According to sources at a variety of financial institutions, they have been tracking a pattern of fraudulent activity that indicates thieves have managed to compromise a number of credit card terminals located both in Colorado and California in Safeway stores. Safeway has confirmed the activity and reported they are currently investigating the situation across several stores.
Many Safeway customers in the Englewood and Denver areas of Colorado were seeing their bank accounts drained from ATMs after shopping in the store. Banking sources began comparing notes on the issue and discovered that all of the affected shoppers had paid for goods at one of several specific lanes, identified by using the terminal ID information.
A spokesperson for Safeway commented, saying the fraudulent activity was limited to only a handful of stores, and there are processes and procedures in place to protect customers from falling victim to such activity. Spokesperson Brian Dowling went on to explain that the company regularly inspects the store’s pin pads, and occasionally have found skimmers, but always on a small scale.
He stated that the store actually has quite a good reputation where issues of this nature are concerned. Dowling wished to make it clear that the problem of skimmers is not by any means isolated to Safeway alone, and it is highly likely that other retailers are being targeted by the same group.
Although Safeway did not disclose the locations where the issues took place, involved financial institutions have traced the activity back to Colorado locations such as Englewood, Denver, Conifer, Arvada, and Lakewood. California locations suspected to have been hit include Castro Valley and Menlo Park.
According to the banking sources, these instances of theft have been linked to customers using their debit cards in these locations since as far back as early September.
How Its Done
In order for the thieves to be able to gain access to customers’ personal financial information, they must first open the card processing terminals at each individual checkout lane. From there, the thieves install a device that sits between the keypad and the electronics underneath, to capture and store PINs, as well as a completely separate device that captures account data when cards are swiped at the register.
Alternatively, the skimmer thieves would need to swap out the entire existing card terminal with a pre-compromised device of exactly the same design. Regardless of the approach, skimming incidents involving checkout lanes in stores generally involve an inside source at the affected retailer.
Combatting the Problem
Many financial institutions have begun issuing chip-based credit and debit cards, in an attempt to minimize the problem, but a solution could still be quite far off. Most cards continue to have all the cardholder data stored in plain text within the magnetic strip on the card, and will remain this way for years to come. As long as retailers allow customers to swipe cards instead of “dip” for payments, card skimmers will continue to have a presence at payment terminals.
Consumers should keep in mind that although they are not liable for fraudulent card charges, it is still the responsibility of the card owner to report any and all unauthorized charges. Keep a close eye on your bank statements, and remember the benefits of shopping with a credit card instead of a debit card, because no one wants the hassle of bounced checks and other repercussions that can occur once your account has been emptied.
Find out how you can protect yourself against cybercriminals looking to steal financial information. 24uNet provides managed IT services that allow you to rest assured knowing you’re in the hands of experts. Call (303) 468 or email: -5515sales@24uNet.com.