Thieves Steal $10 Million, Pennies At A Time

These credit card thieves allegedly stole over $10 million by placing bogus charges on customers’ credit cards for amounts between $10 and $.20. Each customer was stolen from only once, spreading the theft out over a million different cardholders. Check your statements, there’s a decent chance you were one of them.

$9 Here, 20 Cents There and a Credit-Card Lawsuit [NYT]


Edit Your Comment

  1. eccsame says:

    If it’s only ten cents, it isn’t worth scouring my old credit card statements. I mean, if I didn’t notice the first time they can keep it.

    • Blueberry Scone says:

      That’s probably what they were counting on. Who really wants to spend a ton of time trying to get $0.25 taken off their bill?

    • TheoSqua says:

      I agree. If someone were to come to me and said if I gave them a quarter they could become a millionaire, i’d likely give them the quarter if I had it. So if someone wants to go through that much work and risk for a quarter i say they can have it.

      • AK47 - Now with longer screen name! says:

        The difference here is that they didn’t ask you for the quarter so you could give it willingly. They took it without you knowing or agreeing.

        • MaxPower says:

          Fine, if someone grabbed my wallet and stole a quarter… heck, even the whole change section, I wouldn’t care very much.

          • EarthAngel says:

            Hey now…If you don’t want your change section, can I have it?

            At least I asked. :o)

            • mythago says:

              Seriously. Please feel free to send me all amounts of money too small for you to notice.

              • lordargent says:

                I take all of my change and throw it into a bag, at the end of the year, it’s about $200-$400.

                /keeping my change

    • Blueberry Scone says:

      I have to admit, though, that the $10 seems pretty risky for the thieves. I think most people would debate a random $10 charge instead of one for only $1.00 or $0.10.

      • mac-phisto says:

        unfortunately, it’s not. the reason it’s not is b/c even if the cardholder disputes it, the card issuer needs to make a decision about whether or not to pay the costs associated with filing a chargeback. depending on the processor, this cost can be anywhere from $10-30/transaction. & that doesn’t include the time that it takes to pay an employee to do all the paperwork.

        most of the time, a bank simply won’t file the chargeback – they’ll just eat the cost of the fraudulent transaction & possibly block the merchant from future transactions if they notice a pattern of fraud.

        people really have no idea how much fraud actually occurs within global payment systems. as someone who deals with it daily, let me tell you – it’s frightening.

    • Duke_Newcombe-Making children and adults as fat as pigs says:

      …and that is why you fail. (or they win, depending on your view. My view is Yoda’s).

    • Clyde Barrow says:

      I think the problem is that an article such as this is making a point at how it affects society as a whole and like many times, it upsets a lot of people as though their lives just fell apart.

      But .10? That amount doesn’t affect me or you and I know from my statements that I haven’t gotten any. If I did? I could care less. It’s not my job to police these guys from ripping off everyone else. Not my job. Sure, $10M is a lot of money, but they didn’t steal $10M from me, maybe only a dime.

  2. Ben_Q2 says:

    They made many movies of this.

  3. PlumeNoir - Thank you? No problem! says:

    Just like Superman III…

    • Fineous K. Douchenstein says:

      Actually, what happened in Superman III was that employees were paid exactly, with the fractions of cents dropped, and a program was written to collect all those fractions of cents and put them into a single bank account.

  4. backinpgh says:

    The accompanying picture should totally be from Office Space.

  5. Hi_Hello says:

    It’s annoying trying to figure out the merchant on some of the transaction… they should let you click on the transaction and get full detail of who is who… I just google before I think it’s a scam.

  6. Etoiles says:

    I had to call my bank and get my card swapped last week over a fraudulent $4.82 charge.

    This is why I love having robust online banking. Check it 3+ times per week and catch everything quickly. For what it’s worth, the bank, BoA, was quick, polite, and efficient in handling it.

  7. johnrhoward says:

    If someone can get rich by stealing amounts of money too small for the victims to know or care about, then I say kudos to them.

  8. Gruppa says:

    My bank hates me. I work for a point-of-sale software company and regularly use my personal card to test tendering credit cards on our customers systems. Sometimes I charge and reverse up to a dozen .50 cent transactions, from different companies, in different states, in one day.

    They’ve never flagged my account or anything. Maybe after 6 years they’ve gotten used to it.

    • Tongsy says:

      I would think your company would have a corporate card to do this with.

      • sqlrob says:

        When I did POS testing we had special numbers from each credit card company that would respond in particular ways, with no real charges happening.

        This was back in oh, ’95 or so. They can’t do that now?

        • Gruppa says:

          We had an AMEX card to do testing with that I used for about 4 years, but suddenly it started getting declined. I guess you could still test with it considering a decline shows the system is working just as much as an approved transaction would.

          Using my personal card actually came in handy however. I had used an ATM to pull out some cash earlier in the day and apparently the machine malfunctioned and tried to re-enter my PIN 3 times within 10 seconds right after I had used it. I was still in the store and didn’t see anyone else use the ATM at that time so I’m sure it was some kind of glitch. My bank froze my card and I only found out about it after I had used it to test a clients POS software and it got declined.

    • AustinTXProgrammer says:

      Part of the software I develop works with credit card transactions. I believe our merchant agreement prohibits doing what you describe, although I have done it very rarely. Sometimes the test credit card numbers don’t cut it and you need end to end visibility of the transaction.

  9. Ed says:

    Does anyone else check their credit cards daily? I used to use Money and have switched to Quicken but my morning ritual is to wake up, log in to Quicken and update my statements and look at every transaction. We put EVERYTHING on the cards rather than write checks or use cash (and I’ll NEVER use a debit card) and have a number of automatic charges, so it is nothing to have 100-200 charges per month. I scour every single one of them, which isn’t hard to do when it is between 1 and 4 per day.

    • Muddie says:

      If I don’t check every day, it’s at least 5 times a week. I just log in and double check everything. Takes about 2 minutes. It’s easy enough to do while having your morning coffee.

    • Nigerian prince looking for business partner says:

      I don’t do it daily but I try to reconcile it at the end of each week, while the memory is still fresh in case I lose a receipts.

    • shoelace414 says:

      use The Mint. you don;’t have to put your banks in it, just put your credit cards. they have iPhone and Android apps.

    • Ben_Q2 says:

      Yes, I check it when I get up, in the middle of the day and when I go to bed. I was one of the programmers for Quicken back from 90 to 95. Funny I do not use it for myself just business.

  10. Tiandli says:

    If they had offered credit monitoring service for the tiny amount they automatically charged, it would have been legal.

  11. bikeoid says:

    A lone sleuth by the handle MGD has also been shadowing this group for years, trying to stop it. In summary a US company named ‘’ is making money from each of these transactions, and has no motivation to stop it.

    53 pages of investigative reports at

  12. TasteyCat says:

    These thieves are awesome.

    “‘There were more complaints about the 20-cent charges because they looked really odd,’ he said.”

    Really? Is a person’s time worth so little that they make a phone call over 20 cents? I realize there are enough people who like to hear the sound of their own voice and then there’s the retirees who make phone calls to businesses just to talk, but still.

    • nextyearsgirl says:

      Isn’t one of the first rules of credit vigilance that theives will often make small purchases at first to see if you notice, then escalate if you let a few dollars slide or don’t look at your statement?

      • Vhalkyrie says:

        Umm…yeah I’d call over a $.20 fraudulent charge. I’m not paying for a penny of a charge that I didn’t make. Not a single one. Not yours.

    • RandomHookup says:

      It’s more the concern that your card number has been compromised. That’s worth a call.

    • mythago says:

      So you think credit-card thieves just throw away the number when they’re done instead of reselling it to dumber thieves? That’s adorable.

    • Intheknow says:

      Yeah, I didn’t make much of a fuss over the dollar that was charged to my checking account either – didn’t even notice it for several days, then came the $100 and $200 charges. They were just looking to see if it was a valid checking account. They actually waited for me to get paid more than a week later before stealing the larger amounts.

  13. ellmar says:

    Forgive me if I’m missing something, but how is “between $10 and $.20” a valid range? Perhaps you mean to say between $.20 and $10?

  14. BuyerOfGoods3 says:

    This happened to my BOA account a while back..they never would tell me What the hell happened, just that it was an “ongoing investigation”


  15. operator207 says:

    This is why I have USAA send me an email everytime something changes on my bank account (debit, charge, deposit and daily balance). Yes, it’s a lot of email, but I only receive them on my phone (server side filters FTW!), and I just go through them on my down time during the day. Usually blow through them in a couple minutes max.

    Sometimes with this setup, I won’t even get out of the store to my car and I already have an email. Because of this, I now know which stores debit/charge immediately, and which do it in bulk.

  16. TerpBE says:

    This plan makes a whole lot of cents.

  17. Floppywesl says:

    They are blaming HACKERS!!!! Was the worm called DaVinci ????

  18. MightyHorse says:

    “Now Peter, your Chase statement shows that you’ve been missing a lot of loose change lately.”

    “I wouldn’t say I’ve been missing it, Bob.”

    “A ha ha ha ha, yeah.”

  19. thegoodshopper says:

    I read a similar article in our local paper how these thieves steal millions one dollar at a time. It is easy to bust them if they take off a huge amount from different people BUT if its some cents and a dollar here and there, that adds up to significant amounts. if victims don’t bother to complain for some cents to a dollar stolen from them, this kind of modus operandi will flourish.

  20. teqjack says:

    I dont know what my bank’s limit for flagging is, but I know there is one. Some months back, their computer flagged a charge (one cent) for a four-day-hold and generated a query to my EMail address. I replied that I had no idea what it was and had not authorised such a charge, and the bank refused to honor it.

    = = = =
    Should the banks be forced to better check into the actuality of a business account’s holders? Remember, to open a US bank account a Federal-ID number (tax ID from IRS or SocSec number) must be given and verified – is it not those agencies that should be doing more verification?

  21. coren says:

    I don’t think, I don’t think I’m explaining this very well. Um, this Seven Eleven, right? If you take a penny from the tray….

  22. MishunAcomplisht says:

    Why is the consumer responsible for spotting this and not the credit card companies. Once the details of the widespread crime is known, all major credit card companies should have to run database queries against the known transaction info and credit the accounts….duh!

    • cheezfri says:

      Credit card companies don’t issue refunds to customers. The banks that issue the cards do. And why don’t the banks do so? Who knows? Maybe they can’t definitively determine whether ALL transactions from any particular source are illegitimate. Maybe they are hoping not too many people complain and it all goes away. Maybe they are like pretty much every other company out there, and don’t have the manpower to do it. It’s more complicated than it looks.

  23. jpdanzig says:

    This Times article would be a lot more useful if the reporter had identified the names of the fraudulent companies. What company name should we look for on our credit card bills to see if we have been ripped off?

    • bikeoid says:

      There are hundreds of fake company names that they have used. They are constantly creating new company names to try to remain hidden.

  24. Cruise says:

    I actually got a call from Discover’s Fraud Department about a $3 charge from a Car Wash in Alabama…

    I hadn’t even noticed it on my statement…:(

  25. loquaciousmusic says:

    American Express called me a few months ago. There were two unusual charges on my card: one was a $19.95 charge for an online dating site, and the other was a $1 charge to Netflix. I told them that I hadn’t made either charge, but it got me thinking: I wouldn’t have missed $1 and certainly wouldn’t have noticed it if AmEx’s automated system hadn’t warned me.

  26. kitty says:

    As a merchant, it costs me $0.20 + 2.35% to charge a card. If they only charged cards for $0.10 to $0.20, how again did they make any money? The only folks who got rich were VISA/MasterCard! :)

  27. kobresia says:

    The fraudsters probably stopped the $0.20 charges because the transaction fees were probably more than the charges, so each one, they’d lose a few cents on. Only the companies handling the merchant accounts would make money off this scam.

  28. uber_mensch says:

    Not one reference to The Office movie?

  29. al says:

    So what, verizon wireless does this every month.

  30. -MGD- says:


    A lone sleuth by the handle MGD has also been shadowing this group for years, trying to stop it. ………

    Thank you for the recognition bikeoid !!

    Unfortunately, both the media and now the FTC have incorrectly diagnosed what is going on. That is a repeated trait over the years which has contributed to the failure of this massive fraud not being recognized for what it is. The multi million dollar a year fraud operation conducted by a sophisticated Organized Crime Syndicate operating from Eastern Europe, has cost consumers many hundreds of millions of dollars. The organized Crime Syndicate has been operating continuously since at least 2004, but can be traced as far back as circa 1999 – 2000.

    Having devoted in excess of 4,000 hours since 2004 in forensic investigation and research into this Organized Crime syndicate’s operation, I can tell you that this will ultimately will be properly identified as the largest, most organized, and continuous fraud operation in history, perpetrated against consumers. Even if you have not been the victim of a fraud charge ..yet, you are paying the financial system to subsidize and support the organized criminal fraud operation. Due to the time devoted to this investigation combined with the intelligence gathered from multiple infiltrations into the Organized Crime syndicate’s operation, I consider myself to be the primary expert and the foremost authority on this massive multi year fraud operation.

