Federal authorities are investigating a scam that gave thieves access to customer payment data at 63 stores across the nation, Barnes & Noble announced Wednesday. Customers at any of the 63 stores may have had their credit or debit card information stolen over the past month.
Gunter Ollmann, vice president of research at the security firm Damballa says, “This latest breach appears to be a physical manipulation of the card readers in order to gain both debit card details and their accompanying PINs.”
Barnes & Noble has discontinued the use of PIN pads for the time being, and instructs all those customers who think they may have had their debit card compromised should change their PIN immediately. The company said that a bug was placed in the PIN pads that allowed the thieves to access the information from customers’ credit and debit cards. They found the tampering in one PIN pad at each of the affected stores.
According to Ollmann, the criminals most likely had repeated access to either the card readers themselves or the supporting computer systems.
For more information, visit www.usatoday.com/story/money/business/2012/10/24/barnes-noble-credit-debit-tampering/1653943.