A gang of electronic thieves drifted into Tucson several months ago and apparently has drifted out again. Still, businesses in Southern Arizona need to stay alert and take simple precautions.
Their crime spree involved the 10-digit key pads and card swipes customers use to input their personal identification numbers (PIN) during a debit card transaction. The thieves modified the units by cracking them open and soldering in an electronic chip that functions as a wireless transmitter.
|
|
As the customer swipes the card through the reader and subsequently keys in the PIN, the digital information is transmitted wirelessly to thieves sitting in a car in the parking lot. They have a wireless-enabled laptop that captures and preserves the customer’s financial data.
Later on, they encode the stolen data on plastic card stock that contains a magnetic stripe. The card stock is readily available in the form of hotel room key cards or gift cards. It doesn’t have to look like a credit card to hold the electronic information.
The thieves then head for Las Vegas where automated teller machines in casinos have no daily withdrawal limit. There, they clean out the victim’s bank account.
The thieves have a whole inventory of multiple makes and models of card swipes and PIN pads. They case the joint first to see what kind of equipment is installed. When they come back, they distract the clerk at the checkout then swap the store’s unit with a bugged one in as little as 10-seconds. It is easy to do because most of these units use a standard RJ-11 telephone jack to transmit data and most are not permanently installed.
If your business has a PIN pad or a combination card swipe/PIN pad that is freely accessible to your customers, you need to take steps to secure it. Bolt it down and put a dab of non-conductive sealant over the RJ-11 jack so that it can’t be easily unplugged. If your business just uses a PIN pad - the type on a long, curly phone cord, keep it protected until it is needed by a customer. Don’t leave it out in plain sight where a thief can grab it or swap it while no one is looking.
Most of this electronic crime spree involved card swipes and PIN pads in high volume, high traffic businesses. Still, take a close look at the unit that you have installed in your business. If you see signs of tampering, call your service technician and have the unit inspected for tampering.
If you are a customer, ask the sales clerk to swipe your card in the reader slot on the cash register itself and avoid the satellite or remote card swipe. Or pay cash.
If your debit card has been compromised, you must take immediate action. Debit cards do not have the same loss protections under law that credit cards have.
With a credit card, the thief is stealing the bank’s money. Your loss is limited to $50 under law.
With a debit card, the thief is stealing your money from your checking account. You are not responsible for more than $50, but only if you notify the card issuer within 48 hours of the time you learn of the theft. Longer than that and you could be on the hook for up to $500 in losses. After 60 days, the window of opportunity closes and you may have to bear an unlimited loss. That could include every cent you had in your account, plus the maximum available to you as overdraft protection.
Contact Tom Collier, president of the Better Business Bureau of Southern Arizona, at tcollier@tucson.bbb.org or (520) 888-5353 or 1-800-696-2827 toll-free outside of Tucson. The BBB of Southern Arizona serves Pima, Cochise, Santa Cruz, Graham, and Greenlee counties in Arizona and all of the state of Sonora in Mexico. The office is at 434 S. Williams Blvd., Suite 102. The website is: http://www.tucson.bbb.org . Collier’s On Guard column appears the first week of each month in
Comments
Mike McCormack wrote on Mar 3, 2008 8:08 AM:
Not true. Many banks allow daily withdrawls up to $2,000 for ATMS and seperate withdrawl limits for cash-back/over at merchant sites. I am professional in the payments business and found this article chilling: I have heard alot about thieves skimming PINs at ATMs, first instance I have read of at a merchant site.
More lethal than the PINs is they can skim entire magnetic stipes of credit and/or check-cards, manufacture clones, and go to town on you. Scary.
"
Catherine Leyen wrote on Mar 1, 2008 4:11 PM:
Without this protection, wireless identity thieves called "skimmers," can steal your personal information out of the air surrounding your purse or wallet using RFID (Radio Frequency Identification) interception technology. Over 50 million RFID embedded credit and debit cards were issued to Americans last year, representing the single greatest threat to consumers in history.
Skimming historically has been the swiping of a magnetic stripe, or inadvertent theft of information from debit and credit cards. With RFID embedded cards, the new skimmers can steal, capture and clone the RF signal and use it for their personal gain. The skimmers completely avoid detection through any of the ID protection monitoring services, but the Armadillo Dollar prevents this theft before it occurs.
The United States REAL ID Act of 2005 has also created privacy concerns with RFID driver's licenses being issued. In December 2007 Arizona signed up as the fourth state to comply with the law, after Washington, New Hampshire and Vermont, which dictates the need for "electronic ground surveillance" of its citizens.
Wisteria House Products is committed to improving people's lives through better technologies and educating the public about wireless identity theft vulnerabilities. Go to www.armadillodollar.com/idtheft.html for a full list of prevention tactics.
For further information or co-branding, please contact company through e-mail at info@armadillodollar.com, or 480-393-0418.
"
Tom Wright wrote on Mar 1, 2008 8:42 AM: