Customers of the Lucky supermarket chain in California were feeling rather unlucky last week, after receiving notice from parent company Save Mart Supermarkets said that self-service checkout lines in 20 of its stores were found to have debit and credit card readers that had been outfitted with card skimmers.
The company issued a warning on Wednesday to customers notifying them that “regular store maintenance” had uncovered readers in self check-out lanes had been tampered with. Lucky stores in a range of California communities in and around San Francisco were hit, including Mountain View, Redwood City, Foster City, Millbrae and Milpitas. A Save Mart Supermarket in Watsonville, California, was also hit by the scammers. Save Mart Supermarkets of Modesto, California, which owns both Lucky and Save Mart, said in a statement that some of ther Customers who visited affected stores and used the self-service lanes were advised to monitor their credit and debit card accounts to make sure “everything is in order.” The company wouldn’t confirm or deny that customer financial data was captured in the incident, citing the ongoing criminal investigation.
The news comes amid increasing reports of hacks of automated teller machines (ATMs) and other kiosks. On November 22, authorities in New York arrested three men on charges that they planted card skimming devices on ATMs in Manhattan. The three men, aged 31, 28 and 24, were charged in an 81-count indictment with crimes including identity theft, grand larceny and burglary in what authorities described as a five day “skimming spree” across Manhattan in January, 2011. In February, a criminal gang planted card skimmers in close to 200 gas pumps in Utah.
Lucky, which operates 234 supermarkets, said it will “enhance security” for every credit and debit card reader in each of its stores. The company said it wasn’t aware of and hadn’t been notified of any reports of fraud linked to compromised customer accounts.
Recent advances in card skimming technology and attacks have prompted the Payment Card Industry, among others, to warn retailers to be on the lookout for the scams, in which skimming devices are attached to functioning kiosks and capture card number and PIN information as a consumer carries out a transaction. Most skimmers combine cameras to capture card data and tools for listening to and reproducing customer PINs. That data is then used to create fraudulent ATM- and credit cards that can be used to buy merchandise or withdraw funds directly from a victim’s bank account.
In the New York case, the men charged were believed to have entered the U.S. from Canada shortly before installing the card skimmers in ATM terminals in and around Union Square in Manhattan. In October, a German engineer was sentenced to three years in jail after he was caught transporting card skimming technology into Britain.