Wednesday, February 21, 2007
Update: Stop & Shop(lifters) swipe card data
Update: Stop & Shop(lifters) swipe card data
Credit card pin pads at several grocery stores were tampered with
Jaikumar Vijayan Today’s Top Stories or Other Cybercrime and Hacking Stories
Comments (1) Recommendations: 10 — Recommend this article
The Shifting Strategy of IT Threats: How SMBs Succeed in a Connected World
E-Mail Security: Coping With New Threats, Legal Requirements, And Archiving Challenges
Email Storage: Management Challenges and Best Practices
Next Generation Data Auditing for Data Breach Detection and Risk Mitigation
Cost-Effective High Availability with Veritas™ Cluster Server
Real-Time Collaboration: Delivering Secure Web Meeting Solutions Now
Intrusion Protection
Security and Device Management
Intrusion Protection
February 20, 2007 (Computerworld) -- Quincy, Mass.-based retailer Stop & Shop Supermarket Companies Inc. is warning customers at three of its Rhode Island stores and one of its Massachusetts stores of a potential compromise of their payment card data.
The warning comes after the company discovered that pin pads used by customers to swipe credit and debit cards to pay for purchases had been tampered with at those locations. As a result of the tampering, account and pin numbers associated with some credit and debit cards were stolen earlier this month, the company said in a statement.
A Stop & Shop spokesman said that the hardware that had been tampered with was removed from its supporting brackets, opened up, modified and then re-installed.
Since the discovery, Stop & Shop said it has taken measures to reduce the risk of something similar happening again. All Electronic Funds Transfer (EFT) devices, as the pin pads are formally known, have been physically secured "to prevent further tampering" the company said. According to the spokesman, Stop & Shop installed "heavy-duty silver bolts" on thousands of EFT terminals in all the company's stores. The bolts make it more difficult for the pin pads to be removed.
Stop & Shop did not provide details on how exactly the EFT devices were tampered with. Typically, though, attacks against EFTs and ATMs involve "skimming" techniques aimed at stealing card data and pin numbers when a card is swiped through a reader. Illegal card-readers either attached to or placed over a genuine reader, intercept and record magnetic card data. The data is then used to create counterfeit cards.
According to Stop & Shop, there is no evidence to date that the stolen data has been misused. The spokesman noted that an internal investigation found no signs that an insider was responsible for the tampering.
But Avivah Litan, an analyst with Gartner Inc in Stamford, Conn., said that it is hard to understand how a point-of-sale device such as an EFT could have been modified without some sort of insider involvement.
"Somebody had to have had access to the readers," she said. "These are devices that are sitting at the cash register. It is not easy to tamper with them."
Tampering with card readers is a growing problem, Litan said. But in most cases, such tampering involves ATM machines and card readers at gas pumps. "This is the first time I've heard of something like this," she said.
A spokesperson with Stop & Shop could not be reached for comment.
Credit card pin pads at several grocery stores were tampered with
Jaikumar Vijayan Today’s Top Stories or Other Cybercrime and Hacking Stories
Comments (1) Recommendations: 10 — Recommend this article
The Shifting Strategy of IT Threats: How SMBs Succeed in a Connected World
E-Mail Security: Coping With New Threats, Legal Requirements, And Archiving Challenges
Email Storage: Management Challenges and Best Practices
Next Generation Data Auditing for Data Breach Detection and Risk Mitigation
Cost-Effective High Availability with Veritas™ Cluster Server
Real-Time Collaboration: Delivering Secure Web Meeting Solutions Now
Intrusion Protection
Security and Device Management
Intrusion Protection
February 20, 2007 (Computerworld) -- Quincy, Mass.-based retailer Stop & Shop Supermarket Companies Inc. is warning customers at three of its Rhode Island stores and one of its Massachusetts stores of a potential compromise of their payment card data.
The warning comes after the company discovered that pin pads used by customers to swipe credit and debit cards to pay for purchases had been tampered with at those locations. As a result of the tampering, account and pin numbers associated with some credit and debit cards were stolen earlier this month, the company said in a statement.
A Stop & Shop spokesman said that the hardware that had been tampered with was removed from its supporting brackets, opened up, modified and then re-installed.
Since the discovery, Stop & Shop said it has taken measures to reduce the risk of something similar happening again. All Electronic Funds Transfer (EFT) devices, as the pin pads are formally known, have been physically secured "to prevent further tampering" the company said. According to the spokesman, Stop & Shop installed "heavy-duty silver bolts" on thousands of EFT terminals in all the company's stores. The bolts make it more difficult for the pin pads to be removed.
Stop & Shop did not provide details on how exactly the EFT devices were tampered with. Typically, though, attacks against EFTs and ATMs involve "skimming" techniques aimed at stealing card data and pin numbers when a card is swiped through a reader. Illegal card-readers either attached to or placed over a genuine reader, intercept and record magnetic card data. The data is then used to create counterfeit cards.
According to Stop & Shop, there is no evidence to date that the stolen data has been misused. The spokesman noted that an internal investigation found no signs that an insider was responsible for the tampering.
But Avivah Litan, an analyst with Gartner Inc in Stamford, Conn., said that it is hard to understand how a point-of-sale device such as an EFT could have been modified without some sort of insider involvement.
"Somebody had to have had access to the readers," she said. "These are devices that are sitting at the cash register. It is not easy to tamper with them."
Tampering with card readers is a growing problem, Litan said. But in most cases, such tampering involves ATM machines and card readers at gas pumps. "This is the first time I've heard of something like this," she said.
A spokesperson with Stop & Shop could not be reached for comment.
Labels: Stop and Shop Supermarket Cos.
# posted by raveneye @ 9:45 PM 
