Scammers: A police officer shows reporters fake credit cards at the Jakarta Metro Police headquarters on Thursday. Police have arrested four suspected members of an international credit card falsification syndicate and have seized dozens of fake credit cards from them.(Antara/Zabur Karuru)
Jakarta Police have recently arrested four people alleged to be involved in a credit card scam of stealing data from the Body Shop cosmetics store, an officer revealed on Thursday.
Special crime deputy chief Adj. Sr. Comr. Herry Santoso said that two of the suspects — married couple SA and ACN— were arrested in Medan, North Sumatra, while FA and KN were arrested in Sidoarjo, East Java.
“Two banks, Mandiri and BCA, filed report with us in March as they suspected the data of their customers’ credit and debit cards was stolen during transactions in several Body Shop stores in Jakarta,” he said.
The police found that the computer system of the cash registers at the stores was infected by Trojan viruses. The malware was used to steal the data of the cardholders, which was sent to the security crackers whose IP addresses were located in countries such as Germany, France, China and the US.
“The hackers sold the data on international chat forums such as icq.com, topdumpspro.com and dumps777.com. One of the chat forums was accessed by suspects FA and KN,” detective Comr. Roberto Pasaribu told The Jakarta Post.
The two later sold the data to SA and ACN, who printed fake cards with the stolen data.
The stolen data was also used in Pekanbaru, but the suspect was still at large, said Roberto.
The arrest of SA and ACN led to the police apprehending the suspects in Sidoarjo.
From the four suspects, the police confiscated five laptops, one card encoder device, 75 fake credit cards, three computer printers, one electronic digital capture (EDC) device, one computer modem and cellular phones.
KN said that he found out about the chat forum from his car-race partner, FA, last year. At that time, he was curious about his friend, who was always busy with his laptop. FA told him about a site that he used to buy credit and debit card data and KN decided to join him.
“I made an account in the online chat site ICQ, bought the data numbers and sold them to SA and ACN,” he told the Post.
SA and ACN, he said, bought the credit card data, with prices ranging from Rp 200,000 (US$20.40) to
Rp 500,000 per number. He also taught them how to create a savings account, use the numbers, create fake credit and debit cards and how to use them for shopping.
Meanwhile, W. Max Charles Taulo from the Indonesian Credit Card Association said that the credit and debit card scams had become an international nuisance.
“International investigators have found international cyber crime syndicates that can access data from MasterCard and Visa card customers,” he said, adding that, therefore, the customers needed to avoid swiping the credit or debit cards in the EDC device more than once in one transaction.
Body Shop’s head of corporate communications for Indonesia, Rika Anggraini, said that the company had prevented further credit and debit card phishing by replacing the infected cash registers in all stores in Jakarta and swiping the cards only in the EDC device.
The infected cash registers were reportedly found in its stores in Lotte Mart Bintaro, Taman Anggrek shopping mall, Pondok Indah Mall, Kelapa Gading 1, Kelapa Gading 2, Mal Kota Casablanca and Pasaraya Blok M.
“We advised our employees not to swipe the cards twice,” she said, adding that the customers were now safe to hold transactions at the stores. (tam)