How The Stop & Shop Thieves Stole Credit Card Info From Right Under The Cashier's Nose

Wondering how the Stop & Shop thieves stole credit card information from right under the cashier’s nose? They built their own working card readers and installed them while the Stop & Shop employees were distracted. Pretty clever, but pretty dangerous for consumers. From the Wall Street Journal:

In the Stop & Shop case, police say that late at night — after shopping crowds had thinned and the staff was whittled to a skeletal crew — four young men entered several stores in Rhode Island and Massachusetts, distracted employees and replaced several card-swiping machines with devices that looked similar. The thieves’ systems, however, housed mini circuit boards that recorded customers’ data and PINs.

A few days later, the suspects retrieved the systems. Counterfeit debit cards were quickly made using the collected financial data and disseminated, along with the related PINs, on the black market. Within days, more than $100,000 was withdrawn from ATMs as far away as California

“The unique thing about the circuit boards was that the transactions still went through” to the card processor, says Thomas Powers, head of the U.S. Secret Service in Providence. As a result, neither the stores nor the customers knew anything was amiss until the banks notified customers of what appeared to be unauthorized withdrawals from their accounts.

It appears that the suspects may have gotten away with similar skimming capers in several other cities, including Philadelphia, Miami, Las Vegas and Richmond, Va., police say. “They all have the same kind of modus operandi attacking the POS system,” says Rhode Island Attorney General Patrick Lynch.

There’s not a lot that a consumer can do to protect themselves from this type of fraud…except to closely monitor their banking statements.

Debit cards are more vulnerable specifically because they have less monitoring. Be careful out there. —MEGHANN MARCO

Skimming Devices Target Debit-Card Readers [WSJ]

Comments

Edit Your Comment

  1. Scazza says:

    Honestly, this may sound bad, but really, there is very little one can do the really defend against something like that. Just be vigilant and CHECK YOUR STATEMENTS. CC and banks are very lenient now adays if you have had fraudulent charges.

    This reminds me of a scam I heard another store in the chain I worked for had going. One of the employees at the register placed a small camera inside the UV scanner (for money) that would record anytime motion. Now, I don’t know if you guys know this, but ALL credit cards have UV stuff on it, so most people just took it as checking for fake cards… turns out the employee was taking snapshots of cards and expire dates of each credit card… prolly used it online later.

  2. mopar_man says:

    This is why I use cash to pay for most things and only use credit/debit cards in a pinch or for large purchases.

  3. Hoss says:

    The lesson is don’t use debit cards — in caess like this, thieves get direct access to your bank account

  4. NeoteriX says:

    That is so brazen that if it wasn’t completely reprehensible, I’d have to admit I’m really impressed!

  5. bndocksnt says:

    I question whether the Secret Service (why is this Secret Service ground and not FBI?) should really be disseminating this information to the general public. Now its only a matter of time before the methheads down the street try this shit. I became a cash and carry guy not long after a (really painful) brush with identity theft, but if I ever needed reassurance that I made the right decision, its this kind of nonsense. I suppose converting machines to RFID would help, but then you could just capture the RFID signature too, so…

  6. homerjay says:

    @NeoteriX: That was my initial reaction, too. Very impressive that they were able to pull this off several times without getting caught. Eventually, though, they HAD to know they’d get noticed.

  7. FLConsumer says:

    I’m actually quite impressed with the idea… I’m assuming the credit card readers in use pass the data unencrypted to the terminal, which would make this very possible to do. Now, creating a machine which looks similar and still functions is quite a feat.

    This IS one of the reasons I DON’T have debit cards. I’d much rather disputed money be Visa’s and not mine. Unfortunately, the people who do have debit cards tend to be those who would be most adversely affected by a large transaction taken out of their accounts.

  8. LeopardSeal says:

    @bndocksnt:
    I’m not even an American and I know the answer. It is because the Secret Service is part of the Department of the Treasury. Their website states that other than their more commonly known job they also:

    …investigate violations of laws relating to counterfeiting of obligations and securities of the United States; financial crimes that include, but are not limited to, access device fraud, financial institution fraud, identity theft, computer fraud; and computer-based attacks on our nation’s financial, banking, and telecommunications infrastructure.

    So they would obviously be involved in the investigation of crime of this sort.

    http://www.secretservice.gov/mission.shtml