Feds school banks, businesses on ID theft tactics as Pennsylvania couple held in check scheme

Banks and businesses hoping to thwart identity thieves received lessons from a federal prosecutor and law-enforcement experts at a seminar in suburban Pittsburgh on Wednesday.

Meanwhile, authorities provided a real-life reminder of identity theft by announcing charges against a former western Pennsylvania couple in a bogus check scam.

Robert, 33, and Jennifer MacVittie, 31, formerly of Cranberry, were charged with stealing identity information from Wal-Mart customers and using it to cash forged checks.

U.S. Attorney David Hickton said the couple took cellphone videos over the shoulders of people who cashed checks at Wal-Mart — a technique known as "shoulder surfing" — so they could steal the customers' Social Security numbers.

The couple allegedly cashed $300,000 worth of counterfeit checks in Pennsylvania and several other states between October 2013 and May, as well as $700,000 in failed attempts, Hickton said. In all, 900 people's identity information was stolen or compromised.

Hickton said at Wednesday's daylong Point of Sale Threat Training seminar in Green Tree that the MacVittie case relates "in the sense that they're all part of the spindle or the wheel of cyber problems that we're dealing with. Theft is one piece of it."

In recent months, Hickton's office has indicted five Chinese army officials on charges of stealing trade secrets from major U.S. firms, including United States Steel Corp. and Alcoa, and Scottish cyber-terrorist Adam Stuart Busby, on charges of emailing bomb threats to the University of Pittsburgh.

The seminar dealt most with malware — or malicious software — used to steal customer identity information from financial institutions and retail business, among other entities, Hickton said. Roughly 150 companies or agencies signed up for the sessions, including banks, Internet security firms and retailers, including Target, the Minneapolis-based chain that was attacked by customer data thieves.

The seminar focused on "the point of sale within the transaction and how to detect the malware to prevent the crimes," Hickton said.

Eric Zahren, the special agent-in-charge of the U.S. Secret Service office in Pittsburgh, said online data thievery is a fact of life.

"You'd be hard pressed to find anyone who normally engages in standard commerce who has not had that information intercepted in some type of breach, but not all of those people will be victimized or targets of fraud," Zahren said.

Data thieves typically use a small percentage of the data they steal to produce bogus credit cards or checks or open bank accounts, he said.

As for the MacVitties, "They did it a different way, but it's all the same kind of information" being stolen, Hickton said.

The couple was arrested at a Nevada casino on Saturday. Authorities unsealed the indictment, which was returned by a grand jury in July, late Tuesday.

It was not immediately clear when the MacVitties will be extradited to Pittsburgh to face charges. Online court records don't list attorneys for the couple.