Credit Card Skimming Investigation Began in Arlington

Columns

by ARLnow.com December 20, 2011 at 9:30 am 9,504 51 Comments

Last week, a Maryland man was convicted of running a credit card skimming ring that operated in Maryland, Virginia and Pennsylvania from 2010 to 2011.

Authorities say the ring victimized hundreds of people and businesses by stealing credit card numbers, using those numbers to buy gift cards and merchandise, then returning the merchandise for cash. In some cases, the credit card numbers were stolen when restaurant servers, paid by the ring, ran customer credit cards through a “skimming” device that recorded each number.

The case against the now-convicted ringleader, 33-year-old Olubunmi Oladapo Komolafe, began building in Arlington.

According to an affidavit, a co-conspirator of Komolafe was stopped and questioned by police at an Arlington Macy’s store on January 30, 2010. The co-conspirator was attempting to make a purchase at Macy’s using gift cards that had been either re-encoded or purchased using a stolen credit number, according to the affidavit.

Eventually the suspect was let go, but he surrendered several gift cards to officers. From there, ACPD detectives began an investigation that eventually led to a U.S. Secret Service investigation and a federal case against Komolafe and four other men, including the co-conspirator who was initially stopped in Arlington.

bobco85

(From the Washington Post link): “…victimized more than 780 people…” and “…the group was responsible for thousands of transactions…”

Are you kidding me?! That’s a lot of people!

Which restaurants in Arlington were used in this credit card skimming ring? To be honest, if I find out, I will never go to those places again.
- CourthouseChris
  
  Why boycott the restaurants over it? Those skimming devices are like one cubic inch and any one of the servers could palm your card. Certainly the restaurants weren’t complicit.
  - Deeman
    
    I concur
  - CW
    
    I too would be hesitant to blame the restaurants as institutions or do anything like a boycott; HOWEVER, I would be curious as to which places were involved…someone could be holding onto a LOT of stolen info that they haven’t used to buy anything yet, and it would be nice for past patrons to at least know they might be at risk.
    - Courthouse tenant
      
      It was interesting 2 years ago when one of the employees that was skimming at a local restaurant was arrested, and then got another job as a cashier at cosi in courthouse before her jail date. When the press questioned the manager there, he refused to fire her even after knowing she was a skimmer. Needless to say, I didn’t eat there until she was convicted and sentenced to jail.
      - CrystalMikey
        
        Well, if you eat at Cosi, you are already getting ripped off once. Why not twice? haha
      - Courthouse tenant
        
        Actually, there were two separate women apparently. This is the woman that was working at Cosi :
        
        http://washingtonexaminer.com/local/2009/07/waitress-who-stole-credit-card-numbers-now-cosi-cashier
      - However, she wasn’t skimming AT that restaurant
        
        I remember the story you’re talking about and new many people that worked there as I visited there often living close. Though management did have knowledge that said employee had at one point participated in this scheme, she didn’t participate in it AT that restaurant. Her participation in a similar ring was almost a year prior to her being hired there and since they knew about it from day one, I’m sure she was under close watch.
        
        I didn’t know her, so I can’t say she was or wasn’t a good person who just did something stupid, and to society it was “wrong” for the newer restaurant to hire her (and defend their actions), but if they had proper management who knew about her past transgretions, knew of her upcoming legal battle, and watch her accordingly to protect their customers and did not see any signs of this activity happening again… is that really so bad that they gave her a second chance to make money, pay her bills,and support her child in an honest fashion? From little I saw occasionally dining at the restaurant she was pointed out to me and always seemed to be a good server and attentive to her customers… her interactions with other waitstaff and managers seemed nice too. I also did notice management paid special attention to many of her register transactions and she didn’t seem to have any problems with that. Some people need to cut others a break. It’s a crappy ring, but good people can do stupid things and they shouldn’t be shut out of working for the rest of their lives (or they’re more likely to go back to doing illegal things to make money).
      - Grateful
        
