Money Back on MoneyPak?

Suit blames retailers including 7-Eleven, Walmart, for selling reloadable cards allegedly used in cybercrime

Greg Lindenberg, Editor, CSP

Click here to view larger version.

DALLAS -- Retailers concerned about cybercrime and protecting both internal and customer data may have yet another bullet to dodge--lawsuits from victims of cybercrime.

A suit filed on March 26 in Dallas names 7-Eleven and five other major retailers, alleging compliance in an online scheme because they sold and distributed a reloadable prepaid card called MoneyPak, produced by Green Dot Corp., Pasadena, Calif. Cyber criminals allegedly used the cards to obtain money from victims using illegal tactics.

"We're trying to stop the extortion," said Ross Teter, an attorney with Teter Law Firm, Dallas. He told CSP Daily News, "It's a money making scheme [that could end] if retailers would stop selling MoneyPak."

Filed in the 191st Judicial District Court of Dallas County, Texas, the suit describes the crime as a virus or malware that shuts down a person's computer and says it will release it for a "ransom" paid via MoneyPak. The suit alleges that the defendants, including Dallas-based 7-Eleven, received the "ransom" and are allegedly complicit in the criminal activity. The suit calls MoneyPak a "criminal instrument" and seeks restoration of monies lost, legal expenses and "such other relief as the Plaintiff and the class members may be entitled."

In addition to 7-Eleven, others named in the suit include CVS Caremark Corp., Woonsocket, R.I.; Green Dot; Kmart Corp., Hoffman Estates, Ill.; Kroger Co., Cincinnati; Walmart, Bentonville, Ark.; and Walgreens Co., Deerfield, Ill.

"We can't talk publicly pending litigation, but expect to vigorously defend ourselves against these false allegations," 7-Eleven spokesperson Margaret Chabris told CSP Daily News.

Earlier this year, Walmart posted a notice on its website describing the activity as a scam where "a virus appears as a 'pop-up' message on the computer screen indicating that the computer has been locked for violating some regulation. … In order to unlock the computer, the message indicates a $200 fine must be paid via MoneyPak."

It calls the pop-up screen "very convincing, with logos from the FBI, as well as major retailers, including Walmart. Walmart is not associated with this scam."

As early as 2011, the Better Business Bureau posted notice on its website that a "significant increase" in various schemes where criminals tried or succeeded in "collecting payments via MoneyPak for merchandise, advance fee loans or sweepstakes prizes--all of which turned out to be either fraudulent or nonexistent."

As noted by lawyers and risk-management personnel at last year's CSP roundtable on liability and crisis prevention, retailers are quickly becoming the target of product lawsuits, partly as a result of their visibility and the fact that the true perpetrators are based overseas.

In this case, Teter said much of the cybercrime originates in Lithuania.

Speaking to the current lawsuit, Teter said the scheme "shuts down business and damages computers. It costs money. It could erase [data and cause damage] to the point where you don't know what's been compromised."