Wednesday, February 21, 2007

the answer by Made4Biz is soon-to-be-launched

Stop & Shop(lifters) swipe card data

Credit card pin pads at several grocery stores were tampered with

Jaikumar Vijayan   

 February 20, 2007 (Computerworld) -- Quincy, Mass.-based retailer Stop & Shop Supermarket Companies Inc. is warning customers at three of its Rhode Island stores and one of its Massachusetts stores of a potential compromise of their payment card data.

The warning comes after the company discovered that pin pads used by customers to swipe credit and debit cards to pay for purchases had been tampered with at those locations. As a result of the tampering, account and pin numbers associated with some credit and debit cards were stolen earlier this month, the company said in a statement.

Since the discovery, Stop & Shop said it has taken measures to reduce the risk of something similar happening again. All Electronic Funds Transfer (EFT) devices, as the pin pads are formally known, have been physically secured "to prevent further tampering" the company said. It did not offer any details about what steps it has taken.

Stop & Shop also did not provide details on how exactly the EFT devices were tampered with. Typically, though, attacks against EFT and ATM involve "skimming" techniques aimed at stealing card data and pin numbers when a card is swiped through a reader. Illegal card-readers either attached to or placed over a genuine reader, intercept and record magnetic card data. The data is then used to create counterfeit cards.

According to Stop & Shop, there is no evidence to date that the stolen data has been misused. The company noted that an internal investigation found no signs that an insider was responsible for the tampering.

But Avivah Litan, an analyst with Gartner Inc in Stamford, Conn., said that it is hard to understand how a point-of-sale device such as an EFT could have been modified without some sort of insider involvement.

"Somebody had to have had access to the readers," she said. "These are devices that are sitting at the cash register. It is not easy to tamper with them."

Tampering with card readers is a growing problem, Litan said. But in most cases, such tampering involves ATM machines and card readers at gas pumps. "This is the first time I've heard of something like this," she said.

A spokesperson with Stop & Shop could not be reached for comment.

 

posted by Made4biz Security at 4:54 PM | 0 Comments  

Made4biz Security Translating real-world security knowhow into state of the art security systems.

Links

Made4biz Security

Turn on Sound for Demos:
Bill Gates Demo (Location-based)
Elvis Demo (Location/Context-based)
Clint Eastwood Demo (Temporal-based)

Previous Posts

Archives

Powered by Blogger

Subscribe to
Posts [Atom]

Technorati Profile

RSS Syndication

Made4Biz Security Inc