On May 13, 2011 news broke of Michaels arts-and-crafts stores falling victim to debit-card data theft.
“Thieves tampered with the retailer’s debit-card processing equipment at about 80 stores from Massachusetts to Washington, according to the chain’s corporate parent, Michaels Stores Inc.
The thefts apparently involved the use of electronic devices called skimmers that allowed crooks to record information from shoppers’ debit cards and steal their personal identification numbers, or PINs.1”
News outlets understandably identify the cardholders as victims in this type of attack, but retailers suffer, too. Damage to the brand, consumer confidence, and the cost of device replacement are all side effects that are to be dealt with.
“The company said it is working with federal and state law-enforcement authorities, and is replacing all of its 7,200 card-processing terminals as a precaution. The U.S. Secret Service, which investigates financial fraud, said that it is investigating the Michaels incident.2”
Michaels is not alone in being forced to respond to attacks of customer card data. As long as there is a point of sale device and an Internet connection everyone is at risk. We live in the information age where how-to-hack[ing] guides are only keystrokes away. Thieves stealing sensitive data can range from the casual passers-by to the highly sophisticated computer whiz.
Implement an Anti-Skimming Plan
Staying secure for a retailer may seem like an uphill battle, and it is. The Michael’s theft, however, is one that could have been avoided. Replacing a piece of hardware in a merchant environment is a battle that can be won with anti-skimming planning. At TrustCommerce, we take the security of sensitive customer data and the integrity of our merchants seriously. That is why every device that TrustCommerce resells is able to avoid the type of attack that Michaels experienced.
If a TrustCommerce merchant is unaware of devices being swapped out for “skimmers,” they are protected. With our integrated software solution, payment processing is not possible without the TrustCommerce key-injected point-of-sale (POS) device. Thieves won’t be able to capture payment data on their non-injected POS device.
At TrustCommerce we partner only with device vendors that are industry leaders when it comes to offering encrypted devices that allow us to capture and transfer data securely. A TrustCommerce device purchase offers value to any merchant looking for an integrated security solution. Not only are the devices we’ve selected secure, but the TrustCommerce security software offers invaluable features including the ability to track transactions with our advanced reporting, transfer responsibility of storing credit card data, restrict user access levels in complex environments, and much more. With our dedicated staff and vast industry-specific security knowledge, we continue to make credit and debit card processing an option both consumers and merchants can Trust.
–N. Medellin, Product Manager
1 http://finance.yahoo.com/banking-budgeting/article/112735/thieves-debit-card-data-michaels-wsj
2 http://finance.yahoo.com/banking-budgeting/article/112735/thieves-debit-card-data-michaels-wsj