Blog: David Loshin Subscribe to this blog's RSS feed!

David Loshin

Welcome to my BeyeNETWORK Blog. This is going to be the place for us to exchange thoughts, ideas and opinions on all aspects of the information quality and data integration world. I intend this to be a forum for discussing changes in the industry, as well as how external forces influence the way we treat our information asset. The value of the blog will be greatly enhanced by your participation! I intend to introduce controversial topics here, and I fully expect that reader input will "spice it up." Here we will share ideas, vendor and client updates, problems, questions and, most importantly, your reactions. So keep coming back each week to see what is new on our Blog!

About the author >

David is the President of Knowledge Integrity, Inc., a consulting and development company focusing on customized information management solutions including information quality solutions consulting, information quality training and business rules solutions. Loshin is the author of The Practitioner's Guide to Data Quality Improvement, Master Data Management, Enterprise Knowledge Management: The Data Quality Approach and Business Intelligence: The Savvy Manager's Guide. He is a frequent speaker on maximizing the value of information. David can be reached at or at (301) 754-6350.

Editor's Note: More articles and resources are available in David's BeyeNETWORK Expert Channel. Be sure to visit today!

Believe it or not, even a savvy person like me is subject to fraud once in a while. Perusing our most recent credit card bill, I came across three charges that were clearly not ours - small charges made at gas stations in another state. When we called the credit card company, they determined that our card had been duplicated, since the charges had been swiped through a card reader. Apparently, at some point recently our credit card data must have been double-swiped through a magnetic card reader and then transferred to a duplicated card.

The duped card was then used for small-ticket purchases at innocuous locations intended to evade the bank's fraud detection algorithms. The pattern is the fraudsters pilot a couple of small charges, and if the account holder doesn't shut off the card, much larger charges are made.

Once the bank was made aware of the situation, they immediately cancelled the card and erased out charges. When asked about whether they would investigate the fraud, the customer service representative (CSR) said that they don't bother with these kinds of small amounts, but just write it off.

Ever wonder how much money is lost due to small-scale fraud? The CSR told us that $20,000,000.00 is written off each quarter! I think, though, that it would be possible to use BI techniques to track down this illegal behavior...

The kinds of charges that appeared were interesting: $33.10, $45.00, and $70.00. Of the 3 charges, only one was not a round-dollar amount, and the second and third charges were done at the same location almost at the same time.

Back in April, I wrote an article for B-EYE-Network on the use of Benford's Law for Information Analysis. In this article, I described a digital analysis phenomenon regarding the distribution of numeric digits in large data sets. The truth is, Benford Analysis has been used primarily as an auditing technique to look for fraudulent behavior , and I am confident that (with a little thought) a reasonable use of the technique could help in identifying transaction patterns involving different duplicated credit cards.

Individuals are likely to repeat their bad behavior, and even if they think that they are creating random dollar amount charge sequences, each may reflect a particular signature that identifies the perpetrator, and by analyzing the geographic density of the illicit charge locations, pinpoint a reasonable location to start to track down the offenders.

Anyone out there with experience in fraud detection using Benford's Law? What do you guys think?

Posted August 26, 2005 2:29 PM
Permalink | 30 Comments |


I work for a large company, who sells online merchandise. We had/have huge problems with CC fraud and were suffering from loss for a while due to it.

The problem is that the bank does not care. When a CC holder complains, the a chargeback is performed on the merchant. The merchant pays the full amount back AND a fine of 14 dollars or so. So you have lost the service you provided and have to pay fees to others, you pay back the money you got and you pay a fine. It will reverse your cashflow really fast.

David, Very interesting topic. I've looked into things like this before, and I've found a couple of things to take note of:

1. Pre-Paid Legal, often bundled with Pre-Paid fraud or Identity Theft Detection plans. There is one group on the East Coast called: KROLL that provides corporations, protection for their employees. Their board of directors is a very interesting read.
2. Small businesses can subscribe to Merchant-911 at - a very good source of helping the small business combat fraud and even goes to bat for them with congress and credit card industries.

This is the little protection we have as citizens, short of going to fight (in court) with the credit card tracking companies like TRW, and Experian.

Hope this helps,
Dan L

First I would like to give a little background on myself. I manage the credit card fraud investigators for one of the largest banks and credit card issuer/acquirers in the U.S. I also own and operate a consulting firm for medium size banks and businesses on matters of loss prevention and physical security. My comments are mine and do not reflect the opinion of my employer. I have been in financial fraud investigations for over 30 years. Prior to that I was a Special Agent with the FBI for ten years. In 1994 I initiated the inkless fingerprint check, cashing applications that are seen in many banks across the US as well as check cashing stores. The reason I did this in 1994 was simple. I wanted to prove to Executive Management that U.S. Consumers were ready for anything that would assist in prevention of fraud and identity theft. Identity theft was greatly under-reported in 1994 and I predicted we would soon see it to be the epidemic that it really is. I have been championing three basic points to executive management for twenty years.

1) Use overall customer purchase profiles to secure early detection of fraud when anomalies occur.
2) Use biometrics to get away from easily counterfeited or stolen identification processes (i.e. driver's license number, SSAN number, date of birth, mother's maiden name.)
3) Use your customers for early detection. Train them to examine statements, to not fall prey to phishing attacks...and listen to them when they call to the customer service lines.

Now to your problem. Nothing is certain, but I would most likely suspect your credit card was not “skimmed” and then counterfeited. Most skimming operations want higher return on their expense than small gas purchases ( they have to pay the clerks to skim the cards and it does cost to engineer the cloned card and then distribute it). It is more likely that the card was stolen from the mail. Were you due to receive a replacement card for one that was about to expire? Banks usually mail these out 30 days before the other card expires. Often customer service representatives or fraud setup departments at issuers do not do a good job placing fraud losses in the right category.

We are seeing instances where NRI (stolen from the mail) credit cards are being used for large scale gas purchases. Gasoline, at current prices, is liquid gold. The groups are lining up customers to come to various gas stations and the stolen cards are used to pay for gas purchases. If the gas station acquirer does not have velocity checks in place the bad boys can use the same card to activate numerous pumps, at the same station, and all pumping at the same time. The fraudsters get cash and the cabby or trucker gets filled up for ½ the normal cost. We see very little of such purchase patterns related to counterfeit cards. Counterfeit cards are used more for cash advances, large item electronics and other items that can be fenced or shipped overseas for sale in stores.

The dedication of investigative resources is a business decision of any bank or company. In your case, although the loss may have been small and written off, the bank most likely took the purchase pattern data and other factors and added them to their crime analysis programs. One card does little to impact decisioning. Take more cards with similar patterns and activities and it will lead you the locations where cards are being skimmed and/or the predictable use footprints left by the fraudsters. So please keep faith that, although your particular loss may not receive an investigative response due to low dollar activity, it does add to the pile of data that may lead to a full investigation of linked losses.

For “LV”
The risks associated in E-commerce are great. The ability for any keyed transaction to be charged back are very very high. I have many such companies complain to me “what can I do…we are at the mercy of the card issuing banks” There are a number of things the merchant can do. AVS (Address Verification Service) is an opportunity. Although the merchant pays a small fee for each transaction at least you know the property is going to be sent to the true cardholder’s address of record. This is a great item in order to dispute a customer’s claim that they did not do the transaction. Use the CVV 2 code on the back of the card. Ask for it. Make it a part of your customer contact script. Another safety net for merchants is “Verified By Visa” Every merchant should contact their merchant representative at their acquirer and secure the most current information on security protection plans they can use. Some are virtually cost free.