        Below you will find a link to an article regarding the skimming operation. It appears the person in question had worked for 701 Restaurant and Harry’s Tap Room and was charged with crimes there prior to working at Cosi’s. I am not sure if I would have hired her knowing her history.
        
        http://washingtonexaminer.com/crime-and-punishment/2009/07/waitress-who-stole-credit-cards-now-server-harrys-tap-room
      - Arlingtonian
        
        Having had my debit card # stolen a few times over the past decade (despite being ultra careful with my # and info) and knowing firsthand how crappy it is for the victims, it is hard for me to have any sympathy whatsoever for this person. Even as fast as CC companies work to resolve your claim and refund your money, you still have to undergo an investigation and prove you did not make the transactions. In the meantime you could be out of a lot of money that you desperately need to pay other bills. For that reason I now use my CC or cash instead of my debit card whenever possible. At least if someone steals my # they will not have access to my actual bank account. A lesson learned (on my part) to be sure, but back in the days when I didn’t make so much money it sucked to have to go through that. She made (repeated) bad choices and has to live with the consequences.
      - Actually it was a year before those jobs
        
        Harry’s was the place I was talking about her working since it’s out there… and she was charged with the crimes PRIOR to being hired there. I’m not saying they were 100% right, but both this and the statement above imply she went to cosi after running this scam in Courthouse/Clarendon which is not the case… her charges were from being in a restaurant in Crystal City over a year before being hired at Harry’s (at PC not Clarendon, the articles that came out weren’t correct about that). True, they probably shouldn’t have hired her if nothing else to save their own reputation, but this scam wasn’t run at their restaurant it was prior.
      - Courthouse tenant
        
        I am not against giving her a second chance, however she should not be allowed to be in a position where she handles money from the moment she was charged with a financial crime.
        
        In banking, if you have bad credit, have committed any crimes, etc., you cannot manage other people’s funds. Most banks check employee credit scores monthly or quarterly to ensure that an employee is not in distress and more liable to commit a crime. A less strict version of that principle should apply for anyone conducting customer transactions (Simply having not committed a previous financial related crime). There’s a basic level of fiduciary responsibility you expect of your waitstaff, and if they skim or steal, then they should not be permitted to manage customer transactions, and should instead be assigned to “back of the house” operations.
        
        The only other option I could see in a “second chance” situation is having the employee get a work bond, like this program: http://www.bonds4jobs.com/index.html. It isn’t available in Virginia however.
      - Tabby
        
        I can’t understand not feeling this way. I waited tables for several years. Being an honest and trustworthy person, not a scumbag who would steal from others, should be a given.
      - Zoning Victim
        
        I find it hard not to applaud them for waiting for her to be convicted instead of firing her when she may have been acquitted (you are innocent until proven guilty in this country), but I’m surprised the judge didn’t make staying away from customers’ credit cards until after the trial a condition of her bail.
  - Jason S.
    
    The restaurants are responsible for security within their property. Their staff took control of your card for you to pay. The restaurant hired the employee’s responsible for skimming the cards.
    
    The restaurants’ management very much played a part in this, at the very least it was incompetency and carelessness.
    - Done and Done
      
      Bingo. The restaurants hired the non-law-abiding skimmers. At a minimum, it shows incredibly poor judgment there, which makes me wonder where else they might look the other way.
      - Zoning Victim
        
        How, exactly, are you supposed to tell if someone is going to skim credit cards or not?
      - Done and Done
        
        I don’t know precisely, but it’s not exactly rocket science. I’ve hired close to 400 people in the area over the past 20 years in multiple areas from service to defense, and none of them have been arrested for anything like this. Maybe it’s because the companies I have chosen to work for have ethics and spend the money to do credit checks and background checks on everybody before they make an offer.
        
