The FTC has busted a huge online payment scam where more than $10 Million in bogus charges were made to more than 1 million customers credit and debit cards. The Federal Trade Commission has halted the scam pending a trial.

More than a million customers here hit with charges of $10 or less, which where then routed through several fake businesses and dummy corporations in the US. The money was then transferred to bank accounts in Eastern Europe and Central Asia.

The defendants started companies with names similar to real businesses using information stolen from identity theft victims. There were more than 100 business accounts opened using the stolen information used to process the online transactions. It is believed the the identity theft victims where chosen by the thieves after a credit checked to ensure they were creditworthy of starting the bogus businesses.

The thieves then gave each of the fake merchants an address similar to a real companies location. They also added phone numbers and website address that pretended to sell products. According to the FTC the thieves then recruited at least 14 people in the US to open 16 dummy corporations, who then opened associated bank accounts to receive the credit card payments. The payments were than transferred over seas to bank accounts in Lithuania, Estonia, Latvia, Bulgaria, Cyprus, and Kyrgyzstan.

It is still unclear how the defendants got their hands on the stolen identities or consumer credit cards and debit card numbers. None of the identity theft victims would have had direct contact with any of the defendants. Victims mostly likely didn’t notice the charges to their accounts because of the small amounts that were charged. All of the charges were between $10 and .20 cents, but if a consumer was to call about the charge they would simple be hung up on or left with a recording.

This is a pretty good scam in my opinion. I have to say I haven’t heard of anything white like it before, and it seemed to work pretty well. Making large charges would have brought a lot of attention, but small charges which were routed through dummy businesses who then got routed through other fake businesses, who were started by identity theft victims, was very smart indeed. The FTC caught the scam but they still don’t know who the people are behind it. I guess that was the point of the scam to prevent a paper trail from leading to the real master minds of it. The sad thing is if they don’t find the people responsible they could just start all over again with new companies.

Looks like employing the classic legal strategy of delaying the case has paid off for the American Bar Association—at least for the time being. A federal judge today determined that lawyers should be exempted from the Red Flag Rules intended to curb identity theft.

The Red Flag Rules go into effect this weekend for all businesses that fall under the Federal Trade Commission’s definition of creditor. Essentially, the FTC considers any business that provides services before payment is rendered or allows customers, clients or patients to make payments on their bills to be a creditor.

Federal Judge Reggie Walton said he disagreed with that definition, and that the definition was so broad that a plumber who worked on a toilet for two days before billing the customer would be considered a creditor.

“I have a real problem with concluding that Congress intended to regulate lawyers when these statutes were enacted,” Walton said.

Whether or not the FTC will appeal the decision is anyone’s guess. When asked, FTC General Counsel Willard Tom replied, “It’s safe to assume the commission is going to consider its options very seriously. We think there is no reason lawyers should be exempt.”

This is only the most recent dust-up surrounding the Red Flag Rules. The American Medical Association also took umbrage at the notion that its members are creditors, and enforcement has been delayed several times.

Red Flag compliance requires that creditors
• Know the warning signs of ID theft.
• Have a plan in place to react to any ID theft red flags.
• Designate an employee to oversee the plan.
• Train all employees.
• Document the plan.

Nearly 10 million Americans become identity theft victims every year.

Three recent examples of the illegal sale of consumers’ personal and financial information illustrate the need for LifeLock identity theft protection.

Rental Research Services’ failure to screen customers requesting consumer information resulted in the sale of at least 318 credit reports to identity thieves, according to a complaint filed by the Federal Trade Commission.

RSS uses information from the credit reporting agencies to provide a screening service for landlords who want to vet prospective tenants. Unfortunately, they failed to maintain “reasonable procedures to prevent such impermissible disclosures and to verify their customers’ identities and how they intended to use the information,” according to the complaint.

The reports allegedly provided by RSS to the identity thieves contained names, Social Security numbers, birthdates, bank and credit card account numbers and credit histories.

A $500,000 judgment was brought against RSS, but suspended because the defendant claims they are unable to pay it.

ChoicePoint, another data aggregator, agreed to a $10 million settlement of a class-action lawsuit in January after admitting they sold more than 160,000 consumer reports to identity thieves, though neither the company nor its officers admit in wrongdoing.

“I think the point we wanted to make is we’re not a company going around willy-nilly selling data to anyone who wants it,” Choice Point’s information security vice president, Aurobindo Sundaram, said in a an interview with SCMagazineUS.com.

In Canada, the federal privacy commission is investigating Landlord Source Centre, a service that provides financial and background information on tenants, for posting a website with extensive tenants’ information, including mental health diagnoses, personal and identifying information about their children and details of previous landlord-tenant disputes.