A Sacramento federal jury on Tuesday convicted 37-year-old Mihran Melkonyan on 26 counts of wire and mail fraud related to an international hacking operation that enabled cyber criminals to steal hundreds of thousands of dollars from American Express cardholders.
Melkonyan, of Sacramento, was initially charged in a March 2014 criminal indictment with 23 counts of fraud related to what prosecutors depicted as a scheme to defraud more than 20,000 American Express account holders by making bogus charges to their accounts. A superseding indictment handed down the following-year accused Melkonyan and his co-defendants of participating in a large-scale scam that affected over 119,000 cardholders in all, bringing the grand total of counts against him to 26.
A jury convicted Melkonyan on all counts Tuesday after a single day of deliberation, the Sacramento Bee reported afterwards. He’s scheduled to be sentenced on May 5.
Prosecutors argued in court that Melkonyan and two Russian co-defendants made off with upwards of $400,000 through a scam in which they established dozens of bogus online businesses that were then used to place false charges against the compromised cardholders. Notably prosecutors said the hackers acquired academic transcripts from a Sacramento-area high school and used the students’ compromised information to establish fake businesses utilized during the course of the scheme.
“The purpose of the scheme was to obtain money from credit card holders, credit card companies and third-party credit card payment processors by charging individuals’ credit cards without their permission or knowledge for goods and services that were not provided,” prosecutors alleged in 2015.
“Using the fictitious business entity names, the defendants established merchant accounts with credit card providers, such as American Express, Inc., and used the services of a third-party credit card payment processor, such as PayPal, Inc.,” the indictment alleged. “The defendants charged the accounts of credit card holders using the merchant accounts and third-party payment processors without the permission or the knowledge of the credit card account holders.”