Criminals Crack and Steal Customer Data From Barnes & Noble Keypads 83
helix2301 writes with an excerpt from CNet "Hackers broke into keypads at more than 60 Barnes & Noble bookstores and made off with the credit card information for customers who shopped at the stores in the last month. At least one point-of-sale terminal in 63 different stores was compromised recording card details. Since discovering the breach, the company has uninstalled all 7,000 point-of-sale terminals from its hundreds of stores for examination."
Re:Well done B&N (Score:2, Interesting)
i liked them when the stood up to MS and didn't take any crap
I hated them when they started taking MS crap
which one is Barnes and which one is Nobles ?
Re:Which stores exactly? (Score:3, Interesting)
Thank you for posting this link.
I find it interesting to note that they (claim to) have removed hacked pin pads from stores by close of business on 9/14.
However, I bought a book from my local store last Saturday, 10/20. I recall that no pinpad was available, and I had to hand my card to the cashier.
A few days later, I got a call from my credit card company saying that fraud using my credit card number had been attempted, intercepted, and denied, and that they were mailing me a new set of cards. The fraudulent transaction was apparently attempted in Brazil.
Is this a tea leaf that is indicative of something, perhaps that B&N has been penetrated by multiple hacks, and they haven't discovered all of them yet?
Or is it time for me to consider getting measured for a tinfoil hat?
Re:Well done B&N (Score:4, Interesting)
Standard pin=pad fraud actually. What the criminals do is they steal pin-pads, then back at their lair, modify them to include recording hardware (you know, crack open the case, add a magstripe recorder (just an MP3 player with record function) and wires to the keypad to record the PIN.
Then they go to the cashiers, and when no one's looking, swap out the pin-pads.
It usually happens with smaller outfits (fast food outlets and the like) where they don't bolt-down the pin-pad to prevent theft. That's why the big guys have pin-pads that are encased in metal or otherwise bolted down to the counter.
The pin-pads are usually connected to the main unit (where the cashier enters in the amount and gets the printouts) by a simple coiled cable with RJ style jacks on them, making it trivially quick to swap surreptitiously.
It's a pretty standard fraud, actually.