Several Safeway stores in California and Colorado recently leaked customer credit card information.
According to Krebs on Security, sources at multiple financial institutions confirmed that they are tracking patterns of fraud back to the grocery chain. What's interesting about this case is that, rather than malware, thieves used skimmers installed on credit card readers to steal customer information.
Skimmers are pieces of hardware that take the information off of magnetic strip cards but still allow the transaction to go through. The most common occurrences of skimmers are at ATMs and gas stations, but there are examples of skimmers being implemented inside of stores as well, including in 2011 at Michaels and in 2012 at Barnes & Noble.
Because of the complexity involved in installing skimmers inside of point of sale hardware, these situations most likely involve an inside source. As skimmers need to be retrieved for the criminals to get the information off of them, the fact that, in the case of the Safeways incident, fraudulent activity on cards occurred shortly after the initial purpose supports the theory of a connection to a Safeway employee.
The detail in the transactions allowed the financial institutions to identify specific checkout lanes that were impacted. A later report from the Denver Post narrowed down the skimmers in Colorado to just the self checkout lanes at three locations in the state.
If your company is in need of new payment processor software for your business, be sure to contact us today. Take a look at the rest of our website to learn more about the high-quality products that we carry.