PM
If credit cards are the most protected way to pay then how will you be able to pay off the credit card bills when you are still "cashless?"
Please help us to maintain a healthy and vibrant community by reporting any illegal or inappropriate behavior. If you believe a message violates theCode of Conductplease use this form to notify the moderators. They will investigate your report and take appropriate action. If necessary, they report all illegal activity to the proper authorities.
100 character limit
Are you sure you want to delete this comment?


Copyright © 2014 Microsoft. All rights reserved.

Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.


Smart Spending brings you the best money-saving tips from MSN Money and the rest of the Web. Join the conversation on Facebook and follow us on Twitter.