Skimming Scams At The Checkout Counter: Target, Neiman Marcus, Your Doctor’s Office and More

February 2014: A checkout counter scam that stole credit card information from 40 million shoppers lifted the curtain on a big, nasty, retailer secret: US credit card technology is old! And vulnerable!

Here are five things you need to know about skimming and where to leap from here:

1. What happened at Target, exactly?
Malware that skims credit card information from Point of Sale (POS) machines was secretly installed on Target’s network and was used to steal 40 million payment records from stores between November 13 and December 15 of 2013. While investigating the breach, Target discovered that the personal data of another 70 million guests (customers and anyone who signed up for anything at Target) was also stolen from its network. This data may have included names, email addresses, street addresses and phone numbers.

2. Was the Target breach a one-shot deal?
No, POS skimming happens all the time, usually on a smaller scale. It’s news right now because the Target breach was enormous. The same skimming malware — possibly invented by a 17-year-old Russian programmer —was apparently used to also grab credit card information from 1.1 million Neiman Marcus customers last year. Another retail chain hit by skimmers last year was the Schnucks grocery store chain. They got away with the card data of more than two million customers.

3. Do I have to be concerned about using my credit card at stores — grocery stores, gas stations and everywhere I shop now?
You can count on more skimming scams to come. The return on investment is huge and since the credit card system we use in the US is so antiquated, we’re an easy, uh, target. For example, Bluetooth skimming devices were placed directly on card readers in Raceway and RaceTrac gas stations and thieves stole $2.1 million. Doctors’ offices and restaurants are also popular with smaller scale skimmers. In Europe and other countries, high tech credit cards prevent skimming but the US is a decade behind. It has been cheaper for retailers to insure against theft rather than upgrade their systems.

4. My information may have been stolen in one of the scams but there hasn’t been any unauthorized activity on my account — am I in the clear?
You should cancel the card even though it’s a hassle. Also look at your statements to see which bills you may be paying automatically from the card so that you can update the accounts with your new credit card number and not miss a payment. And remember to use unique passwords for each account or use a password management system!

5. What can I do to protect my information?

  • Monitor your credit card activity by logging into your accounts online and get identity theft protection to protect yourself in case your card information is ever skimmed.
  • Know how to spot, avoid and report skimming. This wouldn’t have helped you at Target, Neiman Marcus or Schnucks, however, because those were malware-based skimming scams.
  • Careful where you swipe. If an ATM looks odd, don’t use the card reader. Your best bet is to go into the bank to get cash whenever possible. Thieves love to skim ATMs because they get your ATM card number and your PIN. See what some skimmers look like in All About Skimmers – scroll to the bottom for the most recent additions.
  • Change your passwords each quarter to help protect against identity theft.
  • Hop around safely wherever you happen to be in the credit card ecosystem! A frog that pays attention hops to spend another day.
You may also be interested in:

Protect Your Business from Cyber Attacks