OREGON CITY (AP) - Wells Fargo Bank depositors began complaining in February about money missing from their accounts.

For months, bank employees matched the complaints to ATM withdrawals in California. The same man appeared repeatedly in surveillance photos, linking him to nearly 400 victims and $463,000 in missing money.

At the same time, agents from the U.S. Secret Service and the Manhattan district attorney’s identity theft unit in New York were tracking a network of tech-savvy identity thieves believed responsible for 95,000 stolen credit card numbers and more than $4 million in ID theft.

It all came together May 30 in Oregon, when a check-cashing teller in the town of Clackamas recognized Eduard Kholstinin, a 30-year-old Russian national.

His capture offered new insight into cybercrime, which accounts for $67.2 billion stolen each year from U.S. businesses.

He was convicted Oct. 22 in Clackamas County of identity theft and money laundering and awaits sentencing.

Cybercriminals trade stolen credit and debit card information over the internet on the international black market, then disappear.

Eduard Kholstinin’s arrest was a fluke.

Audra Kelley was working as a teller at the Clackamas branch of Cash Connection when she saw a familiar face.

She recognized him from the day before, when she was working elsewhere.

He had flashed a Texas driver’s license and asked for help with a $2,750 wire transfer to Russia. But she realized the name on the license was different.

She offered to call Western Union to get things going but called 9-1-1 instead.

When Clackamas County sheriff’s deputies arrived and asked for ID, the man produced a California license with his real name, Eduard Anatolyevich Kholstinin.

In his pockets were 36 more Texas driver’s licenses, all with his face but different names. The car contained stacks of receipts for wire transfers, about 60 prepaid Visa debit cards, and $80,000 in cash.

Kholstinin came to the United States on a student visa in 2001 supposedly to study agriculture but stayed on after his visa expired in December 2004.

During a May drive from San Francisco to Oregon, wire transfer receipts suggest Kholstinin sent at least $120,000 in stolen cash to associates in Russia, according to Clackamas County prosecutor Bryan Brock.

Investigators say he stayed low-key, never wiring more than $3,000 at once and posing as different people, using fake driver’s licenses.

And he spelled the names of recipients in multiple ways, fogging the money trail, Brock said.

Secret Service agents determined that the magnetic strips on some of the Visa cards in his car were encoded account information that did not match the numbers on the cards.

Mismatched card numbers are a common signature for “carders,” crooks who use stolen credit and debit card information.

Often, carders buy stolen account numbers on the Internet black market, then load cards with a magnetic encoder (similar to the devices motels use for programming room keys).

Plugging the new cards into ATM machines, the carders can quickly do thousands of dollars of damage.

Carole Byrum, a Wells Fargo vice president and senior investigator, said the bank eventually matched Kholstinin with hundreds of surveillance photos. She said she suspects the accounts were exposed in 2005 during a major security breach at a credit card payment processor.

Byrum said Wells Fargo has covered the losses. “He was a very big player,” she said. “Getting him off the street was nice.”

Once Kholstinin has been sentenced in Clackamas County, he’ll be extradited to New York City to answer charges that he bought stolen account numbers and moved money through the “Western Express Cybercrime Group,” identified in court papers as a multinational Internet-based criminal enterprise.