If Mari Frank could become a victim of credit-card skimming at a restaurant, then no one is immune to the crime.
An expert on identity theft, a lawyer and former California assistant district attorney, the outraged Frank, whose own credit-card identity was stolen in 1996, was prompted to launch a Web site devoted to helping victims of the crime she calls “financial rape.”
A frequent guest on network television talk shows, Frank even had visited the White House when President Clinton proposed the Consumer Protection and Financial Privacy Act. She appeared in a photo with the former president and Hillary Rodham Clinton, showing off one of the two books she had written on the subject of identity theft.
So imagine her surprise when, following a business trip to New York last summer — where she had come to demonstrate credit-card skimming before a group of Chase Manhattan Bank officials — she received an $11,000 American Express bill for fancy truck accessories that she never had purchased.
Frank, who lives in Laguna Beach, Calif., believes her credit card was skimmed in a restaurant while she was in New York demonstrating the very crime she fell victim to. If she’s right, then she joins thousands of other restaurantgoers who make up the vast majority of credit-card skimming victims.
Law enforcement authorities and bank investigators believe that as much as 70 percent of all cases of credit-card skimming or cloning stem from rip-offs in restaurants. Gas stations, which are the next most active retail sector for skimming, register a distant second, with 14 percent of all reported cases occurring there.
While credit-card company officials claim that instances of skimming are declining because of the development of new programs to deter it, they say that operators still must be wary of the crime, which undermines the consumer trust that operators work so hard to build.
“When I returned home from New York, I had my AmEx Platinum in my wallet,” Frank says. “But I opened my billing statement and found $11,000 worth of fraud that was made in the desert of California for truck accessories, like tires and fancy wheels, while I was in New York with my card.
“AmEx was very good about it and sent me a new card, but I knew I had been skimmed.”
Experts say that skimming may be costing the major credit-card companies as much as $300 million a year collectively.
Credit-card skimming occurs when the data on the magnetic strip on the back of the card is captured by swiping a customer’s card through a skimming device that resembles, in most cases, a beeper.
The information from the magnetic strip then is stored in the skimmer until its memory fills up or until it is downloaded to a computer or transferred to produced cloned cards.
Because the device is small enough to fit unseen in an adult’s hand, an unscrupulous waiter, bartender or cashier could swipe the card without being seen, says Buddy Tinnell, director of fraud control for Visa USA.
The restaurant industry is particularly vulnerable, Tinnell says, because it is one of the few retail sectors where, for a few moments, customers are separated from their credit cards and often can’t see their servers processing payment authorizations.
The criminals who specialize in the crime prey on restaurant staffers who consider themselves underpaid, knowing they will be tempted by perswipe bounties of $20 to $50. At the end of a shift, servers turn the boxes over to their “handlers,” who make counterfeit cards or Internet purchases before the unknowing victims receive their next billing statements.
Tinnel reports that credit-card skimming first materialized in the mid-1990s when e-commerce and other types of electronic transactions started to become popular.
“Any technology that has a legitimate purpose can easily be abused without fail by a criminal,” Tinnel says. “It’s an enabler.”
“Young people who fall for this think that they are doing nothing wrong, that it’s not hurting their employers,” he adds. “But this is a form of counterfeiting, which brings in the Secret Service and a range of bank investigators. And when these young people are caught, they are as guilty as the person who uses the card fraudulently.”
Credit-card skimming appears to be declining as a result of numerous educational programs — such as posters alerting employees to the crime and seminars by credit-card companies and state restaurant associations. Still, cloned credit cards cost Visa about $60 million a year, Tinnel estimates.
Tinnel says Visa offers $1,000 for information leading to the apprehension of people involved in skimming.
Christine Elliott, a spokeswoman for American Express, says she could not disclose how much the crime costs the company, but she says her company has a very active program to alert its restaurant clients to the perils of skimming.
“We have a number of pamphlets and programs to help owners identify the crime, but it involves some fairly sophisticated technology that could be re-engineered against us if we discussed it in public,” she says. “But we are constantly talking to law enforcement and others about it.”
A spokesman for MasterCard International says the company is experiencing the same kind OF skimming rates its competitors are. However, the spokesman says the company has entered into a pilot program with Meg-Tek, a California manufacturer of security software and hardware for financial institutions, that allows retailers to detect cloned credit cards. He says the test is underway in Malaysia and other parts of Asia, where skimming is widespread.
