The Durango Police Department has requested the FBI’s help to investigate widespread credit card fraud that targeted numerous people registered for this year’s Iron Horse Bicycle Classic.
Meanwhile, race officials worked Friday to identify the source of the security breach, said Gaige Sippy, director of the event.
“We are still trying to understand where all of this took place,” he said. “As of right now, there is no clear path.”
Dozens of credit cards have been used for fraudulent charges, all with a common thread of also having been used to register for Iron Horse events, Sippy said.
Organizers are unsure how widespread the problem is and whether all the credit cards used to register were compromised. Most of the fraudulent activity appears to have occurred during the first week of February, but some people have reported fraudulent charges up to three weeks ago, Sippy said. Fraudulent charges have ranged from $200 to $1,400, he said.
The charges have occurred at a variety of vendors, including Match.com, GameStop, Groupon, Micro Center, Lowe’s and the U.S. Postal Service.
Some people said their credit card companies automatically denied suspicious charges and shut down the credit card.
Organizers are unaware of any security breaches involving the Iron Horse website, which does not store credit card information, Sippy said. The Iron Horse uses third-party companies, including Durango-based Mercury and Plug and Play, to handle credit card processing, he said.
The Iron Horse Bicycle Classic hosts a variety of bicycle events over Memorial Day weekend, including the 50-mile ride from Durango to Silverton. The ride, which is capped at 2,500 participants, sold out in 36 hours this year.
People who suspect their debit or credit card has been compromised should first contact their bank or credit card company and then contact the Durango Police Department by calling dispatch at (970) 385-2900, said Capt. Dan Shry with the police department.