Man Sentenced in Fraud Scheme That Compromised 3,000 Credit Union, Bank Accounts

Ioan Flore, who targeted ATMs that were not chip enabled, making it easier to siphon more than $500,000 from nearly 3,000 compromised credit union and bank accounts in Michigan, Iowa and Nebraska, was sentenced to more than four years in federal prison.

U.S. District Court Judge Hala Y. Jarbou in Lansing, Mich., also ordered Flore last month to pay restitution of $587,529 and forfeit $16,230 in cash that was seized from his vehicle after he was arrested during a traffic stop in Indiana last spring. In November 2020, he pleaded guilty to one felony count of conspiracy to commit financial institution fraud and one felony count of aggravated identity theft.

Prosecutors said Flore, a Romanian national living illegally in the U.S., was part of an ATM skimming crew that stole funds from credit union and bank accounts between September 2019 and May 2020 by placing skimming devices and pinhole cameras on ATMs in Michigan, Iowa and Nebraska. The skimming devices recorded customer account information from debit cards while the cameras recorded the PIN numbers of members and customers.

Prosecutors said Flore participated in all aspects of the conspiracy, including cash-outs, installation of skimming devices and cloning cards that were labeled with the corresponding PIN number.

Flore and co-conspirator Marius Adrian Mastan, a citizen of Romania and a legal resident of Illinois who was sentenced to more than four years in federal prison in March, typically conducted the cash withdrawals at the $1.4 billion Michigan First Credit Union ATMs because those ATMs were not chip compliant, making it easier to steal cash from the compromised accounts, according to federal prosecutors.  They also disabled chip readers in the ATMs before installing the skimming devices, so the machines would default to debit card magnetic strips, from which the data can be stolen.

“Long before this incident, all Michigan First ATMs were scheduled to go through a software update to enable chip technology,” Michigan First President/CEO Michael Poulos said. “Our ATM vendor fell behind schedule, which led to our software being updated later than planned. This unfortunate delay created a short window of vulnerability, which criminals discovered and exploited. Our dedicated security team proactively partnered with law enforcement to identify those responsible and help bring them to justice. As an organization, we continue to invest in the necessary systems and technology to protect our members both now and in the future.”

According to a federal investigator’s criminal complaint, Flore and Mastan used cloned debit cards at various Michigan First ATMs in several cities surrounding the metro Detroit area. They also targeted ATMs to steal funds and/or install skimming devices and pinhole cameras at the $1.3 billion Honor Credit Union in Berrien Springs, Mich., the $2.4 billion Lake Trust Credit Union in Brighton, Mich., the $306 million Monroe County Community Credit Union in Monroe, Mich., the $6.1 billion DCFU Credit Union in Dearborn, Mich., the $1.1 billion ELGA Credit Union in Burton, Mich., the $753 million Financial Plus Credit Union in Flint, Mich., the $1.1 billion Cobalt Credit Union in Papillion, Neb., American National Bank and First National Bank both in Omaha, Neb., and Dubuque Bank & Trust in Iowa.

The total loss of the ATM scheme amounted to $789,592, which included $587,529.50 in actual loss of funds, with an additional $202,000 of attempted withdrawals that were stopped by the financial institutions’ internal fraud alerts, according to court documents.

Prosecutors said the credit unions and banks that were victimized reported that PIN-based fraud is very uncommon because the only way for the criminals to obtain the PINs is by placing recording devices on the ATMs. The withdrawals made by Flore and Mastan often did not trigger the financial institutions’ fraud-monitoring software, so they did not learn about it until customers began contacting them to complain about the fraudulent withdrawals.

Moreover, insurance does not cover the financial institutions’ losses because the insurers treat each fraudulent transaction as a separate event, which means the losses did not meet the financial institutions’ insurance deductibles. Many of the financial institution skimming victims, however, shifted their losses to Michigan First Credit Union because its ATMs were not chip compliant, according to court documents.