By Martin H. Bosworth
ConsumerAffairs.com
February 28, 2007
Rhode Island police arrested four men in connection with a series of break-ins at Stop & Shops throughout the state that enabled the alleged thieves to gain access to customer payment information.
The arrests were made earlier this week after employees at the Stop & Shop in Coventry spotted the suspects tampering with the keypads used to process customer payment data from debit and credit cards.
The thieves' modus operandi was to modify the keypads to enable collection of the data, then come back and collect the data at a later date. Store officials apparently had video surveillance data of the suspects, which they shared with local law enforcement, local newspapers reported.
Stills from the incriminating video were later posted on the Rhode Island State Police's "Most Wanted" Web site, leading to the arrests.
Arutyun Shatarevyan, Mikael Stepanian, Gevork Baltadjian and Arman Ter-Esayan, all from California and in their 20s, were charged with computer theft and fraud, and were arraigned in Kent County District Court. Bail was set at $150,000 to $200,000.
Rhode Island state prosecutor Gina Lopes said the Secret Service was investigating the possibility that the four may be part of a larger criminal ring that conducted similar activities in other cities, including Philadelphia, Las Vegas, and Miami.
"We are hopeful that these arrests will bring those responsible for these crimes to justice," the company said in a statement. "Stop & Shop continues to cooperate fully with the authorities during this ongoing investigation."
Stop & Shop also claimed it was reinforcing its payment keypad terminals with "heavy duty silver bolts" to make them more difficult to tamper with or remove.
Although the total losses and number of victims in the Stop & Shop breach has not been tallied, Rhode Island Attorney General Patrick Lynch noted that 1,000 cardholders had reported fraudulent charges since the breach. Citizens Bank had reported $100,000 in fraud losses stemming from use of the stolen data, and two local credit unions had reported $15,000 in losses.
