Card Skimmers Found On Walmart Self-Checkout Terminals In Two States

Image courtesy of Hold Security/Krebs on Security

In just the last few weeks, card skimmers — devices that illegally scan customers’ credit cards –have been found at two different Walmart stores. The skimmers in these cases were so convincing that they may have been in place for weeks for being discovered.

The first report came out of Fredericksburg, VA, in early May, where police say the skimmers may have been installed as far back as March. The skimmers were discovered after at least 37 account holders of a local credit union were hit by large, unexpected withdrawals from ATMs.

More recently, police in Fort Wright, KY, say a skimmer was in place at a local Walmart for a week before it was identified. No word yet on how many customers were victimized by this scheme.

Cybersecurity expert Brian Krebs reports that the skimmers used in these instances are made to overlay the existing payment terminals so that they not only go undetected, but also collect both the information from the swiped card and any data entered on the PIN pad.

A skimmer of this quality will cost the wannabe ID thief at least $200, but that’s nothing compared to the amount of money that could be drained from victims’ accounts in a short period of time.

Similarly convincing skimmers were used last year at Safeway stores in Colorado and California. Those skimmers were made to be undetectable to customers swiping their cards as they pay for their groceries.

Walmart recently began requiring customers with chip-enabled cards, which are more secure for in-store purchases, to dip their cards into the chip-reader instead of swiping them. The skimmers in these cases included slots so that chip-card customers could use the device without the overlay being detected. However, since some banks still haven’t replaced all their credit and debit cards with chip-enabled versions, skimmers are able to prey on customers who swipe their older magnetic stripe cards.

Earlier this year, reports indicated that retailers were in possession of chip card readers, but hadn’t installed them yet, even though most retailers now face increased liability for credit and debit card fraud if they fail to update their systems.

Meanwhile, skimming attacks were on the rise, especially at ATMs, many of which still use old magnetic swipe technology.

The Walmart incidents highlight the need for banks, credit unions, and other credit card issuers to hurry up and distribute chip-enabled cards. Criminals will inevitably figure out ways to beat these cards, but we now at least have the opportunity to put an end to old-fashioned card skimming.