Skim Scam: Did Aldi Invite 11-State Coordinated Attacks?
Written by Frank HayesOctober 6th, 2010
When a gang of thieves physically tampers with point-of-sale systems, the tampering is usually a local operation. But that may be changing. Discount grocer Aldi said Friday (Oct. 1) that it has found tampered payment-card readers in stores in 11 states, spread from the east coast to Illinois. The retailer said the tampering was only in a limited number of its 1,100 U.S. stores, and all those stores were clustered near 10 cities — but the stolen data is being cashed out thousands of miles away.
That's reason to worry. Physical tampering with PIN pads is typically local because it's labor intensive. Thieves have to physically modify or replace the card terminals, which is why hacked terminals are usually found in a local cluster. This time there are clusters, all right—10 of them, stretching from Illinois to Georgia. Meanwhile, part of what made this $70 billion global grocery chain so successful could be playing a key role in making it a cyberthief target today: The scarcity of employees in the store.
This Story Is Only Available For Premium Subscribers. Click Or Login In Below To Read The Rest Of This Story.
Already a Subscriber? Login Here
Pages: 1 2
4 Comments | Read Skim Scam: Did Aldi Invite 11-State Coordinated Attacks?
Leave a Reply
Readers, specifically those who want to comment on a story:
Our Comment SPAM system is getting very aggressive these days and has been blocking legitimate comments. If you post a comment and don't see it appear within 2 hours or so, can you please send a heads-up to customer-service@storefrontbacktalk.com? Ideally, please include the time you posted the comment. That will allow us to try and hunt for it. Thanks! P.S. We're working on fixing the system, but we don't want to lose any valuable comments in the meantime.
Our Comment SPAM system is getting very aggressive these days and has been blocking legitimate comments. If you post a comment and don't see it appear within 2 hours or so, can you please send a heads-up to customer-service@storefrontbacktalk.com? Ideally, please include the time you posted the comment. That will allow us to try and hunt for it. Thanks! P.S. We're working on fixing the system, but we don't want to lose any valuable comments in the meantime.
-Christine
October 8th, 2010 at 5:51 pm
As a person that works for a company specializing in hardware and pinpads in the grocery market, I find this hard to believe. Any pinpad (unsure what Aldi uses) that has been manufactured in the past few years loses its PIN Encryption if tampered with. Hell, we have customers that “bump” them hard and they will lose encryption. Sometimes they loose encryption in shipping too. Trust me, it is difficult to get pinpads injected with either legacy DUKPT keys or TDES keys. Serial numbers are logged with the company doing the encryptions (TASQ, POS Portal, etc). Isn’t this covered in the PCI PTS standard?
October 8th, 2010 at 6:09 pm
Editor’s Note: This was addressed and it appeared that the pads in question were older.
October 9th, 2010 at 9:21 am
We have one here in Albemarle NC. Does anyone know if that store was affected also? Our stupid paper here has not said one thing about it!
October 11th, 2010 at 10:57 am
US definitely needs to upgrade to chip & pin. There are 100 ways to skim the mag stripe data and once thats available you just need a 4 digit pin to withdraw/purchase anything.