McAllen Police Chief Victor Rodriguez said Mary Carmen Garcia, 27, and Daniel Guardiola Dominguez, 28, both of Monterrey, Mexico, used cards containing the account information of South Texas residents. Rodriguez said they were used to buy tens of thousands of dollars' worth of merchandise at national retailers in the area including Best Buy, Wal-Mart and Toys R Us.
"They're obviously selling the data sets by region," Rodriguez said.
Garcia and Guardiola were both being held Monday on state fraud charges. It was not immediately known whether they had retained lawyers.
Rodriguez said he did not know whether they were the first arrests related to the Target breach. Target did not immediately return phone and email messages left Monday, which was Martin Luther King Jr. Day, a federal holiday. The Minneapolis-based company said last week that it has stopped more than a dozen operations that sought to scam breach victims by way of email, phone calls and text messages.
McAllen police began working with the U.S. Secret Service after a number of area retailers were hit with fraudulent purchases on Jan. 12. The Secret Service confirmed that the fraudulent accounts traced back to the original Target data breach from late last year, Rodriguez said.
Investigators fanned out to McAllen-area merchants and reviewed "miles of video" looking for the fraudsters, he said. From that, they were able to identify two people and a car with Mexican license plates.
A message left for the Secret Service on Monday was not immediately returned.
With the help of U.S. Immigration and Customs Enforcement, investigators confirmed the identities of their suspects from immigration records of when they had entered Texas in the same vehicle. Police prepared arrest warrants last week and waited for them to return.
On Sunday morning, federal officials alerted police that their two suspects were at the Anzalduas International Bridge trying to re-enter the U.S. They were carrying 96 fraudulent cards, Rodriguez said.
Investigators believe the two were involved in both the acquisition of the fraudulent account data and the production of the cards, but only part of what must have been a much broader conspiracy. Rodriguez said investigators suspect Garcia and Guardiola were singling out Sundays for their shopping sprees hoping that the banks would not be as quick to detect the fraud.
With the amount of electronics and other merchandise purchased on Jan. 12, Rodriguez said the two would have needed an "army" to move it all.
Rodriguez also alluded to a link with Eastern Europe or Russia, but did not provide additional details. He said he expected Garcia and Guardiola to eventually face federal charges.
South Texas authorities have seen large-scale fraudulent credit card schemes before, including one in which they seized machines used to upload information to the cards' magnetic strips.
The Target security breach is believed to have involved 40 million credit and debit card accounts and the personal information of 70 million customers.