Police in Scotland have uncovered petrol station credit card frauds with a potential value of £1m, linked to international terrorism.
Banks, oil companies and police forces throughout the country are on alert after 5000 cards were copied and their details stolen at two Edinburgh filling stations. A further attempt on a filling station in Kilmarnock was discovered before card details were stolen.
Detectives say the attacks were carried out by hired operatives of an international network. They are the first organised stings of their kind in Scotland, and one of the first to be attributed by police in the UK to a new wave of terrorist fundraising.
The gang members approach petrol station employees, who often work alone on shift, and offer a large bribe to allow access to the station's card-reading terminal.
A similar method of fundraising was said to be used last year by a network working for the notorious Tamil Tigers in the UK, who targeted more than 200 independent petrol stations, paying large sums of money to workers who agreed to fit the cloning equipment and share information.
"The going rate is about £15,000 to an individual to allow someone to fit this kit," said Detective Constable Mike Harris of Lothian and Borders specialist fraud unit.
A miniaturised interceptor inserted inside the terminal copies the information on the card's magnetic strip and picks up the pin.
"You would not notice anything and none of the staff would notice anything," Mr Harris said. "Someone is coming along, downloading this information and taking it away, storing it as a computer programme and sending it on as an e-mail attachment. Each card's details are then downloaded on to white plastic - there are websites which sell everything you need to make credit cards."
He added: "This is organised crime. Cards copied here have been used in the US, Canada, Australia, New Zealand, Malaysia, Pakistan, Trinidad and Tobago and so on."
Cash is withdrawn in local currency, small amounts at a time to minimise suspicion, but as much as possible before the card is stopped or cancelled.
It is paid into local bank accounts, then transferred into accounts in other countries belonging to the network organisers. With a target of £250 to £500 on every cloned card, the potential value of the cards copied in the Edinburgh scams so far is up to £1m, with at least £250,000 already believed to have been withdrawn.
Financial fraud provides crucial support for terrorist activity and other organised crime. Last year, a gang of Algerian asylum seekers in London was jailed after netting at least £800,000 on a cheque scam which diverted funds overseas following purchases from House of Fraser, John Lewis and Gap.
Osama bin Laden devotee Imam Samudra, mastermind of the Bali bombing, has written about the basics of online credit card fraud and money laundering and his instruction was seen as a course of study for aspiring hackers and carders.
In another case, investigators in the US and UK found that Younes Tsouli and associates Waseem Mughal and Tariq al Daour, had used computer viruses and stolen credit card accounts to set up a network of communication forums and websites that hosted tutorials on everything from computer hacking to bomb-making.
One expert described their activities as "operating an online dating service for al Qaeda". The three men pled guilty to charges of inciting terrorism.
Mr Harris warned that the estimated 5000 cards copied in the two Edinburgh locations could be the subject of rogue withdrawals for some time - even if the cards are cancelled.
"There are certain countries where banking systems are not as robust as in the UK," he said. "Funds can be taken out of cancelled cards. If six stolen UK cards are used in, say, Thailand, it is not going to necessarily alert a bank if there has not been a common purchase point where the cards' details have been compromised."
Even when suspects are arrested abroad, it is impossible to bring them to the UK and secure a prosecution for what always looks like a small-scale fraud.
"The individuals who are caught are foot-soldiers," Mr Harris said. "There has to be an infrastructure in position."
The Herald's investigations suggest that banks' early warning systems in place to protect customers do not work consistently - especially in Scotland.
One industry source said: "Some banks decide not to inform the customers until any attempts are made to actually use the compromised details."
While in England and Wales it is the banks' responsibility to notify the police of suspect locations, in Scotland the onus is on the customer to report a suspected fraud to the police.
The Association of Payment Clearing Services, the industry payments body, said: "If fraud is committed on your bank account, you will be refunded."
Shell UK, which runs one of the affected Edinburgh locations, said: "It is an industry issue. We run regular random checks on all our 1000 stations."
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereComments are closed on this article