Summary:
A coordinated scheme in which an identity thief and fraudster were able to access and steal up to $10,000 each from numerous American poker pros’ checking accounts has come to light. Todd Vieles, the owner of PokerFraudAlert and perhaps the first victim of the scheme, has published an extensive thread on the thefts after gathering information for several weeks.
A coordinated scheme in which an identity thief and fraudster were able to access and steal up to $10,000 each from numerous American poker pros’ checking accounts has come to light in recent days.
After gathering information for several weeks, Todd Witteles, the owner of PokerFraudAlert and possibly the scheme’s first victim, has published an extensive thread on the thefts.
On October 20, Witteles’ banking account was robbed for $10,000, which was quickly cashed through a casino payment system to a bogus Venmo account. Over the past week, Witteles has researched the issue, and he points the finger at loose controls at both Venmo and Global Payments Gaming Solutions, a popular corporate payment processor used by BetMGM, WSOP.com, and many other companies who implement eCheck services and other forms of bank
After learning that other well-known poker players had been similarly robbed in recent days, Witteles went public with his research late Tuesday.
The other victims are not only Cheong and Witteles. Kyna England added her name to the list very quickly.
According to Poker.org, Witteles confirmed that David Bach, Sam Panzica, and Clayton Maguire were among the victims of the fraudster. Brock Wilson admitted to being a victim in a response to the post. At least four other players told him they were victims but didn’t want to be publicly identified, including one player who Witteles described as a “big name”. As many as 20 other players may have been victims of the scheme, according to Witteles.
Witteles thinks that the mechanics of fraud are likely
The most likely explanation for the string of thefts was detailed in a series of posts by Witteles at PokerFraudAlert. None of his claims have been independently verified, and some of the casinos used by the fraudster(s) to cash out the stolen funds are only now becoming aware of the situation. When BetM GM became aware of the stolen funds being routed through its website, he immediately contacted Cheong.
The core flaw in the string of thefts is the ease with which repeat transactions can be done through Global Payments Gaming Solutions, according to Witteles. He claims that only the initial transaction done through Global Payments is thoroughly vetting for authenticity of a user, and after that, similar transactions using that person’s name and the same bank-account number pass through Global Payment’s system with little or no recurring checks.
If the thief was able to steal a player’s identity and bank account number from any casino’s system, he could then attempt to make fraudulent deposits to any other U.S.-based casino, online or live, that uses the Global Payments network. Witteles theorizes that it is another simple jump to create a couple of fraudulent Venmo accounts to get rid of the stolen money. One of the Venmo accounts would be in the victim’s name, using the stolen identity, while the second account would be used in a Venmo-only transaction as the real destination of the stolen funds.
Witteles said the theft was caused by an eCheck deposit he made on World Series of Poker. He wrote that if you have deposited to any real money, legalized US gambling site in the past, using eChecks, you are vulnerable to this exact same theft. It is more likely that you will be a victim if you are a well-known poker player.
Every single person who was a victim had their money stolen from the bank account they used for past eCheck deposits on legalized gambling sites, according to a separate post by Witteles. There is a high chance that you won’t be affected by this if you didn’t do eCheck deposits via legalized online gambling sites. There have been no victims who exclusively used credit cards, cash-at-the-cage or other payment methods. Again, as I talk to more people, this might change, but this is what I am seeing so far, and it remains consistent with my theory regarding how all of this occurred.
Several of the known thefts have a link to BetMGM
The identity theft and bank fraud appears to have been carried out entirely online through remote deposit/cashout options made available by many casinos as a convenience to their gaming customers. The fraudster likely exploited a systematic flaw in the system, in that deposits can be quickly withdrawn without any actual gaming taking place.
The fraudster has made use of online deposit/withdrawal frameworks offered by BetMGM, Borgata New Jersey, and California’s Viejas Casino. The Global Payments gaming solutions may be used as a front-end solution to provide banking services.
The first step players can take to protect themselves against similar thefts in the future is to not use any eChecks framework. He recommended that you temporarily freeze your credit line and close your checking account if you use it to fund online-gambling accounts. He said that Global Payments appears to be the main culprit behind all of the thefts to date.
With the casinos and payment-processing firms barely aware of the situation, the liability for the thefts remains uncertain. The affected players would have grievances against the casinos, who in turn would likely be able to recover the thefts from Global Payments, the provider of the white-label banking services. To plug the security hole and to begin tracking down the chain of money transfers to any identifiable perpetrators is the immediate needs of the corporate entities involved. The stolen funds may be unrecoverable from the thief or thieves involved, because an investigation will take some time to reach a resolution.