Fake PIN pad units in US chain store

As soon as we got used to the idea that we have to be very careful when using ATMs because they might be “skimming” devices attached onto them, we have to rearrange our way of thinking because it appears that no card terminal is safe.

The Register reports that earlier this month, the Hancock Fabrics chain store published an open letter to its customers, informing them that in some of their stores the payment card terminals were replaced with “visually identical, but fraudulent PIN pad units”, making it possible for criminals behind this scheme to steal payment card data such as the name on the card, its number and expiration date and PIN number when entered.

The fake terminals were in use during August and September of 2009, and the company is advising the customers that have shopped in their stores during that period to check closely their account statements and to report any suspicious transactions to the issuer of the card, the police and the Federal Trade Commission.

To prevent this kind of thing happening again, they changed the pad units in all their stores and installed automated systems to monitor each of the PIN pad units daily.

This incident is not the first of this kind, but it takes a really bold criminal to switch a card terminal in a store. This is not an ATM or a gas station pump – there are always people around, not to mention the employees. I sincerely hope that there are store recordings that will allow the police to identify the culprits.


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss