Published on Friday, February 29, 2008
A gang of electronic thieves drifted into Tucson several months ago and apparently has drifted out again. Still, businesses in Southern Arizona need to stay alert and take simple precautions.
Their crime spree involved the 10-digit key pads and card swipes customers use to input their personal identification numbers (PIN) during a debit card transaction. The thieves modified the units by cracking them open and soldering in an electronic chip that functions as a wireless transmitter.
As the customer swipes the card through the reader and subsequently keys in the PIN, the digital information is transmitted wirelessly to thieves sitting in a car in the parking lot. They have a wireless-enabled laptop that captures and preserves the customer’s financial data.
Later on, they encode the stolen data on plastic card stock that contains a magnetic stripe. The card stock is readily available in the form of hotel room key cards or gift cards. It doesn’t have to look like a credit card to hold the electronic information.
The thieves then head for Las Vegas where automated teller machines in casinos have no daily withdrawal limit. There, they clean out the victim’s bank account.
The thieves have a whole inventory of multiple makes and models of card swipes and PIN pads. They case the joint first to see what kind of equipment is installed. When they come back, they distract the clerk at the checkout then swap the store’s unit with a bugged one in as little as 10-seconds. It is easy to do because most of these units use a standard RJ-11 telephone jack to transmit data and most are not permanently installed.
If your business has a PIN pad or a combination card swipe/PIN pad that is freely accessible to your customers, you need to take steps to secure it. Bolt it down and put a dab of non-conductive sealant over the RJ-11 jack so that it can’t be easily unplugged. If your business just uses a PIN pad - the type on a long, curly phone cord, keep it protected until it is needed by a customer. Don’t leave it out in plain sight where a thief can grab it or swap it while no one is looking.
Most of this electronic crime spree involved card swipes and PIN pads in high volume, high traffic businesses. Still, take a close look at the unit that you have installed in your business. If you see signs of tampering, call your service technician and have the unit inspected for tampering.
If you are a customer, ask the sales clerk to swipe your card in the reader slot on the cash register itself and avoid the satellite or remote card swipe. Or pay cash.
If your debit card has been compromised, you must take immediate action. Debit cards do not have the same loss protections under law that credit cards have.
With a credit card, the thief is stealing the bank’s money. Your loss is limited to $50 under law.
With a debit card, the thief is stealing your money from your checking account. You are not responsible for more than $50, but only if you notify the card issuer within 48 hours of the time you learn of the theft. Longer than that and you could be on the hook for up to $500 in losses. After 60 days, the window of opportunity closes and you may have to bear an unlimited loss. That could include every cent you had in your account, plus the maximum available to you as overdraft protection.
Contact Tom Collier, president of the Better Business Bureau of Southern Arizona, at tcollier@tucson.bbb.org or (520) 888-5353 or 1-800-696-2827 toll-free outside of Tucson. The BBB of Southern Arizona serves Pima, Cochise, Santa Cruz, Graham, and Greenlee counties in Arizona and all of the state of Sonora in Mexico. The office is at 434 S. Williams Blvd., Suite 102. The website is: http://www.tucson.bbb.org . Collier’s On Guard column appears the first week of each month in
Copyright © 2009 Inside Tucson Business