Former Subway franchisees charged with setting up POS crimeware business

Uninspired by the rewards of running a Subway sandwich franchise, Sean Holdt and Thomas Wilkinson set up an alternative business selling POS terminals to other franchisees. The winning formula? A pre-configured remote access toolkit that allegedly allowed the men to log in after hours and run off their own gift cards.

  3 2 comments

Former Subway franchisees charged with setting up POS crimeware business

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The two California men have been charged in an indictment by the US Justice Department in Boston with one count of conspiracy to commit computer intrusion and wire fraud, and one count of wire fraud.

According to the indictment, Holdt owned Subway franchises in Southern California from 2005 to 2008, and later operated a California company called POS Doctor, which sold and installed point-of-sale computer systems to Subway restaurant franchises around the country.

The DoJ alleges that members of the conspiracy hacked into at least 13 Subway POS systems that Holdt sold through POS Doctor and fraudulently added at least $40,000 in value to Subway gift cards.

Holdt and Wilkinson allegedly used the fraudulent gift cards to make purchases at Subway, and Wilkinson also allegedly sold fraudulent gift cards to others using eBay and Craigslist.

Earlier this year a Romanian man was sentenced to 21 months in prison for his part in an unrelated scam that saw the point-of-sale systems of hundreds of US Subway sandwich shops hacked, thousands of cards compromised and millions of dollars stolen.

Sponsored [On-Demand Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming Mandates

Related Company

Keywords

Comments: (2)

A Finextra member 

Well, at least they didn't go after payment card details (although if this was in an EMV or half decent PCI enviroment that would be a much harder proposition). Though crime is crime, I would put this at the slightly less ambitious end of the scale. Hopefully these guys get turned around before they try something more ambitious with the set of technical and social hacking tools they've aquirted with this escapade.

A Finextra member 

Such type of fraud will certainly be seen more often in the future. Quite frequently, "mobile payments solutions" are just about turning a smartphone into a POS device. This reduces the threshold for creating and distributing fraudulent POS "devices", as now those are just fraudulent apps ...

[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming MandatesFinextra Promoted[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming Mandates