Miami Man Pleads Guilty to Participating in Access Device Fraud and Money Laundering Conspiracies for his Roles in Nationwide Gas Station Skimming Scheme

ALBANY, NEW YORK – Hugo Hernandez, age 34, of Miami Lakes, Florida, pled guilty today to a superseding indictment charging him with being part of access device fraud and money laundering conspiracies for his roles in a nationwide gas station skimming scheme that involved stealing banking and personal information of residents in and around the Northern District of New York, as well as multiple other parts of the country, who used the “pay at the pump” feature to make gasoline purchases.

The announcement was made by United States Attorney Carla B. Freedman; Janeen DiGuiseppi, Special Agent in Charge of the Albany Field Office of the Federal Bureau of Investigation (FBI); and Inspector in Charge Ketty Larco-Ward, Boston Division, United States Postal Inspection Service (USPIS).

As part of his guilty plea, Hernandez admitted that between December 2015 and July 2019,  he conspired with others to commit access device fraud by building skimming devices designed to steal gas station customer information, installing those devices inside gas pumps in Albany, Broome, and Montgomery Counties, and elsewhere, and then using the information collected by those devices to create fake credit and debit cards. The fake cards were used to obtain money orders, gift cards, cash, and other things of value.

Hernandez also admitted to being part of a conspiracy to launder funds obtained through the access device fraud conspiracy, and, in facilitating that conspiracy, causing at least 162 money orders, worth $173,257, to be deposited into a bank account he controlled. As part of his plea agreement, Hernandez agreed to be subject to a forfeiture money judgment in the amount of $173,257.

A sentencing hearing is set to take place on March 1, 2022, before Senior United States District Judge Gary L. Sharpe. Hernandez faces up to 20 years in prison; a fine of up to $500,000 or twice the value of the property involved in the transaction, whichever is greater; and up to 3 years of supervised release. A defendant’s sentence is imposed by a judge based on the particular statute the defendant is charged with violating, the U.S. Sentencing Guidelines and other factors.

This case was investigated by the FBI Albany Field Office and USPIS Boston Division, with assistance from the FBI Field Offices in Miami, Pittsburgh, and San Juan, the USPIS Miami Division, the United States Secret Service Miami Field Office, as well as the New York State Department of Agriculture, Division of Weights and Measures. The case is being prosecuted by Assistant U.S. Attorneys Rick Belliss and Emily C. Powers.

https://www.justice.gov/usao-ndny/pr/miami-man-pleads-guilty-participating-access-device-fraud-and-money-laundering

Stolen Credit Card Number Testing Increases 200 Percent in 2017 Proving eCommerce Fraud is set to Explode

Alarming new data from Radial warns retailers of the urgency to manage fraud without compromising revenue or customer loyalty.

01 May, 2017, 09:00 ET

KING OF PRUSSIA, Pa., May 1, 2017 /PRNewswire/ — Just released data from Radial’s leading eCommerce Fraud Technology Lab adds another alarming statistic for retailers to contend with when delivering a seamless customer experience. To date in 2017, data shows a 200-percent increase in credit card testing, a tactic used by fraudsters to test stolen credit card numbers with small incremental purchases before making large-dollar purchases on the card, compared to the same quarter in 2016. Fraud also is up 30 percent year over year, proving to already struggling retailers that this is just the beginning of online fraud in the post-EMV world.

Managing fraud continues to be a double-edged sword for retailers. Many either apply tools that over-reject orders, but in the process decrease their customer transaction approvals and lose valuable revenue in return. Or, retailers build their fraud teams in-house, which often lack the historical data and rules to catch subtle card testing tactics like the ones identified by Radial. Card testing leads to more eCommerce fraud as it’s easily identifiable when a retailer is allowing these types of fraudulent transactions through.

“Our data adds another alarming statistic for retailers who may be unprepared to manage fraud activity in eCommerce. We know fraudsters won’t stop looking for opportunities to monetize their stolen data and will even automate this process once they have a card that appears to be working,” said Stefan Weitz, chief product and strategy officer at Radial. “This results in quick, large volume purchases that leave retailers vulnerable.  When retailers miss card testing, they’re contributing to future card attacks. Fighting card testing is complicated, but can stop millions of unanticipated fraud attacks if tracked and managed efficiently.”

The fraud landscape is rapidly changing and presents pervasive and growing threats for eCommerce merchants. Radial’s Fraud Technology Lab and a team of data scientists use their robust fraud platform to uncover how trends in fraud can drive down retailers’ bottom lines and increase their risk. According to Radial’s analyses, since August 2016, the market segments of electronics, entertainment, jewelry, and sporting goods experienced the highest increases in online fraud during the 2016 peak season.

“Increasing revenue has never been more important for retailers. They cannot afford to be slammed with fees that stem from missing fraud activity and must count on each good order getting approved,” said Weitz. “More retailers claim they are combatting fraud, but underestimate the other areas they’re endangering – like revenue and customer loyalty – when they don’t use the types of data sets Radial has to increase transaction approval and take on full liability of combatting fraud.”

About Radial

Radial is the leader in omnichannel commerce technology and operations, enabling brands and retailers to profitably exceed retail customer expectations. Radial’s technical, powerful omnichannel solutions connect supply and demand through efficient fulfillment and transportation options, intelligent fraud detection, payments, and tax systems, and personalized customer care services.

Hundreds of retailers and brands confidently partner with Radial to simplify their post-click commerce and improve their customer experiences. Radial brings flexibility and scalability to their supply chains and optimizes how, when and where orders go from desire to delivery. Learn how we work with you at www.radial.com.

