Scammers hitting dive shops for fraudulent Shearwater/Garmin computer purchases

Please register or login

Welcome to ScubaBoard, the world's largest scuba diving community. Registration is not required to read the forums, but we encourage you to join. Joining has its benefits and enables you to participate in the discussions.

Benefits of registering include

  • Ability to post and comment on topics and discussions.
  • A Free photo gallery to share your dive photos with the world.
  • You can make this box go away

Joining is quick and easy. Log in or Register now!

Marie13

Great Lakes Mermaid
ScubaBoard Supporter
Messages
14,086
Reaction score
15,098
Location
Great Lakes
# of dives
200 - 499
Dive shops in Wisconsin and Illinois were targeted this week by a crime ring. The scammers use stolen credit cards to buy Shearwater (Teric or Perdix) or Garmin dive computers. The dive shops were warned, so no crimes occurred. A dive ship in the DC area was hit in December. A NC shop owner said she knows of 30 LDS that have been hit.

FB post by Blue Planet, a DC area dive shop.
https://www.facebook.com/BluePlanetDC/posts/4820183428002275

There is an organized crime group hitting local dive shops and purchasing dive computers using stolen credit cards. They took us for over $4000 in Garmin dive computers and have hit at least 2 other dive shops in the area, one which lost over $10,000!
Once the card holders discover the theft, they report it and the money is withdrawn from our accounts, so we lose both the sale and the products. The credit card companies don’t lose the money, the small businesses do. This type of theft also isn’t covered by our insurance since it’s credit card fraud.
Please DO NOT purchase any dive computers from anyone other than an authorized dealer! If it seems like too good of a deal, it’s probably a stolen item. Plus, if you purchase an item from a non-authorized dealer, there is no warranty on the product.

Screen shots follow.
A538341C-A441-418A-86FD-37913459283C_1_201_a.jpeg
24EC174D-47D6-441A-88C8-61899BBEF4C4_1_201_a.jpeg
A0563F0D-EEC5-4510-BE63-A020EDCF7059_1_201_a.jpeg
2A55BAF5-E450-4736-BF2E-4DFBF0047529_1_201_a.jpeg
 
Some shops were targets by walk-in visits. Some by online orders. A Madison, WI shop got hit for three Teric last year by phone orders out of TN. They had former students that lived in TN and thought these calls were referrals.

From another FB post:
As divers, let's also vow not to support the market for stolen goods. If you see a new dive computer on e-bay or Facebook, and the price is too good to be true, it's likely to have been stolen. Please don't support them by buying stolen property. If you buy used computers, be sure to verify that the seller is the legitimate owner.
 
Maybe shops should actually start checking that shoppers have IDs that match the name on the credit card. At least for large dollar purchases of easily resold items.

It's the norm in much of the world and is actually a requirement of the credit card processing contract. Failure to follow the contract rules is typically how the processor gets away with sticking the merchant for the loss.
 
The owner of one of the WI dive shops said the guy came in with a DL that matched the credit card. Guy got agitated when the shop asked to get a copy of the DL and left. Parked away from the shop so they couldn’t get a look at his car n
 
The owner of one of the WI dive shops said the guy came in with a DL that matched the credit card. Guy got agitated when the shop asked to get a copy of the DL and left. Parked away from the shop so they couldn’t get a look at his car n
Did it match him?

I'm kind of sensitive to this because someone stole my wife's pocketbook 2 years ago. They immediately bought a bunch of $1000 gift certificates at different department stores and none of them bothered to check anything. AMEX flagged it and notified me after a few transactions and I was able to get everything stopped.

But a few weeks later, the thief walked into a branch of our back and withdrew $5000 in cash. She didn't have the account number, nor look anything like my wife, she just handed over the driver's license and the teller looked it up and handed over the money. The bank stalled for a long time in returning the money, claiming that they couldn't be sure my wife hadn't actually taken it. Thankfully, a CPD detective demanded that a manager watch the security tape with him and the person so obviously did not match the photo and description on the DL that they gave up and refunded us.
 
Why aren’t the merchants using 3D Secure? This reverses liability and puts the onus on the card providers to challenge the transaction, possibly using two factor authentication.

In Europe 3DS — known as Strong Customer Authentication— is mandatory for all online card transactions.
 
Because in the US, the parties with the lobbying dollars like the system the way it is. The interests of the credit card companies are obvious, but the large merchants also prefer the current system. They feel that the increase in sales with a frictionless system, especially recurring autocharges and spouse and children usage of cards, more than makes up for the occasional fraud losses.
 
Because in the US, the parties with the lobbying dollars like the system the way it is. The interests of the credit card companies are obvious, but the large merchants also prefer the current system. They feel that the increase in sales with a frictionless system, especially recurring autocharges and spouse and children usage of cards, more than makes up for the occasional fraud losses.
Aww, bless.

Reducing ‘friction' is the point of 3D Secure Version 2. It becomes the bank's choice to challenge or put the transaction through the "frictionless" path. In either case the liability is reversed.

When the transaction is configured additional information is sent to the card processor such as the IP, the user agent (browser), devices capabilities, etc. along with the merchant's info and goods detail. The bank can then decide to challenge the transaction.

Example; German card used for standard spending in Germany suddenly does a high value transaction in the USA. This would result in a 3D challenge, probably sending a one-time code to the card holder’s phone.

Unless the thieves have the cardholder hostage, the transaction would be rejected.

Common sense? But hey ho, everybody lost in this case because they couldn’t be bothered to implement 3D Secure. Which is why the thieves target US companies.
 
I'm not sure you realize what frictionless means in US credit card transactions. There's no PIN requirement, no 3FA, nothing. In person, it's just a card swipe or tap. For card not present (all online), it's stuff on the card - card number, expiration date, 3 or 4 digit CVC - plus the house number and postal code of the billing address. And the merchant can store all the above and run it whenever they want.

The result is a lot of fraud and a hefty incentive for theft of credit card info at every level. This sucks for the consumer and small merchants, but it's a net benefit for the large merchants and a complete win for cc issuers, servicers and processors. Since, for some reason legislation in the US tends to favor those who makes the largest campaign donations, efforts to force a more secure system have basically gone nowhere.
 
https://www.shearwater.com/products/swift/

Back
Top Bottom