Mystery surrounds the identity of the merchants at the centre of an international counterfeit debit card ring tackled by US law enforcement agencies.
The OfficeMax office supply chain was initially identified by police as one of the sources for stolen account data, used to make the counterfeit cards.
But OfficeMax has maintained it was not the source, citing an internal investigation it conducted using independent investigators. Police had said several of the victims of the fraud had been recent OfficeMax customers.
Customers have seen their card accounts used to buy goods and withdraw cash from ATMs across the US, and in countries including the UK, Pakistan and Spain.
Police have arrested 14 people alleged to have taken part in the fraud ring. Police believe some have links to international fraud rings.
It is quite often the case that the merchants identified as being part of such card fraud operations are not immediately publicly exposed, if at all.
CitiBank, for instance, has so far not identified which merchant was responsible for leaking customer data which led to it recently replacing a large number of debit cards after it discovered a major card fraud.
Disclosure of lost customer data varies from state to state in the US, with California the tightest on demanding that customers are informed of data thefts as soon as possible. If companies responsible there do not act quick enough, they face legal action.