Breach Means More Retailer Card Fraud

Over the past 5 years a scam known as electronic funds transfers at the point of sale (EFTPOS ) skimming. People commonly swipe both credit and debit cards through the in-store machines to pay for goods and services and hackers have figured out how to skim customer cards.

In Australia, Fast-food, convenience and specialist clothing stores are bearing the brunt of the crime. McDonald’s is among the outlets whose EFTPOS machines have been targeted for card skimming.

Officials say the problem is so bad they urged people to change credit and debit card pin numbers weekly to avoid the possibility of having their account balances wiped out, as it was likely more cases would be identified.

In the United States a similar card skimming scam was pulled off at the Stop and Shop Supermarket chain.

The most recent large card data breach was from Barnes & Noble.   “Barnes & Noble has detected tampering with PIN pad devices used in 63 of its stores. Upon detecting evidence of tampering, which was limited to one compromised PIN pad in each of the affected stores, Barnes & Noble discontinued use of all PIN pads in its nearly 700 stores nationwide. The company also notified federal law enforcement authorities, and has been supporting a federal government investigation into the matter. Barnes & Noble has completed an internal investigation that involved the inspection and validation of every PIN pad in every store.  The tampering, which affected fewer than 1% of PIN pads in Barnes & Noble stores, was a sophisticated criminal effort to steal credit card information, debit card information, and debit card PIN numbers from customers who swiped their cards through PIN pads when they made purchases.  This situation involved only purchases in which a customer swiped a credit or debit card in a store using one of the compromised PIN pads.”

When the use of these stolen credit cards go online, iovation’s ReputationManager 360 helps banks and online merchants avoid fraud losses by detecting high-risk behavior and stopping cybercriminals in their tracks. iovation’s device identification and device reputation technology assesses risk on activities taking place at various points within an online site such as account creation, logging in, updating account information, attempting a purchase, or transferring funds. These checks can be customized and fine-tuned to suit the needs of a particular business, detecting fraudulent and risky behavior in order to identify and block cybercriminals for good.

Consumers must pay close attention to their statements and refute unauthorized charges within 60 days. I recommend going online at least weekly and looking closely at all your charges no matter how small they are.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.