Linda McGlasson writes:
The Hancock Fabrics data breach continues to raise new questions about the security of point of sale (POS) devices at retail stores.
In March, the national fabric store chain publicly confirmed the breach it suffered last summer, sending an open letter to its customers, revealing: “PIN pad units at a limited number of Hancock Fabrics stores were stolen and replaced with visually identical, but fraudulent, PIN pad units. This may have allowed criminals to capture – or “skim” — payment card data during transactions.”
Hancock didn’t reveal the locations or number of stores where point of sale scanners were compromised — nor the number of customers who had their card data taken — but at least 140 reports from customers in California, Wisconsin and Missouri show the pervasive nature of the fraud.
The lesson here: It is relatively easy for fraudsters to tamper with or even swap out POS PIN Entry Device (PED) pads, and these types of incidents are likely to increase, putting retailers, consumers and banking institutions at risk of future card-related fraud.
“These incidents are part of an ongoing trend where criminals are targeting non-PCI and PED-compliant point of sale terminals with devices installed to capture cardholder data,” says Mike Urban, Sr. Director of Fraud Solutions at FICO.
Read more on BankInfoSecurity.com