Just recently Florida law enforcement is reporting that they have discovered that a number of the credit card accounts that were the subject of the recent T.J. Maxx hacking incident, where many thousands of credit card numbers were likely revealed, were eventually used to buy gift cards from Wal-Mart stores -- $18,000 and $24,000 worth in two different Florida stores. In turn the bad guys then used those cards at Sams Club locations to buy electronics. (Recall, of course, that Sams Clubs are part of the Wal-Mart empire, and therefore this seems to have been a scheme entirely within a retailer's own private card system, rather than one involving the credit-card branded cards processed through Visa, Mastercard and the like. Maybe the bad guys thought that the private card issuers would be less diligent than the card association issuers? Who knows...)
- UPDATE: I've been reminded that the industry terms for those two kinds of cards are 'open loop' (the kind that is branded with VISA or MASTERCARD and is usable pretty much anyplace that can accept credit cards) versus 'closed loop' (the kind that is branded by one particular retailer, for example, and is usable only in that retailer's own stores).
Apparently somebody at Wal-Mart eventually took note of the large card purchases, and ultimately they were able to connect the cards to the T.J. Maxx hacking incident.
This isn't the cross-the-border sort of money laundering that we were discussing in Washington. Nonetheless, these guys certainly viewed the gift cards as another way to 'wash' their stolen credit cards, since the only time the stolen cards would have been used was when the gift cards were purchased rather than at the time the electronics were being purchased.
The good news is that the systems that might catch this seem to have worked (of course, we can say that only for the attempts we know about). The bad news is that maybe the 'hype' isn't quite as 'hypey' as we might have thought.