
The accused used software to "format and encode" the stolen track data to create counterfeit cards that netted them hundreds of thousands of dollars.
Green-Bressler pleaded guilty in March to aggravated identity theft and conspiracy to commit offenses against the United States, both felonies.
Avivah Litan, a Gartner analyst, told SCMagazine.com that the bust proves companies still are unnecessarily storing account information that is attractive to cybercrooks.
The stolen data included algorithms to decode PINs and other account data, such as expiration dates, passwords and Social Security numbers.
"PINs and full track data are really the pot of gold for the crooks because they can turn that into cash," she said.
Green-Bressler and the other defendants used the bogus cards they created to steal hundreds of thousands of dollars from ATMs. They wired back about half of the proceeds – roughly US$300,000 – to the suppliers, who were based in some 20 countries, including Vietnam, Pakistan, Jordan, Egypt, the Philippines, Macedonia, Romania, Estonia, Lebanon, Mexico, France and the United Kingdom.
Litan said it is likely scams such as this one continue to persist as US law enforcment has been unable to bring down the ring leaders because of jurisdictional clashes, particularly in nations such as the Ukraine.
"They’re stopping the bleeding temporarily, but they’re not getting to the heart of the problem," she said. "Those forums [where data is bought and sold] are located in uncooperative countries as well. They’re in bed with each other."
Litan said law enforcement sources have told her the TJX breach — in which 45.7 million credit card numbers were compromised — originated in the Ukraine by the same criminal gang that was responsible for the CardSystems and Polo Ralph Lauren breaches.
"They know who it is, but they just can’t get to them," Litan said of US authorities.