Mystery surrounds the identity of the merchants at the
centre of an international counterfeit debit card ring tackled by
US law enforcement agencies.
The OfficeMax office supply chain was initially identified by
police as one of the sources for stolen account data, used to make
the counterfeit cards.
But OfficeMax has maintained it was not the source, citing an
internal investigation it conducted using independent
investigators. Police had said several of the victims of the fraud
had been recent OfficeMax customers.
Customers have seen their card accounts used to buy goods and
withdraw cash from ATMs across the US, and in countries including
the UK, Pakistan and Spain.
Police have arrested 14 people alleged to have taken part in the
fraud ring. Police believe some have links to international fraud
rings.
It is quite often the case that the merchants identified as
being part of such card fraud operations are not immediately
publicly exposed, if at all.
CitiBank, for instance, has so far not identified which merchant
was responsible for leaking customer data which led to it recently
replacing a large number of debit cards after it discovered a major
card fraud.
Disclosure of lost customer data varies from state to state in
the US, with California the tightest on demanding that customers
are informed of data thefts as soon as possible. If companies
responsible there do not act quick enough, they face legal
action.