http://www.bankinfosecurity.com/michaels-breach-how-fraudsters-pulled-off-a-8696
By Tracy Kitten
@FraudBlogger
Bank Info Security
November 20, 2015
More than four years after the point-of-sale attack that struck 80
Michaels craft stores throughout the U.S., compromising nearly 100,000
payment cards, details about how the attackers pulled off their scheme
have finally emerged.
On Nov. 17, Crystal Banuelos of California, a lead defendant named in the
2011 Michaels debit breach, pleaded guilty to conspiracy to commit bank
fraud and aggravated identity theft (see Michael's Breach: What We've
Learned).
Banuelos' sentencing date has not yet been set. She faces a maximum
sentence of 32 years in prison and a $1 million fine.
In her plea filed with a New Jersey District Court, Banuelos notes that
she conspired to steal credit and debit card data, as well as PINs, from
Michaels' customers, and knowingly used counterfeit cards created from
that stolen data to conduct fraudulent cash withdrawals at ATMs.
In all, authorities believe Banuelos and Angel Angulo, a co-defendant
named in the indictment whose case is still pending, stole $420,000 from
banks through fraudulent ATM withdrawals. Banks defrauded in the scheme,
according to the indictment, include U.S. Bank, BMO Harris, Bank of
America, JPMorgan Case, TD Bank, Beneficial Bancorp and Wells Fargo.
To perpetrate their crime, prosecutors allege Banuelos, Angulo and other
unnamed conspirators swapped out 88 legitimate POS devices at 80 different
Michaels locations across 19 states with manipulated terminals that were
used to capture and store card data and PINs.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