Steps to Reduce Credit Card Fraud For Distribution Industry

dealer fraud credit card processingCredit card fraud is still rampant in the US, even after US EMV liability shift convinced many merchants to purchase terminals to support chip cards. Marine, auto, and other high value parts dealers have long had a problem mitigating fraud risk with local and international parts.

  1. For card not present orders, require self-pay with cardholder authentication. Taking cards over the phone, and or requiring a credit card authorization form, will not protect against all forms of counterfeit card fraud. However, consumer authentication shifts liability back to the issuer; the issuer guarantees payment, and because it’s lower risk, dealers can qualify for lower interchange rates, the bulk of merchant fees. Online payment, ecommerce payment, and electronic bill presentment and payment are the 3 methods dealers can use to enable self-payment.
  2. For retail orders, EMV is mandatory. Not by regulation, but by necessity. If a chip card is presented, and merchant supports, they’re 100% protected from counterfeit card fraud, and sometimes lost or stolen cards; if not supported by the merchant, the merchant can be automatically charged back at the issuers discretion and there’s no dispute process for merchants.
  3. Check guarantee. Whether in person or via echeck, check guarantee services are only good if they don’t reject your checks later on. Surprisingly (or maybe not), some services seem to look for ways not to approve your claim, such as information is missing from checks. This can be avoided with technology that forces users to collect the right data, including for remote self-payers.

If all of the above are implemented, dealers are protected from virtually any type of credit card fraud. The following tips will help prevent other types of lost disputes, or serve as supporting documentation if not all the above are implemented.

  1. Get a signed sales order. This can reduce non-fraud claims related to disputes about what was expected. The sales order should clearly state what was sold, refund policy, and cancellation policy, or refer to another document that specifies the information, but is initialed acceptance on the sales order.
  2. Ship to cardholder billing address. If not possible, then get cardholder approval that states bill to and ship to address are different, and they’re approval.
  3. Require all communications to cardholder business email address if selling wholesale. Free email like gmail is not OK.
  4. Require cardholder respond from business email address approving transaction receipt. This is a strong document in the case of a dispute for “I didn’t approve it”, especially when a third party is picking up the part from the dealer.
  5. The marine, automotive and other distribution companies are hit particularly hard with non-qualified transaction penalties when shifting between retail, key entered, and online payments. It’s critical that transactions are presented properly not only to qualify for lower rates, but to protect against lost disputes that require specific evidence for each type of transaction.

Not related to security, but critical for interchange rate qualification, the bulk of credit card processing fees, all services (retail, MOTO, ecommerce) should support level III processing.

In summary, dealers need US EMV and cardholder authentication to maximize risk mitigation from credit card fraud. US EMV requires terminal certification, and gateway certification* to your merchant account provider. Cardholder authentication requires a payment gateway certified for the service.  There are very few companies that meet all these requirements so if your credit card processing salesperson gives you a blank stare when you ask, it’s time to explore other options.

*A payment gateway certified for level III retail to your acquirer is required; countertop terminals are incapable of sending level III data.

Need an EMV terminal? The problem with desktop terminals for mixed retail & card not present

For mixed retail and card not present merchants, especially with a business to business customer component, a traditional desktop terminal can cause problems including failed PCI compliance, higher merchant fees, and increased losses from customer disputes  – the dreaded chargeback. To comply with EMV, now is the time to address multiple business needs to maximize profits.

Why is a traditional desktop terminal bad for mixed customer base?

Verifone VX520 VX805 EMV terminal

Verifone VX520 with VX805 EMV terminal

  1. Merchants have retail merchant accounts with their swiped terminal. When a transaction is key entered, it’s automatically qualifies for the worst non-qualified rate for the card type, because expected magnetic stripe data is not received.
  2. Key entered or card not present (CNP or MOTO/ mail order telephone order) transactions require additional data to protect against fraud losses. Users can bypass prompts if asked, but more importantly, the transaction is still presented as RETAIL, so retail rules apply for responding to disputes.
  3. Internal paperwork such as credit card authorization forms are PCI compliance nightmares and often don’t meet requirements to win disputes.
  4. For any business with a commercial account aspect, there is NO desktop terminal capable of qualifying merchants for the lowest fees, available only by supplying level III data.

What’s the alternative to a desktop terminal?

verifone MX915 EMV terminal

Verifone MX915 multilane signature capture terminal

Desktop software like PCCharge and ICVerify have all announced end of life because they cannot support new payment technologies like EMV. The swiper wedge that many small businesses have used do not support EMV and that won’t be changing, so they too will disappear. The alternative is a payment gateway with virtual terminal; a cloud based solution. Buyer beware. There are significant differences between gateways; many of them are not much better than a desktop terminal.

Virtual Terminal with EMV Buyer Tips:

  • Choose an agnostic gateway. That way if you want to change processors in the future, it’s not disruptive to operations.
  • Verify the gateway has an EMV certified terminal for your processor today. For example, First Data publishes their list of certified solutions here: First Data Integrated Partner Solutions Certified Listing.
  • Beware language such as, ‘EMV ready’ for both gateway and desktop solutions. EMV certified terminal is not the same as a certified solution that can be EMV enabled today with your processor.
  • Ask if the gateway supports level 3 processing for retail.
  • If the gateway cannot dynamically change transaction representment from retail to MOTO – and virtually none do- key entered transactions have the same risk as a desktop terminal.

What about mobile? Mobile EMV will largely be rolled out next year, as hardware needs to first be certified, and then all the other certification components will follow.

The only payment solution today that is supports level 3 processing for retail is CenPOS, which also has the most EMV terminal certifications of any gateways to date.

CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. CenPOS is available globally. For additional information, contact Christine Speedy, 954-942-0483.