Consumer Watch: 'Bank Robbers' of Our Generation

By Amanda Taylor, News 9 Consumer Watch

OKLAHOMA CITY -- David Lammon learned about computer hackers the hard way.

In March, he had a meal at Buffalo Wild Wings on I-40 and Rockwell in Oklahoma City. He used his debit card for the meal. A day later, when he went to buy gas, his card was denied. 

That's when he called the bank and was told someone had stolen his debit card information and was going on a shopping spree. 

"They were going to Wal-Mart and they were charging over 300 dollars each time," Lammon said.  "I see it happening all the time, but I never thought it would happen to me."

The restaurant believes an outside hacker is to blame. 

Experts from Trustwave Spider Labs, an information security firm, said the crooks get their loot in three ways:

• First, they find a business that doesn't have very good security on their computer, then they install their program, which copies every piece of information including credit card swipes.
• Secondly, another group buys that information in what's been called "the credit card underground."  They make plastic cards with the stolen information encrypted on them.
• Finally, a third group buys the cards in order to purchase big ticket items like television or construction equipment and then sells them for cash.

These types of hackers are commonly called "modern day bank robbers."

"They can get a lot more going through a computer then they can get walking in a bank," explained Elaine Dodd with the Oklahoma Banker's Association Fraud Division.

She said the bank card bandits are all over the world, and they often use fake IP addresses to avoid being tracked. 

Dodd says her division has recently seen a rash of crooks using cards in Florida, Georgia, Houston and Dallas.

Businesses are not required by law to make their computer systems safe. 

Trustwave experts explain:  According to the Payment Card Industry Data Security Standard, a company should use multiple layers of security to protect sensitive data. But if a business makes less than $500,000 per year in any one credit card type, they're not required to have the recommended security measures in place.  They are referred to as a level four merchant, which is the smallest classification of card accepting merchants (example Walmart would be a level 1 merchant which would mean they would need to have more layers of security). 

While level 1 companies are not required to have these recommended security measures in place, it is strongly recommended.  However if they get hacked into, then they could still face fines by the credit card industry and card processing banks for failure to comply with the standards.

Consumers are typically not liable for unauthorized purchases.

To avoid the hassle of having your bank account depleted, Dodd suggested looking at your bank account every day. By looking for unauthorized charges and catching it early, it limits the amount of money that will get depleted and stops a crook in his or her tracks, she said.

Chances are, the places that have had a security breach are probably the safest places to go because they've beefed up their systems.  Buffalo Wild Wings said they've done just that.

Consumer Watch airs Mondays, Wednesdays and Thursdays on NEWS 9 at 10 p.m.

More:

• Read Amanda's Blog
• E-mail Consumer Watch