A growing number of local residents this week found fraudulent charges on their debit and credit card statements, victims in a rampant cyber attack that has for months targeted Bashas’ customer database.
The Payson Police Department is advising anyone who shopped at Bashas’ or one of its affiliate stores, including Food City and AJ’s Fine Food Market, to request a new credit or debit card from their bank.
Payson Police Sgt. Joni Varga said the department has received at least 50 reports of fraud from residents since Sunday, and banks have been inundated with concerned customers.
“The scary part is that if they obtained your card number, but haven’t done anything with it yet, that just means whoever they’re selling it to on the underground, they just haven’t tried it yet,” said Varga. “Six months from now you could see fraudulent activity. The problem needs to be taken care of by getting a new card issued.”
Residents from around Rim Country have reported erroneous charges on their accounts in just the last few days. They range from retirees, workers at the Pine library to the Payson Roundup.
Even Varga’s mother was among those hit.
“She was shopping at Big Lots and her card was declined,” Varga said. She later learned someone in California had charged $650 at Walmart. The bank shut the card down, but didn’t tell her.
Roundup employee Dave Rawsthorne said someone tried to use his debit card number three times at retailers Wednesday, but each time the bank declined it.
Another resident was not so lucky. Varga said one senior citizen on a limited income had his bank account decimated.
The man receives Social Security payments on a prepaid debit card. Thieves used those numbers to purchase several items. Unlike most banks, though, which are refunding the money back into customers’ accounts, this man will have to file paperwork and it could take several weeks before his money is returned, Varga said.
“It is a very sad case,” she said.
Little is known about the malware that attacked Bashas’ system. In an official release, Bashas’ said “highly sophisticated criminals” had gained access to parts of their system, capturing customer payment information with malware “that has never been seen before in the industry.”
It is unknown how many credit and debit card numbers were obtained, but Bashas’ said it has implemented new security measures.
Varga said it appears many of the stolen numbers are being printed on new cards, which are then being used in stores.
“A lot of people think they get a number and are doing phone orders, but no, you can imprint cards,” she said. “Just like I can go to my credit union and they can print me a new card in two seconds, well that technology they have, criminals have.”
Local banks are reporting lines of concerned customers requesting new cards and a thorough study of their accounts.
John Raven, manager at Wells Fargo, said they have had numerous customers come in in the last few days. Wells Fargo is declining many of the fraudulent transactions before they go through, but customers should still get a new card, he said.
Jenny Scott, National Bank of Arizona branch manager, said most banks have protections in place to identify fraudulent charges. “In most cases, the bank will contact you to verify purchases before you even know about the fraud,” she wrote in an e-mail. “There are some charges, however, that do get through.”
Besides getting a new card, Varga encourages residents to report fraudulent activity to police, especially if they discover their card numbers were used in Arizona.
“We are really paying attention to those in Arizona because we can call another agency and get going on obtaining security footage,” she said.
The PPD is collecting all reports and passing them on to the FBI. The FBI told the Roundup it could not confirm nor deny whether they are conducting an investigation into the matter at this time.
So far, Varga has heard customer data is being used to make purchases in 25 states as well as Mexico, Italy and Canada.