We're seeing some strange electronic banking activity...fraudulent transactions that appear to come from legitimate sources. 

Two examples:

1.  A credit card got hit over this past weekend for a $124.05 charge with a well-known hotel chain's name in the transaction description.  The customer called her bank and was able to find out the specific hotel property from which the transaction originated.  The transaction appeared to be manually-keyed---no card swipe.  Further researching with the hotel, they didn't show any such transaction initiating from their property.  The customer is disputing the transaction with the bank.

2.  Another case involves a small business checking account.  The checking account has been hit with three fraudulent ACH debits, all appearing to come from legitimate originators (e.g., Bank of America, CapitalOne).  The three debits total approximately $6,000.  Interestingly enough, this account does not have Internet banking of any type and does not originate ACH transactions.  Not the typical ACH fraud we've seen.

It appears, based on these two examples, that the criminals have figured out a way to appear as legitimate merchants or originators and hit credit cards and checking accounts with electronic debits.  In this case, the fraudulent transactions involve different customers but the same bank, a large regional bank.  Could be coincidental.

We have notified the FBI and we will continue to monitor the situation, providing updates to our clients and friends as more information becomes available.

In the meantime, we advise our clients to closely monitor merchant processing and ACH activity for any unusual transactions.