BusinessReport.com

You’ve just had a luxurious meal, polished off an exotic dessert and finished your coffee. The waiter vanishes with your credit card—you’re not quite sure where—to be “swiped” into a payment terminal. For good measure, he swipes it again—this time against a pager-sized device called a “skimmer” that he may have concealed in his pocket. The skimmer records the data stored in your card’s magnetic strip. He sells that data to a shadowy buyer 1,000 miles away who “clones” your card and sells it to someone who goes on a shopping spree pretending to be you. Your good name and credit history are along for the ride, but you’re not.

Skimming and cloning are just two ingenious methods thieves have come up with to steal identities in this digital age. It can wreak havoc on your credit, obviously, but it can also expose merchants to costly liability as well.

U.S. Attorney David Dugas says a few cases have surfaced in Baton Rouge in recent years. One involved an organized ring—primarily hotel clerks—using belt skimmers to steal customers’ credit card information. Several years ago, the FBI set up a sting in Baton Rouge to catch overseas criminals who were stealing credit card information in the city and around the country.

In another case, someone installed a bogus card reader on an ATM machine and a tiny camera to record PIN numbers. Dugas says that operation was “pretty sophisticated,” though the perpetrators put Baton Rouge in their rear-view mirror when things got too hot.

“I wouldn’t be surprised if they’re operating somewhere else,” he says.

Most recently, Roman’s Café became the focus of an investigation after hundreds of customers had their credit card data stolen. Dugas says the Roman’s case, which became public in October, is still under investigation by the Secret Service, whose jurisdiction includes fraud related to money.

He says they have “a pretty good idea” who the perpetrators were and who was buying the information, though he wouldn’t be specific since the investigation is still open. Dugas notes that his office routinely buys stolen credit card information undercover to help build cases against the bad guys.

“It’s an ongoing struggle, and it’s been going on probably since money was invented,” Dugas says.

While skimming isn’t an epidemic in Baton Rouge, thieves have figured out plenty of new ways to get their hands on your information thanks to the ascendancy of electronic transactions. Good old computer hacking is one way people can steal your credit card information or Social Security number. Then there’s “phishing”—basically e-mail carpet-bombing that targets gullible people who can be tricked into revealing sensitive data.

Banks and federal agencies, meanwhile, are constantly working to identify different types of electronic fraud, slam the window on thieves and warn consumers of monkey business afoot, Dugas says.

“One principal we see with financial fraud: They’re looking for the easiest mark or most vulnerable person or situation,” he adds.

So anything you can do to make yourself a harder target decreases your chances of becoming prey. Keep an eye on your credit card as much as possible. Inspect your monthly credit card bills and report any evidence of fraud to your credit card company or the issuing bank. Keep an eye on your credit history. Tanya Madison, spokeswoman for Chase card services, has three words of advice.

“Don’t be gullible,” she says.

And don’t be careless. When you’re waiting in line at the store, for instance, don’t lay your credit card on the checkout counter for all the world to see. Keep it in your purse or wallet until it’s time to pay. Madison says Chase moves aggressively when it finds evidence a customer’s card has been compromised, contacting the customer and shutting down the account number immediately. Chase’s Visa and MasterCard customers are protected by a “zero liability” policy, though credit hassles are another matter.

“Using our sophisticated internal analysis, we’re usually able to narrow down and identify the point of compromise and where the counterfeit activity is taking place,” she says. “At that point, we contact law enforcement and we partner with them to pursue the proper course of action.”

Sean Connor, special agent with the U.S. Secret Service and the lead investigator in the Roman’s case, says Chase is among roughly 15 banks that have “taken a hit” in the case. The stealing took place from February 2006 to last October, and involved several hundred cardholders with multiple institutions. Connor says the fraud loss is more than $200,000, but could go much higher. Most of the compromised cards have been used up and down the East Coast, he says.

Connor wouldn’t say how customers’ card data was being stolen at Roman’s, though he did say it’s the responsibility of all business owners with point-of-sale machines to make sure they have sufficient firewalls and anti-virus protection in place to protect customers’ information. Many merchants don’t read the contract they have with the company that installed their point-of-sale computers to see who’s responsible for maintaining the network’s integrity. Meanwhile, network intrusion—hacking—is happening more and more.

“If you’re hooked up to the Internet, you’re potentially exposing every credit card number that comes through your computer,” Connor says.

Also, when a customer presents a credit card for payment, the business owner or employee should always make a copy of the card—paper or electronic—and always, always ask for ID.

“You don’t always see that happen,” Connor says. “Most of the time you don’t.”

Businesses that don’t ID are exposing themselves to liability, he says, since it’s they, not the bank or credit card company, that will be forced to eat the loss if they didn’t do everything they were supposed to, he says.

“Can it have a major impact on your business if you don’t do those things?” Connor says. “Yeah. The first thing Visa is going to do is ask if they had proof. If they don’t, they’re going to be liable. That company is taking a risk.”