    While they are to be congratulated for their efforts, the current action by the FTC which states that over $10 million was charged over a four year period is totally incorrect. The FTC has only taken a small tiny minuscule bite out of the global operation. The FTC is apparently unaware that the total operation continues unabated. The interception by the FTC covers less than 5% of the active fraud operation. Rather than $10 million over 4 years the total cost to consumers for that period is estimated to be in excess of $250 million ($.25 billion)

    Over the years numerous articles on the fraud have appeared on Consumerist:

    All the entities mentioned here are positively confirmed as this Organized Crime Syndicate:

    All from

    March 11, 2008
    “Check Your Credit Card For Fake Charges From “Ich Services”

    April 29, 2008
    “Watch Out For $9.87 Credit Card Scam From”

    April 29, 2008
    “More Info On The $9.87 Credit Card Scam”

    July 16, 2008
    “Bestsmartstore Is A Scam, Check Your Statements For Fake Charges”

    January 13, 2009
    “Did Adele Services Charge Your Credit Card? The Company Does Not Exist”

    January 2008
    “consumer alert

    Here’s another fraudulent charge to watch out: charges in the amount of $9.45 or $9.40 from your checking account from an “advertising company” called HBS. A reader says it happened to him, and when he searched online, he found others, a good number of whom had ordered credit reports from Equifax.”

    May 1, 2009
    “just got a fake charge on my Visa bill from “EASTCOASTMOBILESTYLE” for $4.56. A little googling as I was on hold with my CC company revealed it’s a front for gangsters in Russia.

    August 27, 2010 8:29 PM

    The fraudsters probably stopped the $0.20 charges because the transaction fees were probably more than the charges, so each one, they’d lose a few cents on. Only the companies handling the merchant accounts would make money off this scam.

    August 27, 2010 7:10 PM

    As a merchant, it costs me $0.20 + 2.35% to charge a card. If they only charged cards for $0.10 to $0.20, how again did they make any money? The only folks who got rich were VISA/MasterCard! :)
    /End Quote

    Congratulations Kitty, excellent observation, you underscore what many in the media and the FTC have failed to recognize. There were two distinct components of the OCS operation which were lumped together by the FTC and the media. The millions of fraud charges processed for $.25 to $.30 that were reported back in early 2009 in such articles as the Boston Times, titled: “Mysterious credit card charge may have hit millions of users” mis diagnosed and got it wrong. The GFDL and other accounts which were set by the OCS to ping and validate cards. The $.17 to $.27 amounts were not intended as fraud charges per se, the OCS was forced to hit them with tiny amounts to cover the processing of “ping tests”. Prior to this the OCS used to hack into small business merchant accounts, many were PayPal, and over a weekend would run many thousands of “pre authorizations” against card databases in order to validate the card data before running them through their own fraud laundering accounts for the $10.

    The small business hacked accounts would get a bill for several thousand $$ for the pre auth, a pre auth costs ~ $.15 to $.30. For years, documented as far back as 2004 – 2005, that was the ideal method since pre auths roll off the card after 24 to 48 hours. Victims would never know the card was tested unless they checked online and saw the pre auth & pending. It took a while but processors eventually caught on and all merchant accounts now have an auto pre auth limit. If the systems detects unusual pre auths coming in from any merchant account, it will block pre auths after 20 or 30 sequential submits, the account will have to then be manually reset after a call is made to a merchant. That change killed the OCS’s multi year tactic of hacking into vendor accounts. For years it is alleged that only required an Account ID, not even a password to submit pre auths.

    So kitty and 1863650 you are correct, the $.27 charges were never intended to be processed as revenue generating fraud, rather as a distinct method of pre checking cards to make sure they were valid. Once the real card fraud laundering merchant accounts are set up, the only real chance that they have of being closed down is due to excessive rejects or charge backs. By pre validating the unknown history of some of the hijacked card data the OCS mitigates the risk to the real card fraud laundering accounts.

    Unfortunately is now owned directly by VISA, as the recently purchased the parent company Cybersource. VISA will now collect fees twice for each of the millions of fraud charges processed by this Organized Crime Syndicate every year. There is little if any incentive for the massive criminal operation to be stopped as all the related financial entities involved including processors collect a toll along the way. Consumers are not routinely refunded even when the fraud is discovered after the proceeds have been wired out of the country.


    This Times article would be a lot more useful if the reporter had identified the names of the fraudulent companies. What company name should we look for on our credit card bills to see if we have been ripped off?

    You can see them on a list posted here: which also includes links to the FTC documents. However those are now NLA because of the FTC action. There more important aspect is that there are hundreds still active and in process. Again the FTC action only represents a small fraction of the massive card fraud laundering operation. If you read the above link I pointed out one of the serious flaws in the FTC’s investigation:

    said by :
    The scammers evaded detection by keeping each charge under $10 and stealing from each cardholder only once, spreading the theft across more than a million cardholders, the suit says.