        So if the restaurants DID those things before hiring staff, then they have done a reasonable job of weeding out potential skimmers. If they didn’t then I stand by my assertion that their lack of judgment places at least some culpability on them. I would venture to say that the adage “if you want something bad, you’ll get something bad” might be apropos here.
      - CourthouseChris
        
        I don’t think it’s really going to be possible to effectively screen for potential skimmers. I mean, it’s the service industry… come on.
      - Jason S.
        
        You’re right, it’s the service industry. That still doesn’t absolve them of their responsibility. I doubt many restaurants would try to excuse the illegal actions of their employees, but they still hired them and made a bad choice in the process.
      - CourthouseChris
        
        Bad choice in retrospect sure, but expecting them to weed out every potential skimmer is an unreasonable standard. A criminal history of credit card theft, sure, but failing that there isn’t much more that can be done.
      - Jobo
        
        You’re cluelessly outraged – those skimming devices could be tiny, and an employee could hide it anywhere and the restaurant would never know. The best you can expect of a business is to do their due diligence and not hire someone that is already known to be a criminal, and fire them if they do something wrong after the fact, but once they are on board you can’t expect a business to be able to monitor every second and every aspect of an employee’s life.
        
        If restaurants wanted to do something they should start using the portable credit card machines that they’ve been using in Europe since the 90’s. The server brings it to your table and you swipe your card yourself so it never leaves your sight. Not to say those can’t be hacked but at least it takes away the easy opportunity for someone to record your card number while you’re not looking.
        
        Then again, it’s only a matter of time before the credit card goes the way of the typewriter, and to steal your info someone will have to dig the chip out of your brain.
  - bobco85
    
    I admit, my reaction is more emotional than rational in this case because I have been the victim of credit card fraud. It would take time before I could go to these places without thinking, “Back at the scene of the crime.”
    
    I will withhold any further judgement until more details are found, like how the restaurants involved will react to the news (do they deny it, blame it on a “bad apple,” show remorse for what happened even if its not their fault, etc.).
    - CourthouseChris
      
      Hey, I don’t blame you. I will not get gas again from a particular gas station (one of those in-median rest stops on 95 between here and philly) because a card I hadn’t used for months suddenly had charges appear after getting gas there. And that transaction was solely pay-at-pump, I have to wonder if there was a skimming device on the pump I didn’t see.
  - jan
    
    restaurants can invest in portable devices brought to the table so there’s no “behind the scenes” action. The credit card industry could help consumers by them cheap for the industry.
    - Frank
      
      It’s not the machines that are the issue – it’s the integration to the Point of Sale software that presents the obstacle. Swiping a card into a wireless credit card processing device will not automatically update the POS system; thus requiring a second step to ensure the system shows paid receipts. That leaves a potential reconciliation nightmare for high volume restaurants.
Lee-n-Glebe

Agreed. If I’ve been to any of these places I want to know so I can take an extra-close look at my statements.
- CW
  
  My concerns is more that the information has been dispersed beyond the local region or sold to third parties. So you’re going to regret that dinner you had two years ago when a charge for a retired Soviet submarine or a brand new Nigerian cell phone shows up on your bill.
Joe the Schmoe

I had several hundred dollars stolen from me (and replaced by the bank) when I had my credit card number stolen. I never determined where it was skimmed, but they bought gas and groceries in Lanham (specifically mentioned in the affidavit). I wonder if it was the same ring…
- Arlingtonian
  
  I’ve had my # stolen too, unfortunately more than once and through no fault of mine. I use cash whenever possible now. The headache is not worth it. If they had ever caught one of the thieves I would gladly prosecute.
  - Jason S.
    
    My card was used a a liquor store and a TGIFriday’s in Hampton. The credit card company (Chase) was quite good about putting the money back, they sent a form, I had to mark the ones I thought were fraud and then send it back.
Sam

I really wish that more places used the hand-held credit card readers that are used so widely used throughout Europe, South America and Africa.
- Ben
  
  What makes those great is the PIN you have to enter. Even if they skimmed your card it’d be worthless without knowing your pin number.
  - Swag
    
    They’re starting to do something similar here in the States at gas stations where you also have to enter your ZIP code. Not much use when someone hacks an unencrypted company customer info database (yes, some people are that stupid), but for a skimmed/stolen credit card, it’s a somewhat effective method. (Obvious downsides: Buy something other than gas, try local ZIP codes until one works, etc).
    
