Using brash ingenuity, criminals out to steal your personal data are tampering with the checkout machines in department stores, supermarkets, gas stations and even your doctors’ office.
Their prime target: your debit card account number and personal identification number.
Thieves use ruses, such as posing as repairmen to alter and corrupt payment terminals — installing skimmers and storage devices that capture account numbers from the magnetic strip on a card as well as the PIN numbers the customer keys in.
“Technology is making it easier for criminals to develop smaller, more effective skimming devices,” says Dale Dabbs, CEO of identity theft protection service EZShield.
The compromised checkout machines are so widely dispersed that many crimes go unnoticed and public reports are sporadic, says Jeff Hall, director of Technology Risk Management Services at consultancy McGladrey.
Barnes & Noble recently disclosed that data thieves got away with installing corrupted checkout terminals in 63 bookstores in nine states. The case is under investigation, and the company has not said how many customers were affected.
In late September, Toronto Police arrested four men at a subway station in possession of 168 counterfeit debit playing cards. A fifth suspect was arrested past duer in his west side condominium — with a cache of element of gross sales (POS) terminals. one of the crucial gadgets were ripped apart to be used in assembling altered terminals, says Toronto detective Ian Nichol.
Verizon’s data-breach investigations unit noted that data thieves have begun targeting POS terminals used by patients to make co-payments and pay deductibles in health services clinics and facilities. Verizon annually investigates several hundred data-breach cases and reports on trends, but does not disclose names of the victimized companies.?
Debit card account numbers and PINs are highly sought because they can be converted quickly into cash. A device called a mag stripe encoder can be purchased legally on the Internet. For about $200, anyone can embed a stolen payment card number onto a blank magnetic striped card. With the associated PIN, free cash is only an ATM away.
“PINs are the Holy Grail,” says Hall. “If it’s a debit card, you can cash in up to the limit on the ATM.”
ATM fraud the use of counterfeited debit playing cards began catching on within the mid-2000s. In 2007 the TJX retail store chain disclosed that hackers cracked into its community and siphoned off unencrypted information, together with PINs, for ninety four million consumer transactions. two years later Heartland cost techniques disclosed that intruders cracked the system it uses to process one hundred million card transactions per 30 days from 175,000 traders.
Since those occasions, big shops have tightened down their nerks and elevated use of encryption. So data thieves have now grew to become their prowess to that second in time debit card information continues to be unprotected in a public atmosphere — all through the swipe and PIN-entry procedure.
“The hackers are many steps ahead of the card issuers and financial institutions, who are unable to pivot quickly,” says Cynthia Larose, who chairs the privacy and security practice at the 500-attorney firm, Mintz Levin.
Debit card customers should remember of the heightened risks, Larose says. monetary institutions generally will act quickly to make a sufferer whole in cases of fraud involving use of a bank card or an ATM machine. on the other hand, banks are not obligated to work with a sufferer in fraud circumstances related to use of a debit card at a POS terminal, she says.
“Other than avoiding the use of debit cards at POS terminals, there probably is little a consumer can do,” Larose says. A final piece of advice: “Use cash.”