    Totally wrong, they hit the same cards repeatedly, but there could be one two or even three months in between. No one has looked at the big picture. A victim who never noticed at first, had 19 charges over a 2 year period. The forensic error in the FTC investigation is that they may only be looking at those who reported the fraud. In those cases the victims would have canceled the card thus it may appear as only a single charge. The evidence uncovered in my multi year investigation completely refutes that refutes that assumption. In fact, in the above link you will see in the following posts where I have documented multiple cases where the fraud entities shut down by the FTC had cross charged many victims cards who had multiple fraud charges from numerous other fraudulent merchant accounts of the Organized Crime Syndicate. That failure to do an extensive forensic investigation has resulted in the FTC only discovering a tiny portion of the massive and still ongoing card fraud laundering operation.

    A few examples of the OCS’s currently active card fraud entities are:



    Prior victims of the IMGAMED.COM fraud who did not cancel their cards are now being hit for a second time with fraud charges from this fresh OCS set up:

    ROSMANNENTERPRISES.COM aka Rosmann Enterprises LLC 305-767-1953

    I will follow up with a brief posting to outline the complex and sophisticated structure of this Crime Syndicate’s operation, and how it has embedded itself virtually undetected within the banking and financial system.

    August 27, 2010 3:21 PM

    If someone can get rich by stealing amounts of money too small for the victims to know or care about, then I say kudos to them.

    Wrong attitude !!

    Though 80% of the charges go “uncontested”, not all are for the lack of consumer’s note noticing. Depending on the CSR at the bank, many victims are told to contact the “merchant” first. The merchant of course are the “Criminals”, some consumers give up in frustration, not because they do not catch the fraud.

    There are also several examples of what has to be the most atrocious inadvertent support of the criminal enterprise by the banking system.

    Example: A recent victim of the OCS’s $9 fraud charge catches it and calls her bank, Chase, and reports the charge. Chase suspends the charge and sends a dispute notice to the merchant “OCS”. The criminals attach a print out of the purchase transaction to the dispute notice and returns it to Chase bank. Upon receipt Chase turns back around and notifies the card holder that the charge is “legitimate” puts it back on the victim’s card bill and tells them that they must pay it. Victim totally frustrated, they know it is a fraud charge going to support an Organized Crime Syndicate.

    One of the reasons why I call this entire almost decade long criminal enterprise as a “FRAUD TAX” imposed upon consumers by the banking and financial system.

    Even if YOU have not been the victim of a fraud charge, you should care !! First, it is only a matter of time before you are hit with one. And second, though I have traced the laundering of the fraud proceeds all the way to specific bank accounts in eastern Europe, Asia, and central America, and a little bit beyond, it is not known who exactly the millions of dollars a year are going to. Nevertheless, I can assure you that the funds are not supporting hungry children in far off orphanages. You should also care because this criminal operation has embedded itself within the global banking system and operates virtually unfettered, and has for years. It gets media attention every know and them when “errors” occur, then fades away from public view.

    August 27, 2010 3:14 PM

    I had to call my bank and get my card swapped last week over a fraudulent $4.82 charge.

    Can you post the name from the billing descriptor ?

    Based on the amount of $4.82,, perhaps ??


  31. GuidedByLemons says:

    You could probably get a $10 charge past me without my notice if you put it under a plausible merchant name, something that sounds like a convenience store or something. $0.20, though? That would be bizarre; I don’t charge $0.20 purchases. I would notice immediately and call my credit card provider about it.

  32. 99 1/2 Days says:

    At least they were smart and didn’t steal toothpaste at CVS. You deserve to die for that apparently. The comparison of the comments are telling.

  33. buckeyegoose says:

    screw taking her money, i wanna feel da hiney

  34. BATL says:

    was one of the “merchants” KCSOFTLLC COM?

    This fraudulent charge appeared on my Chase account twice. The 1st time it appeared, I brought it to Chase’s attention. Instead of investigating, they issued a “courtesy credit” (sounds like exactly what the fraudsters wanted). The 2nd time it happened, I closed my account given that Chase still refused to investigate. This was in 2007/2008.

  35. -MGD- says:

    KCSOFTWARECOM LLC aka KCSOFTLLC.COM was not one of the merchants in the recent FTC action. However KCSOFTLLC.COM, is, or rather was, one of this organized crime syndicate’s card fraud laundering entities. KCSOFTLLC actually hold the record as the longest operating card fraud merchant account. That cell began in 2004 and lasted thru the first quarter of 2010 when they were finally shut down.

  36. banmojo says:

    clever crime on some level