After the Home Depot breach of some 56 million pieces of card data, it was only a matter of time before it would deliver the fraudulent purchases that fund such an attack. That time has now arrived with bad purchases now “rippling across financial institutions and, in some cases, draining cash from customer bank accounts,” The Wall Street Journal reported Tuesday (Sept. 23).
“The fraudulent transactions are showing up across the U.S. as criminals use stolen card information to buy prepaid cards, electronics and even groceries, these people said. In some cases, the fraudulent transactions have been tracked to batches of cardholder accounts that are tied to specific ZIP Codes, they said,” the story said.
Just to keep matters interesting, investigators are tracing some of the fraud to multiple recent retail breaches. That is making the task of tracking specifically where the fraud is coming from—a critical first step to proactively anticipate and halt the fraud—far more difficult. “The flood of recent incidents across numerous retailers means that cardholders may have shopped at more than one merchant that had been attacked, making it difficult to decipher which fraudulent transaction is tied to which breach. Banks also may have found fraudulent transactions stemming from the Home Depot hacking before they were aware that the breach had occurred,” the Journal said.
A Javelin Strategy & Research report estimated that fraud losses from existing bank accounts and credit-card accounts rose 45 percent last year to $16 billion.
The Journal gave an example from the Air Academy Federal Credit Union, which it said had detected about $20,000 of bogus purchases tied to cards that had been exposed from the Home Depot breach.
“It’s not huge, but for a three-week period, it’s a big start,” said Brad Barnes, chief financial officer at the credit union in Colorado Springs, Colo..