A Norman man is confronting embezzlement accusations following allegations that he replaced card readers and illicitly pocketed thousands of dollars from a local business.
The card readers commonly seen, which plug into phones for customers to swipe their cards and pay, became a means for one employee to exploit the system for personal gain.
“These are very common devices, and they’re really easy to use and good devices for small business owners,” remarked Tanner Shinn, the principal security engineer for Alias Cybersecurity.
According to court documents, the Norman man would substitute the reader used at the business with his own, diverting funds into his personal bank account with each sale. In February, the employee confessed to a manager, revealing he had “made $30,000 from this scam.”
In a recorded phone conversation, the suspect disclosed to the manager that he had employed a similar tactic at another location, evading detection by not getting overly greedy. He further explained that upon reaching a predetermined sales figure, he would deactivate the device and swap it back with the one the business believed he was using, as per court documents.
A cybersecurity expert recommends implementing safeguards to protect businesses. “Introduce an inventory system, something that’s really good. Number them. Make sure that you know you can use barcodes, QR codes very easily. Make sure you check them regularly to ensure nothing like this is happening,” Shinn advised.
Additionally, tracking financials to monitor extended periods without sales can help identify irregularities. Shinn reassured that the readers themselves are secure. “There’s not many ways that people can open up the devices and tamper with them,” he noted. “That’s always a cat-and-mouse game whenever it comes to defenders and attackers. But at this point, there are known vulnerabilities.”
While KOCO 5 has refrained from naming the suspect pending formal charges, he faces allegations of embezzlement and violating the Oklahoma Computer Crimes Act.
