Credit card fraud ring targets gay Seattleites

Authorities continue to investigate a wave of fraudulent credit and debit card charges that have targeted more than 100 gay Seattleites.

Matthew Walsh, one of the partners behind the popular Capitol Hill eatery Broadway Grill, confirmed on Friday, Nov. 4, his restaurant was not only a focus of a Secret Service investigation, but a fraud victim.

According to Walsh, the Grill's bank and credit accounts were breached and the same individuals who were committing bank/credit card fraud on their unsuspecting customers also tried to completely wipe out the eatery's business accounts.

"I am seriously worried about the future of our business without the support of our community," Walsh told the Capitol Hill Seattle blog, who first broke the story last week. "We have been growing by leaps and bounds since I took over in June, not only in our new menu and food quality but also in our day to day operation. It is my hope that we have touched enough lives over the years to be able to count on our beloved customers for their support and continue patronage in this difficult time."

More than 100 people have reported fraudulent activity within the past two weeks. Each report contained the same theme: The victims had all been patrons of Capitol Hill Broadway businesses.

The Secret Service is the lead in the investigation, and the Seattle Police Department continues to provide assistant.

According to David A. Iacovetti, the agent heading the Secret Service's Electronic Crimes Task Force's Seattle office, the immediate threat to credit and bank accounts on Capitol Hill has been contained. He also said it is too early to release details of how the perpetrators accessed the information.

"In the newest Seattle case, police and Secret Service investigators say they've identified multiple points of compromise, and the businesses involved have upgraded their anti-virus software so the fraud cannot continue," Iacovetti told KOMO news. "The Electronic Crimes Task Force is pursuing leads on suspects, but the businesses involved are not being identified at this time."

Both the Secret Service and Seattle Police Department say no "skimming" devices were used, nor did any employee of a Capitol Hill business record and sell patrons' credit card information.

"A 'skimming' device is something that is put over a card reader that steals the information unbeknownst to the user," said Sgt. Sean Whitcomb, a spokesperson for the Seattle Police Department, laying rest to rumors such a device was used in the current rash of incidents on the Hill. "This type of fraud can happen at an ATM, gas station, or parking meter. But that is not what happened here."

Investigators have yet to determine how the fraudsters breached account information at Broadway Grill.

"Since the release of Restaurant Manager v15.1 in 2006, all software designed by ASI has been certified as fully compliant with the Data Security Standards of the Payment Card Industry (PCI)," Actions Systems, Inc., the Grill's POS service provider, told CHS Blog. "Restaurants using Restaurant Manager v15.0 or earlier have been notified repeatedly that they must upgrade to a more current version of the software before they will be able to operate as a PCI Compliant business."

In addition, the POS service provider said it is important to note there are many requirements for PCI compliance that have no relation to point of sale software. In other words, restaurants need to adhere to all PCI requirements in order to ensure to protection of sensitive consumer information.

According to Jeanie Walker, a representative for Seattle-based POS provider Dinerware, account breaches like this can happen from the technology side of the process or from the restaurant's own practices involving payment systems.

"There are 12 steps to being compliant," Walker told CHS Blog. "Five are in software, seven are on restaurant side."

She said holes on the restaurant side can range from failing to make the WiFi isolated and secure on a separate network from the point of sale system to storing credit card information incorrectly.

Still, the software can also breakdown. Tom Willis, a senior fraud analyst at Javelin Research, said the Seattle wave has the earmarks of a software hack. He told CHS Blog the fraud is "indicative of the smash-and-grab-type mentality," during which the objective is to net the largest amount of money in the quickest time frame," and get out before you leave too many clues about who you are."

That may be exactly what a local Seattle-based gang has done. As of yet, neither the Secret Service nor the Seattle Police Department has reported any suspects in the case.

The number of victims might easily exceed the more than 100.

"If people do nothing else, we want them to regularly check their bank statements to protect themselves form being defrauded and paying for someone else's charges," said Whitcomb. "Report fraud so we can get the info to the Secret Service."

Though the Seattle police are not the lead agency investigating this alleged fraud, it continues to collect possible fraud reports from the public. Contact your financial institution and the Seattle Police Department at (206) 625-5011 if you suspect your account has been compromised.