In March of 2015, the Los Alamos Police Department (LAPD) noticed a specific increase of credit card fraud from Los Alamos citizens and visitors to the community reporting unauthorized charges on their credit card accounts as well as “on-line” postings of fraudulent activity in the area.
LAPD Cmdr. Oliver Morris explained that LAPD began to investigate circumstances that there may be a “skimmer” in Los Alamos County or a malware hack of point-of-sale software used by local businesses.
The LAPD Investigations section began compiling victim’s card usage to address the issue. During the investigation, it appeared that a type of “Memory Scraping,” was occurring. This method captures credit card information when swiped during a transaction. The information will remain on some business point-of-sale systems, unencrypted for several seconds. There is some malware that will capture that information in that short time period undetected.
The pattern that the LAPD has observed, is that once a victim has used their credit card at a compromised system, it may take up to two weeks until a fraudulent charge occurs on one’s account.
This stolen credit card information was most likely sold on-line to criminals who cloned that information to create a fictitious credit card and begin to use it fraudulently across the country. The LAPD has been communicating with financial institutions, local businesses, and the United States Secret Service (USSS) to address the rise in credit card fraud occurrences in our community.
LAPD reached out to the USSS Special Agents in the Denver, Colo., field office and they were made aware of a new strain of malware called “FindPOS” that has been affecting point-of-sale provider companies across the United States since November of 2014. They reported their field offices throughout the nation have been investigating this new strain.
Once malware of this type is located in businesses point-of-sale software providers, they must “scrub” their system to ensure the malware is removed and a new system in installed. According the USSS Denver Field office this has already taken place for one software corporate provider for a Los Alamos business. The LAPD is encouraging all local businesses to check with their point-of-sale software providers to ensure their systems are not affected by the “FindPOS” strain of malware.
“The Los Alamos Police Department wants to encourage the reporting of credit card fraud so that future steps can be taken to investigate criminal patterns,” Morris said. “It is also important to remember to regularly check credit card and banking statements for unauthorized charges.”