Belong to merchant networks that provide known fraud ship to addresses. You guys need to be sharing this data, particularly the merchants that ship high dollar items. And, why oh why would anyone ship items to Nigeria and Indonesia without very strong verification steps? Look at the nature of your business and if it involves large amounts of international sales you had better be wondering why the card is issued by a U.S. bank, the customer lives in the US, and wants property sent outside? Some of the really well organized fraud rings are having merchandise sent to U.S. addresses where they have conned the address holder in to re-shipping the item outside the US for a fee. This can be curtailed a great deal with the use of AVS.

As to Bernard J. Loibl:
Without knowing the nature of your commerce and the software you are using to manage your transactions I would not be able to comment. I am certain your contract with your old acquirer clearly states that either party can terminate the contract at any time. The issue may be related to sudden surges in your velocity (usually this is discussed with the merchant before any plugs are pulled) Again, it depends upon the nature of your commerce, velocities, customer complaints, etc.

I have also been the victim of credit card fraud, but of a different variety. I ordered some product from the company, The Chocolate Bear, located in Benicia California ( a couple of years ago. In the past 6 months they have charged my credit card twice... even though I haven't purchased from them again! Trying to call them, their phone number did not work and I received no answer from my emails! I learned that I could reverse the charges on my credit card and change my credit card number, but there was nothing I do to alert anyone else who might be a victim! There are many people, who unlike David, don't even check their credit card bills... or do so only infrequently. You can also report to the Better Business Bureau (look one up in your area. For this one, it was ) and that I could also file a report for internet fraud (go to ). If you are a victim of this or any company, make sure to (1) place a report witht he IFCC (as they can shut down the website, which they will apparently do if they get enough complaints), (2) don't just cancel your credit card but alert them to what has happened, and (3) place a report with the BBB (does little good, but give it a try), it can't hurt.

Keep up the great work on your blog. Best wishes WaltDe

I found this blog by looking for the Chocolate Bear in Benicia, CA, a division of American Confections Corp (as said on their website, as I had problems with illicit charging.

I noticed Robert's comment about credit card fraud, but what's to be done about fraud committed by the company? This company, Chocolate Bear, continues to accept credit cards, when it is obvious that I'm not the only one who's had problems with them. I reported a complaint at the Better Business Bureau per Geri's suggestion, and discovered numerous complaints against them... and yet they accept credit cards, so they haven't been shut down. They charged my credit card, and wouldn't reverse the charges when I reached them, when I owed them nothing!

How does this happen? How can this company Chocolate Bear continue to take credit cards when they've obviously had numerous chargebacks and complaints from people who have purchased from them ligitimately, but later been slammed with mysterious charges... months later?

In my case, I didn't even receive the product I'd ordered, they promised me it and promised and promised...

Yet I had difficulty in going back to my credit card company, who said they'd reverse it, but it was a long drawn-out process of 6 months (needless to say, I don't bank with that bank anymore).

Thanks, Geri for your posting! Beware people, who you give your credit card to! At least it's worthwhile to check the Better Business Bureau --it seems like not everyone is on there, but it's a good litmus test against illicit operations.

But when you come across a situation like this, what can be done to get the company shut down? Robert, anyone, any suggestions?

Dave, very interesting article on credit card theft. I myself have experienced a few instances of credit card theft. I just happen to read something on about identifying theft relating to credit cards. I would like to share the same with you as well.
Please visit ( and do let me know if it was useful to you.



It seems that this is a great forum for learning about the activity of, who I was doing a web search because they owe me LOTS of money and haven't paid. It turns out the owner, Julian Marx and Mary Eastily, have a dark background, and Marx has been in prison for fraud. Yet they are able to take credit cards through their website and process them... isn't this illegal?

So here's the big question: don't credit card companies look into the background of the company owners and block criminals from access?

Sorry, I meant (The Chocolate Bear is the name of the company!)

Hey, I can give several advices how to avoid credit card fraud.
You often need to have your account closed and a new one opened, which can leave you without a card for a week or more. That’s inconvenient, and it can mess up any automatic payments charged to that card.
That’s if all goes well. Sometimes card issuers balk at removing charges or closing a bogus account.
So, better safe than sorry. Fortunately there’s plenty you can do to reduce the odds of becoming a victim.
Guard your card online
Beware of “phishing” e-mails. These are made to look as if they’re coming from your bank or credit card issuer and usually urge you to take “immediate action” so that your card isn’t deactivated. The link in the e-mail takes you to a criminal’s Web site, where you’re encouraged to input your credit card account number and other personal financial details. If you get an e-mail purporting to be from your card issuer, use the toll-free number on your card to call and ask what’s up.
Be cautious shopping with unknown Web sites. A quick trip to an evaluation site like or the Better Business Bureau online could save you money. Also make sure you have multiple ways to contact the merchant, including a phone number, fax number, street address (not just a post office box) and e-mail address.
Make sure the transaction is secure. Don’t enter your card number unless the little padlock is showing on the lower part of your browser, and the Web site address starts with “https” rather than just “http.”
Don’t let Web sites “store” your cards. The encryption technology used for transactions -- the information zipping back and forth between your computer and the merchant’s -- may well be better than the security used to protect information stored in the merchant’s databases. Besides, a big database of credit card numbers is a juicy target for hackers.
Guard your card offline
This is really basic, but: Don’t forget your card. You might be rushed, or distracted by your kids, or involved in an interesting little chat with the clerk. Whatever. Keep an eye on your card and make sure it goes back in your wallet. I typically leave my wallet on the counter or restaurant table, with my hand on top of it, until the card goes back in. This can be a little awkward sometimes, but it helps remind me not to leave the store without my plastic. The one time I forgot is the time, of course, someone swiped my card.
Shield your card. Think how many people these days carry around camera phones -- and think how easy it would be to snap a picture of your card if it were left in plain view.
Don’t give your number out to solicitors. This includes telemarketers who contact you by phone to offer you a “great deal” on magazine subscriptions, vacations or any other purchase. If you ever get anything, you’re likely to pay a lot more for it than agreed, and some of these scamsters fight tooth and nail against your attempts to have the charges removed.
Consider carrying fewer cards. Reduce your exposure by limiting the number of cards a thief could potentially steal.
Copy what you carry. Every once in a while, empty your wallet onto a copier and zap an image of the front and back of your cards. Keep this info in a secure place (not in your purse or wallet) so you know which issuers to call to report stolen cards.
Watch your statements
Know when your statements should arrive. Missing statements could indicate that someone has stolen your mail or redirected it to a new address. Check your most recent statements for the account closing dates; most close around the same time each month, and should land in your mailbox a week or so later.
Review the charges. The more fastidious among you can compare your statement with receipts you’ve collected during the month. The rest of us should, at the very least, scan each charge to make sure we recognize the merchant and the amount and have some recollection of making the purchase.
Report suspicious or unauthorized charges. Call the issuer promptly and follow up in writing. Yes, sometimes you’ll make a donkey of yourself, as I did in the sleep-deprived days after our daughter was born. I insisted to the customer service rep that I couldn’t possibly have made a certain charge -- only to realize after her gentle questioning that, yep, I actually had. The rep was very gracious. I suspect such things happen all the time.
Police your paperwork
Beware of “mistakes.” If a merchant makes an error processing your card, tear up the incorrect receipt or at least write “void” all over it. When presented with a receipt that has blank lines before the total, draw a line through them so that additional charges can’t be added.
Collect, collect, collect. Gather up your “flimsies” -- credit card receipts -- rather than leaving them where any thief could copy down your account number and expiration date. (In a few years, merchants will be required by federal law to truncate numbers on receipts, but it’s not the law yet in most places.)
Shred, shred, shred. Cross-cut shredders are the best, but even a $20 version will do the job. Feed it all your old credit card receipts, applications and anything else that includes sensitive financial information, such as your Social Security number.
Secure your mail
Opt out of credit card solicitations. Reduce the volume of pre-approved credit card offers (which can be swiped and used by thieves) by calling 1-888-5OPT OUT, which will take your name off marketing lists sold by the credit bureaus. You’ll need to input your Social Security number as an identifier. Signing up for this service didn’t eliminate but did significantly reduce the number of offers coming into our home.Ask your issuers not to send “convenience checks.” Good luck with this one. Some issuers will abide by your wishes (although it may take a while -- often these things are printed up months in advance). Others will ignore you. Be persistent.Get a locking mailbox. And don’t leave your outgoing mail where it can be swiped by anyone passing by; drop it off at the post office.


The Chocolate Bear can no longer accept credit cards. They rely on paypal only. Julian Marx has been imprisoned twice for fraud, theft & related charges. They continued to defraud individuals, even while in bankruptcy proceedings, both business and personal. Needless to say, I was also a victim of their crimes, to the tune of many thousands of dollars.
But their website is still up. Isn't that amazing!!

I was just a victim of CC this week. I found about $2500 in fradulent charges at gas station in TWO states. I'm not sure how my card was duplicated. (I never had my card swiped at a gas station. I thought an employee at a Mexican restaurant stole the number when I gave him the number over the phone to purchase food that was catered for a company party - but I'm still not sure how it happened.) Another odd thing is that there were individual charges at gas stations (seemingly at the same time) for over $300 and $400 - basically almost $1,000 was charged on my account per day over this 8-day period. I thought gas stations limited their charges to $75.00 for credit charges...what could possibly be charged at a gas station for $300???

An outfit that appears on my Visa bill named MP3MUSICHQ-COM whoose service phone number is 866-978-4842, has billed me for a number of months for services I never used. I finally called the number which got me a fellow deep in the heart of India. After some language play I had it stopped. I will now wait to see if the charge appears again.
I feel that I have been cheated and that these on line services can reap enormous profits because they have most likely done this to thousands of other suckers like me. I will next contact Visa and ask to be credited for their charges. I do recall filling out the form on that web site but I never used the service. A word of advice, don't give any site your information unless you have checked out that service thoroughly. If you get a charge for something you never used, report it.

Whats nice though is that there is an ever increasing amount of security force out there to help combat the issue. At this point they are even offering online degrees for fraud management and other cool things like that. I myself got a degree at Utica College's online program and am actually part of that security force right now.


Thanks for your post. I am an non-resident Indian isiting India. I lost my wallet, along with my US based credit cards, and reported theft immediately. My CC company sent me a new card through regular mail, which I did not receive. I called them and they sent me a replacement, voila, of the same cc number that was previously lost in the mail! When I received my statement, I found out several unauthorized charges to my account and reported immediately. I know that I will be not held liable for these charges, but I am extremely upset at the fraud and am wondering what I can do to track down the defrauder. In particular, I very much worry over (a) whether it is a stranger or someone known to us who could have done this. Our house in India is pretty much at the mercy of a neighbor who holds keys, checks mail etc. (b) that this kind of fraud could be repated with my other credit cards, (c) this will affect my credit rating in US.

Any insights/comments will be much appreciated.

$20,000,000.00+ / Quarter..that's an awful lot of money to just write off, don't you think?

Although what can you really do about it?

I think it's the credit card company, not the merchant who is to be responsible at least partially for CC fraud. Otherwise there will not be enough good security measures and small scale fraud will always exist. Who gains at it?

I have worked on both the issuing side credit card companies as well as the merchant side. The merchants should be held more responsible on verifing fraudelent activity. If they are able to verify the accountholder, via address, security features, signature, according MasterCard, Visa regulations, then there will much less fraud-counterfeit fraud excluding and the merchant is not held liable. Issuing banks are not the ones who accept the cards, are not the ones who sell the merchandise/service. Instead most banks can hardly keep up with the amount of losses from the latest new scams that are always afflicting the industry. When a merchant or processing company gets hacked into and it is a lot more common than you think, the banks are the one that pay for re-issuing cards, any counterfeit activity, or any other repercussions because some company did not have ample security.
As for Michelle who lost $2500 at gas stations. While she received her money back due to the competitive *Not Responsible for Fraudulent Activity* all banks have today, the bank probably lost no less than $1500 or the entire amount. That is 1 card. Imagine a large bank with 1 million cardholders. And you wonder why fees for merchant services and bank fees are so high?

