Confessions of a Credit Card Thief

For someone who was committing federal crimes on a daily basis, Dan DeFelippi led a pretty uneventful life in the early 2000s.

He’d get up and go to work, much like you do. He liked spending time online, and he would run errands after spending a few hours at the office.

He was just a regular guy, if you leave out the part where his routine consisted of fraud.

Because that’s what he was doing: He used his office to manufacture fake IDs and credit cards, and his shopping trips involved using those fraudulent cards to buy electronics, which he resold for massive profits.

This worked extremely well for him, until he was arrested in 2004.

The Beginning

DeFelippi was a college sophomore at Rochester Institute of Technology when he started making fake IDs. He wasn’t making much at his part-time retail job, and at a school with several thousand undergraduates, he thought selling fake IDs seemed like a good way to make money, so he took out a cash advance on his credit card to buy supplies. He sold them for $65 each, and within a month, DeFelippi had repaid the loan.

He dropped out of college shortly after to make fake IDs full-time.

This wasn’t his first time cheating the system, but it was certainly his first step into major crime. When he was in high school in the ’90s, he was part of group that cheated advertisers who paid people to click on links online — they used a program to automate the clicks, so they got paid for doing nothing.

Living for ‘Free’

He started his fake ID business in 2001. Between then and the time he was caught in December 2004, he transitioned to making fake credit cards with stolen information, aka carding. One of his ID resellers took over enabling the underage drinkers of western New York. (Yes, he had a network of fake ID sellers at other schools.)

DeFelippi got into carding through the online forums he frequented. There was a lot of crossover between fake IDs and carding in these communities, and the money carders made was tempting. At first he hacked credit card databases and stole information himself, but he realized it was more efficient to pay other hackers for such data. (This is what the other side of a data breach looks like, by the way.)

“My bread and butter was using my cards in stores to buy laptops and gift cards,” DeFelippi says. Eventually, this practice led to his capture, but until then, it was a productive business.

In some ways, it’s living the dream: He was doing something he really enjoyed, and money wasn’t a problem.

“It was me toying around with stuff,” he says of his start in crime. “Once I saw the money, I said ‘Hey, not only can I have fun hacking stuff, I can make significant money doing it.”

He’s not sure how much he netted during his fraud spree, because he says he didn’t keep track. During an “ask me anything” on Reddit, he said he thinks his best day got him $5,000 cash, and some days he purchased five to 10 laptops with fraudulent cards.

“Money didn’t have much meaning to me,” he says. “Anything I wanted I could get for free.”

Of course, that “free” concept is actually fraud, which is a felony, and that’s not really fun at all.

But yes, at the time DeFelippi says, it was fun.

Getting Caught

Meanwhile, his associate who had taken over the the ID business wanted to get into carding. They worked out an agreement where DeFelippi made the cards and the other guy would go buy the laptop, and they’d split the profits of the resale.

On a November day in 2004, they went to a mall together, so they could buy twice as many goods. He says they were in a hurry, and when they went to get a laptop at Best Buy, the cashier seemed suspicious.

“Normally when you do something like this, you try to act like any other person would,” DeFelippi said. “I wouldn’t normally rush things, I’d ask a person how they were doing.” But they skipped the small talk and were clearly in a rush.

The cashier wanted to call the credit card company for verification, and as soon as the employee left the register to do so, the would-be thieves left the store.

DeFelippi’s partner left his fake ID behind, along with the phony card. His picture went up on the news, a former roommate turned him in and he gave the cops DeFelippi, who was arrested in December.

“I had an office set up at that time, and it was just full of evidence,” he said. He was facing 8 1/2 years in prison on federal charges, but he was sentenced to time served (about two weeks while waiting for bail), three years probation and $210,000 in restitution.

But the really tough part for him was leaving fraud alone.

“When I was caught, I knew I was done, even if I really felt the pull for a long time,” DeFelippi says. “I knew the risk was too high.” He moved back in with his parents, and he had to figure out how to live in a world with the challenges of legitimate personal finance.

After the Bust

In April 2005, DeFelippi started working with the Secret Service, training people to understand the hacking world and infiltrate the forums in which he spent countless hours learning the illegal trade.

He did that for two years, ended up getting a business degree and went back to computer programming — he was studying computer engineering when this whole thing started in 2000. He now works as a freelance web programmer, in addition to giving talks and consulting on digital security.

DeFelippi may be off the job, but there are plenty of others like him. That’s no secret, given the prevalence of data breaches.

Security plays a large part in his work, and he has plenty of advice for consumers, like using credit cards to take advantage of the fraud protection and reviewing your bank statements to watch out for unauthorized activity.

Of course, if your personal information is sold and someone uses it to open up a fake account, that’s not going to pop up on an existing statement, which is why it’s important to periodically review your credit reports and credit scores.

“Consumers should try to educate themselves about the basic things people will do to steal their information,” he says. “Be aware of what you’re doing online, and be aware of what you’re doing offline.”

A warning from a former thief is about as real as it gets: Protect your personal information.