Ever use the self-service lanes at the grocery store? 20 of the self-service credit card check-out kiosks in California based Save-Mart stores were reportedly tampered with, collecting credit card information from unsuspecting customers. According to the press release on the Save-Mart web site, the hacked credit card processors were discovered during routine maintenance, promptly replaced, and all credit card kiosks in other stores were checked.
While the Save-Mart site did not offer any details, there are two ways credit card readers are typically hacked to perform what is called “skimming” – or grabbing the actual reader code off of your credit card. The first is to place an alternate reader on top of the existing reader. A small camera is usually placed above the keypad to record pin numbers as you enter them. Some great pictures and a description are on the Consumerist blog. The advantage to this method, from a scammers perspective, is it is quick and easy to add the skimmer.
A second method is to alter or replace the existing hardware and, typically, to add a bluetooth transponder to send the captured data to the scam artists data wirelessly. Details and pictures of this method can be found on the Sans security blog.
This type of theft isn’t new; the same scam has been found at Michael’s stores, 7-Elevens, and other locations such as ATMs and RedBox. Save-Mart is recommending consumers keep an eye on their transaction records if they have used self-serve checkouts at any of the effected stores.