McDonald’s hat trick of the week: three cases involving insider breaches make the media

It looks like McDonald’s made a media hat trick this week in terms of dishonest employees and card fraud or ID theft. First, employees in Illinois and  Washington were caught skimming customers’ debit and credit cards, and now Dave Gibson reports on a case from Georgia:

On Wednesday, Eva Ramos, 36, a former McDonald’s restaurant manager, was sentenced in U.S. District Court to 32 months in federal prison for her role in an ID theft scheme.

Ramos pleaded guilty to selling the identities of U.S. citizens to illegal aliens employed in McDonald’s restaurants throughout the Savannah area.


Skimming customers’ cards? Selling and using others’ identities to work at McDonald’s? What’s going on here?

I’m sure McDonald’s has many honest employees, but that’s at least the sixth report of employee-related fraud involving McDonald’s this year.  In addition to the three incidents mentioned above, another young employee was accused of skimming hundreds of customers’ cards at a drive-thru window in Monticello, Minnesota this summer. After that breach, a corporate spokesperson said:

Nothing is more important to us than the security of our customers. This is an isolated incident which we take very seriously. Please be assured that this is not reflective of the values of our employees.

But how isolated is it, really, when at about the same time, hundreds of other customers had their cards skimmed at a drive-thru window at Norfolk (Virginia) Naval Station? Or you find an elaborate credit card fraud ring operating out of Mandeville, Lousiana that also obtained customer’s card numbers at the drive-thru window? Or you have two new reports within this past week alone after another drive-thru window skimming report from Michigan last month?

McDonald’s has a lot of stores – many more than Burger King.  By chance, then, one would expect more incidents at McD’s than Burger King, but when you do not see any reports of insider breaches involving Burger King, and six involving McDonald’s insiders, well…. you do the math.

The hospitality sector continues to be the single biggest sector for breaches relating to card fraud or misuse, with some studies suggesting they compromise 23 – 40% of all card-related breaches. McDonald’s is clearly not the only fast-food operation experiencing breaches involving customer card data.  A chain of 23 Burger King franchises owned by Liberty Restaurant Group and six stores owned by EDN in Georgia had multiple stores compromised in what appears to be  POS-related compromises. In contrast, I’ve seen no reports of POS hacks involving McDonald’s databases containing credit or debit card info.  So if they are getting security right on their electronic databases, why so many incidents of  young employees skimming cards at drive-thru windows? They need to get employee security right, too.

I asked McDonald’s for a statement about the reports of insider breaches, and they sent this statement:

Rest assured we take matters re: safety and security extremely seriously.

We have cooperated fully with the authorities in their investigation of these crimes.

McDonald’s and our franchisees will not tolerate this type of behavior.”

Well, okay. But what is McDonald’s doing or going to do differently to prevent these employee-related breaches?

[Small update/correction to add Michigan breach]

About the author: Dissent

Has one comment to “McDonald’s hat trick of the week: three cases involving insider breaches make the media”

You can leave a reply or Trackback this post.
  1. garykva - November 22, 2011

    People just have to be aware. IF I use a CC at a drive thru establishment, I watch them. The McDonalds near me has the CC POS swipe device in plain view of the customer. That kind of deters the ability to hide around a corner and do thier magic.

    Lets say that some of these people don’t use thinking as their primary mode of living. If they do the math, and read the news of any type, they should notice that this type of activity ISNT hard to detect and figure out. If they are getting 15-30 bucks a card, they mind as well give up those many days in jail and payback in restitution. They are just asking to be thrown in the slammer.

    Social profiling exists. I wonder if McDonalds even runs a security check on these people, or better yet inquires through the freedom of information act, the addressses of the employees to see if there is a pattern of involvement with the authorities.

    Again, as long as the press isn’t too overly negative, and the fines (if any) aren’t too steep, thus not effecting their bottom line (Profit$), its a shrug and move on to depositing their corporate heaps of cash.

    Employee awareness and the ability to report such activity without retaliation in the consumer world should be accepted, and praised. Someone catches a person skimming? Hire them as an assistant manager and fire the current manager and assistant managers.

    Or better yet, offer a ATM checkout device at the 1st drive up window. You swipe your own card, and limit the CC handling. Or, people can take security seriously and GO INTO the establishment and use the card or pay for items with cold hard cash.

Comments are closed.