Clear69° WeatherClear69° Weather

Latest target for identity thieves? Military pay

Army Capt. Stephen Redmon and his wife, Julie, have  depended on short-term loans since losing $3,290 when his monthly electronic deposit was rerouted.

Courtesy of Julie Redmon

Army Capt. Stephen Redmon and his wife, Julie, have depended on short-term loans since losing $3,290 when his monthly electronic deposit was rerouted.

TAMPA — Much is demanded of soldiers. In exchange they get pride and pay. But identity theft claimed even the pay last month for four military personnel at Fort Bragg, N.C., one of America's biggest Army bases.

The technique may ring familiar to thousands of victims of hijacked IRS tax refunds and Social Security payments: Someone rerouted the soldiers' monthly electronic deposits onto prepaid debit cards.

Was it an isolated breach or the start of a larger problem for the military? The answer matters: Only about 1 percent of the 6.6 million people on the defense payroll get paper checks.

The Department of Defense is investigating the Fort Bragg pay losses and has not yet determined whether the victims or the government is liable. For now, victims haven't been repaid.

"It's frustrating, I'll say that," said Army Capt. Stephen Redmon, who lost $3,290.

Redmon, a 29-year-old artillery officer who served a year in Iraq, is married with two children and a third on the way.

His monthly pay was due to be deposited in a USAA Bank account on Sept. 14.

On Sept. 10, he checked his leave and earnings statement on myPay, a website for the military's payroll agency, Defense Finance and Accounting Service.

That's when he noticed the bank change. Instead of going to USAA, his deposit was headed to Bancorp Bank, a large issuer of prepaid debit cards, including the Akimbo Visa, upon which Redmon's $3,290 was about to be captured, then withdrawn.

Julie Redmon, his wife, described the chaos that followed: calling Bancorp, getting sent to the wrong card manager company, dialing a fraud line and reaching a psychic hotline. She said the government tried to recall the funds but did not succeed.

(Bancorp reports that most of its prepaid debit cards are not used for fraud. That said, the third choice on the company's automated phone system is a line for detectives with subpoenas.)

Even with a few days' warning, the Redmons could not head off a thief. An investigator told them someone had signed on to the soldier's myPay account using his own login and password.

"At first they asked my husband how our marriage was," Julie Redmon said. "How good our 8-year-old was with computers. They accused my husband of giving his password to someone, or leaving his common access card in a computer. That didn't happen. We don't write down our password.

"The whole time it's been like we're trying to prove we didn't do anything wrong, when they know we're not the only ones."

The Redmons aren't the only ones. Roxanne Addis Olson, spokeswoman for the defense payroll agency, confirmed that three other Fort Bragg soldiers reported their pay was diverted.

And she said pay diversion occurred elsewhere, too, though she was unable to discuss frequency or location. She could not, for instance, say whether it happened in Florida.

In some cases, myPay logins were compromised, she said. Customers had accessed myPay at computers infected with key-logging or other malware set to capture private information.

Retired Air Force Col. Gary McAlum, now chief of security for USAA, wasn't surprised to learn that military pay had been hacked, a practice the banking industry calls "account takeover."

"It's much more common than people know about," he said. "The technology the bad guys have is so easy to use."

USAA provides insurance, banking, investment and retirement services for 9.3 million military members and families.

He said it seemed likely that victims had been hit by key-logging malware. And he mentioned scams in which cyber criminals send emails that appear to be from financial institutions, seeking personal information.

Last fall, an imposter created a phishing email with the logo of the defense payroll agency.

Julie Redmon doesn't recall getting that email. The couple's home computer has security and anti-malware software, she said.

Capt. Redmon also accessed myPay through a computer in the Fort Bragg library and from his cell phone, he said.

He said the lost pay has consumed their lives. It happened amid a move to Fort Sill, Okla., now home. They've been existing on short-term military loans.

"In the military, you used to be able to get a check," Julie said. "You can't do it anymore. Everything is on direct deposit."

Staff writer Patty Ryan can be reached at pryan@tampabay.com or (813) 226-3382.

Internet safety tips

From USAA security chief Gary McAlum: Don't answer email requests for personal information, no matter how real they look. Even clicking on links within them can let malware into your computer.

Set your antivirus program to update automatically. At least once a week, disconnect from the Internet and run a deep scan. Be sure to update other programs, such as web browsers.

Don't reuse passwords for multiple applications. If you have too many, store them in a digital vault — protected by a unique password.

From Defense Finance and Accounting Service: Don't use public computers to access your private and financial information. If you must use a public WiFi network, make sure it belongs to the business or library where you're located.

Use the virtual keyboard and position yourself where others cannot see you type or read your screen.

If you have a military common access or identification verification card, use the SmartCard login feature.

Latest target for identity thieves? Military pay 10/30/12 [Last modified: Wednesday, October 31, 2012 12:08am]

© 2014 Tampa Bay Times

    

Join the discussion: Click to view comments, add yours

Loading...