    Protip: Cash does still exists, you know.
    - CW
      
      Good tip, since cash is a LOT harder to steal than a 16-digit credit card number and all of the accompanying information, and when it gets stolen the bank will put it back in your account…wait…
cheeseater

We accidentally left our card overnight at Rustico in Alexandria last year. We returned to the bar and got it back the next day. Two days later, charges from another state showed up on our card.
- Swag
  
  correlation…causation…etc
  - Lou
    
    Sure, probably not related at all. Sure.
- Paulie
  
  Sure…and that’s absolutely the fault of a Rustico employee right? I mean it’s totally implausible another customer could have noticed you left it there and recorded the numbers, and maybe have even been smart enough to leave it there for the server to find so you wouldn’t think anything was wrong for days. Nah, couldn’t happen.
  - Lou
    
    You may want to note that the original post never implicated anyone as the number thief. They just stated three facts, and let you fill in the blanks in your head.
Roquer

GREAT JOB ACPD DETECTIVES!!!!!! Some bad guys aren’t going to have a very nice Christmas!!! Yay!
E

WHAT places of businesses, which stores, got victimized?
CW2

ARLNOW: is there any indication that a list of restaurants/stores that were compromised will be published? That way, we can keep a close eye on credit card statements, if we frequented those locations.

The affidavit said that these guys hired and trained restaurant servers to skim cards, on their behalf. I hope there is also a plan to publish which exact restaurants/stores were part of this scam, so we can better protect our identities and credit rating.

Thanks.
- ARLnow.com
  
  We were not able to obtain a list of the restaurants affected, nor were we told whether any of those restaurants were in Arlington.
OX4

Ehm…shouldn’t you be keeping a close eye on your credit card statements anyway? Why do you need a list of restaurants?
- CW
  
  The concept of “risk factors”. Like checking for ticks after you’ve been in the woods, etc. What, you don’t check for ticks every day??!
  
  Like I said above, this information could have been disseminated and the damage not yet done. The hyper-vigilant would, in that case, perhaps wish to order a replacement card or two to prevent against future use of stolen information.
  - OX4
    
    The risk of someone stealing your number is always present, so by that logic you would be ordering a new card after every use.
    
    I’m just saying that it’s not that big of a deal. Check your monthly statement for any charges that you didn’t make, and if there are any, report them to your bank.
    - CW
      
      Oh I guess you’re right. So like since the risk of getting in an accident is always present, I guess I should just say screw it and start disregarding all traffic signals since actions that heighten my risk are rendered inconsequential due to the presence of a baseline level of risk. Wheeeeee!!
      
      End sarcasm though, I get your point, fair enough. I, and a lot of other people, would just be curious to know because it puts a “face” on the story.
Cards

http://www.lifelock.com
- CourthouseChris
  
  You know how the CEO of lifelock advertised his own SSN to demonstrate his confidence in his own product?
  
  “In May 2010 the Phoenix New Times reported that LifeLock CEO Todd Davis has been a victim of identity theft at least 13 times since 2007”
  
  “In March 2010 LifeLock was fined $12 million by the Federal Trade Commission (FTC), “to settle charges that the company used false claims to promote its identity theft protection services, which it widely advertised by displaying the CEO’s Social Security number on the side of a truck.”
  
  http://en.wikipedia.org/wiki/LifeLock
MC

People laugh if I pay cash, but I’ve had cards compromised multiple times and banks don’t even care, they consider simply a cost of doing business, and any inconvenience to you is simply tough luck. The USA has the most lax credit card security in the world, with banks refusing to spend modest money to implement chip-in-PIN. This is a classic case of why free markets really don’t work in practice and why government regulation is necessarily.

Subscribe to our mailing list