In America, industry experts say, the crime is prevalent in states that enjoy high tourism and business travel.
According to studies, California, Florida and New York account for more than half of all skimming cases. California has 26 percent of all cases, and Florida generates 23 percent. New York, at 8 percent, is about equal to the rate that occurs in Mexico.
The director of security and risk management for a national dinnerhouse chain says he is not surprised to hear that Florida is a hot spot for credit-card skimming.
He says the company earlier this year provided evidence and depositions to federal and local law enforcement agencies that may lead to the deportation of an ex-cashier who was observed b fellow co-workers skimming cards.
“In the wake of 9/11 and looking at the way some of those [terrorists] financed their activities, I think law enforcement is really interested in how this crime operates,” the chain official reports.
Requesting a anonymity, the risk manager says he could not be more forthcoming because his chain is continuing to work with authorities and the credit-card company in order to resolve the incident.
While credit-card skimming essentially is a consumer problem, given that restaurateurs will get paid whether a card is legitimate or not, operators say the crime undermines everything hospitality stands for.
Rob Finley, vice president of business development for the California Restaurant Association, says the reason operators need to help authorities stamp out the crime is that it represents the ultimate violation of trust between a diner and a restaurateur.
“When you go to a restaurant, the last thing you need worry about is your credit-card information ending up in the wrong hands,” he asserts. “And if you become a victim, your trust is just ruined.
“It’s just troubling that here we are at the height of this technological age, and when you have new technology, you have new crimes that didn’t exist before.”
Finley said the CRA, with support from Visa, has mounted an aggressive campaign to educate its members about skimming and how to prevent it.
Mike McGovern, executive director of the International Society of Restaurant Association Executives — an organization of chief officers and presidents of state restaurant organizations — called credit-card skimming “the quiet crime.
Although it doesn’t get as much attention as more traditional crimes of theft in foodservice, McGovern says operators err at their own peril if they think they can ignore skimming just because they aren’t losing money directly from it.
The one thing no restaurateur wants to be is an enabler for this sort of thing,” McGovern says. “If word got out that your restaurant was involved in something like this, think of the costs in prosecuting the employee and the image [problems] your business would suffer.”
McGovern says he was “stunned” and “spellbound” by a Visa-produced documentary on skimming he saw in California a year ago that detailed how easy the crime is to commit and how costly it can be for both credit-card companies and consumers.
Phillip Smith, a retail security expert with Zahay Investigations in Acton, Calif., says one of the reasons credit-card skimming succeeds is that restaurant employers are not taking the time to do deeper background checks or arrange ethics testing of employees. As a result, less-than-honest workers easily can be compromised when tempted with the money offered by criminals who clone credit cards.
Beth Givens, founder of the Privacy Rights Clearinghouse, a San Diego-based consumer education group, cautions that for all the problems credit-card skimming poses, it is but a tiny subset of the more insidious crime of identity theft.
“Credit-card skimming is a problem, but in our view it is not a very big problem when you look at the bigger picture of what we call application fraud,” she argues. “Someone can take over your accounts, credit cards, checking, what have you, and never touch your credit card or steal your checkbook.
“We call this account takeover, and it is one of the most difficult crimes to detect. But it is so easy to prevent if people just paid attention to their monthly bills, shred their credit-card receipts, took better precautions over their mail boxes and were more aggressive reporting unusual or unfamiliar charges to their creditors.”
Nevertheless, Givens argues that the restaurant industry could reduce skimming by embracing the practice of their colleagues in Europe, where checks paid with credit cards are swiped at the table with hand-held POS terminals in front of guests.
Some U.S. operators, however, voice concerns about the informality of such tableside procedures and the possibility that the hand-held technology itself could pose security problems.
THE SKINNY ON SKIMMING
WHERE SKIMMING OCCURS: TOP MERCHANT GROUPS
CAR RENTALS 1%
ALL OTHER 10%
Note: Table made from pie chart
SKIMMING MERCHANT LOCATIONS: BY STATE OR COUNTRY
NEW YORK 8%
NEW JERSEY 7%
ALL OTHER 21%
SOURCE: CALIFORNIA RESTAURANT ASSOCIATION, VISA USA, UNITED STATES
Note: Table made from pie chart