I have know Mary Eastily about 25 years. She is honest, true blue and marriedJulian Marx because she fell in love withhim.
He stole her money, her inhertiance as well and left her with this mess.. In fact he also tookfrom hisown Mother. Please clear Mary's name as she had no inkling as to what he was doing.

Dolly, I would love to believe that but we all know that this is impossible. She sat in courtrooms, next to him, several years ago after they defrauded businesses. She was quite vocal in her defense of their actions. Maybe she didn't know on day 1 but she caught on quite quickly and "enjoyed" the fruits of their illegal activities as well. May she rot in jail as well.

They got me too! Last December I placed a small order for $50 and was charged 2x (December and February) Sent several emails, calls, etc. but to no avail. Thanks for the info above to pursue for reverse charges, etc.

Dee again, sorry, I forgot to mention my erroneous charges were from The Chocolate Bear, Benicia. Glad they got Julian and hope we all can get some resolve from this. Good luck to all! says:
Once a security feature was given away online you can not consider this feature as secure anymore.

I found this article looking for "Cardservices International scam" and I'm in a similar boat to LV with a horrible experience with Cardservices International. All merchants should beware to never, ever use this company to process credit cards. Not only is their service horrible, they are thieves and every merchant I've known who has dealt with them will tell you the same. Heck, even the lady I spoke to in their collections department said the same thing. Luckily I have Bank of America as my bank and they reversed over $1400 in false charges CSI stole from my bank account.

This just goes to show there is more to credit card fraud then just having your card swiped and duped. On that subject, I've gotten in the habit of never letting my card leave my hand. I live in the Orlando, FL area and we have so much card duping here (because the tourists are easy targets).

I'm curious about one thing, don't merchants have insurance against credit card fraud?

Do not deal with "card services international". They are a fraud company. They shut down our company by freezing $200,000 of our credit card money that was supposed to go into our bank account. We were unable to buy merchandise to accomodate our orders... and they still take out the fees from our bank account..... They are a scam... big time. And when we started refunding our clients they shut us down completely. What they do is freeze your assests and use that money. They cut of your account so you do not have any knowledge of your accounting and they play with the number... and you never see that money. Card Service International is a scam.

We are in the same boat. Cardservice International is the biggest rip off. They freeze your money and close your account so you have no access to even review the transactions. You'll be calling the account manager all day long and they dont return your phone calls and you never see your money again. Somebody needs to shut them down. They are FRAUD.

I have been a victim. My card number was used to make a couple of online charges by fraudsters. Fortunately, the card company raised a fraud alert and called me, closed the card, gave me new ones with different numbers. The card company asked me to call the merchants and ask them for any fraudster address etc they may have had, including destination addresses for merchandise ordered. However, when I called the merchants, they said they had the information but would not release it to me without a subpoena. The card company did not want to pursue this any further, and said that it would look into it only if the issue got bigger - I presume it would mean large scale fraud. I was asked to file a police report if I wanted to - But the card company and police both were certain they would not pursue this further, EVEN THOUGH THEY HAD AN OPPORTUNITY TO CATCH THE THIEVES IN ACTION AT THEIR HOME ADDRESSES!!

Any idea what else a citizen can do?

I was phoned by Mastercard who told me an hour ago my card was used in Quebec I live In Vernon B.C. the amt was 5256$ they cancelled my card and sent a new one.. Seems if a merchant is going to charge that amt a bit of checking would be in order.. I will not be liable but wonder how this has happened my card was still in my purse... It seems it is a towing company on St louis st ayotte was also quoted but the MC is doing a fraud investigation so no more info is available to me.. I am disabled so at my regular gas station I give them the card is this not safe?? Thanks Dee

Leave a comment


Search this blog
Categories ›
Archives ›
Recent Entries ›