Walmart Confirms Card Data Theft

Walmart Confirms Card Data Theft

US retail giant Walmart has confirmed reports that a number of its customers have had their payment cards compromised and bank accounts drained, according to a police statement.

The Fredericksburg Police Department has issued a warning to Central Park shoppers after it became apparent that at least 37 people who visited the local Walmart store earlier this year (in either March or April) became victims of this theft attack.

“Detectives believe the suspects are obtaining debit/credit card numbers by placing overlay devices on credit card readers at checkout counters. Today, Fredericksburg detectives received information from Walmart Global Investigations that debit/credit cards used at the Central Park Wal-Mart have been compromised,” said the agency in a statement issued on Saturday.

Police are currently investigating the incident to find out exactly which registers were tampered with. Meanwhile, customers who shopped at that location in either month are encouraged to contact their financial institution and request a new card.

This is yet another example of cyber-criminals using technology to tamper with card readers to steal sensitive data, a process which often takes just moments.

“Criminals frequently target retailers to quickly install skimming overlays over the top of POS terminals and PIN Pads,” Neal Maguire, investigations manager Americas, RISK Team, Verizon told Infosecurity. “These capture magnetic stripe data from swiped cards and keyed in PINs that can be used for the production of counterfeit cards and corresponding PINs in cash withdrawals at ATMS. Criminals often target self-checkout lanes that are not actively monitored by store personnel. It only takes a matter of seconds to install, and later remove, a skimming overlay.”

“The security risk posed by the use of skimming overlays will continue as long as payment cards are issued with magnetic stripe data while the industry continues to move forward with the migration to chip-enabled cards,” he added.

Source: Information Security Magazine