With more and more companies and businesses having to modernize payment processing to accept various kinds of payments, third-party credit card processing companies are becoming increasingly popular and necessary. And just like consumers trust the seller, the seller has to trust that the processing company is transferring money from one account to another correctly and securely. That being said, just last month, five companies that trusted Electronic Merchant Services in Ohio, were temporarily out thousands of dollars in transactions.
The credit card processor impacted in the scheme is Electronic Merchant Services, which had just moved its headquarters to the central business district of downtown Cleveland in 2018. The credit card processing company processes credit-card payments and other transactions for small and mid-sized businesses across the US. Electronic Merchant Services (EMS) is a registered ISO/MSP of Elavon, Inc. Atlanta, GA a wholly-owned subsidiary of U.S. Bancorp.
So, how exactly did these Ohio residents steal all of this money? According to Cleveland.com, two women, Tiffany Travit, 38, and Sonya Bowers, 45, of Euclid, Ohio were able to divert funds into their bank accounts by having access and the ability to edit EMS’s client database. Travit originally had this access as an employee that helped clients over the phone, and shared the clients’ login information with Bowers and others. Once logged in through the clients EMS account, Travit and Bowers changed the banking routing numbers to bank accounts controlled by them, not the companies, meaning that they would receive the funds from transactions in their accounts. The federal indictment says “BMO Harris Bank lost $137,100.99 and Chesapeake Bank lost $176,623.30” as a result of Bowers and Travits actions. Electronic Merchant Services said that Travit was fired as soon as it was known that the funds had been misappropriated, as well as reimburse their clients and alert the federal authorities. The CFO of the merchant service company made the following statement in regards to the scandal:
“No merchant nor any bank lost any funds and we subsequently further tightened our controls in this area to assure there could not be a recurrence,” O’Neil said. “We take our responsibilities very seriously and in 30 years this has been the only incident of this type.”
Both Travit and Bowers are now going face-to-face with the federal government as a result of their actions. According to the U.S. Attorney’s office, both women are facing charges of conspiracy to access a protected computer, aiding and abetting access to a protected computer and bank fraud. All of these charges are severe and could mean that these women spend time in jail and pay fines. Let’s take a look at what these charges mean to the court.
Conspiracy to access a protected computer: The basic requirements for prosecution under the Computer Fraud and Abuse Act are that the computer is a “protected computer,” and that the individual charged accessed that computer “without authorization.”
A “protected computer” is not just a computer that belongs to a government agency, it can include any computer that is connected to the internet. That would include a person’s computer provided by their employer, a computer at the public library, or other electronic devices that have internet access.
Similarly, the definition of “without authorization” is a person who has authorization to use a certain computer may nonetheless be prosecuted under this law if the person’s use of the computer “exceeds authorization” or if the person uses the computer for some “improper purpose.”
Aiding and abetting access to a protected computer: According to the U.S. Department of Justice, the elements necessary to convict under aiding and abetting theory are:
That the accused had specific intent to facilitate the commission of a crime by another;
That the accused had the requisite intent of the underlying substantive offense;
That the accused assisted or participated in the commission of the underlying substantive offense; and
That someone committed the underlying offense.
Basically, the accessory to a crime. In this case, the crime was access to the protected computer.
Bank fraud: In order for you to be convicted of federal bank fraud under 18 USC 1344, the prosecution must prove beyond a reasonable doubt that you:
Executed or attempted to execute a scheme, substantially as charged in the indictment, to defraud a financial institution [or to obtain a financial institution’s money by means of false or fraudulent pretenses];
Knowingly and willfully participated in this scheme with the intent to defraud [or to obtain money by means of false or fraudulent pretenses];
The financial institution was federally insured, a federal reserve bank or a member of the Federal Reserve System
No word yet on a trial date or how the defendants plan to plead, but it’s safe to say that the federal charges brought about are serious.
True Merchant Offers Cardsecure for Secure Transactions
At True Merchant, we understand that a few simple tips from a singular article isn’t enough to keep small business owners protected. That is why we offer a number of dedicated merchant services including CardSecure. Lean on our extensive experience to handle the payment processing security for your small business.
To speak with a payment processing security professional, please call or email us today. Your small business is worth protecting!