Last weekend, Stop and Shop (Quincy, MA) reported a data-breach at two of their stores in Rhode Island. After an initial investigation, they tracked the theft to two pin-pads.

Consumer Affairs has the most informative story (my opinion) on this current breach. They are reporting that with the assistance of the Secret Service, four more compromised pin-pads have been identified (all in the Rhode Island area).

Martin H. Bosworth makes an interesting point in his article that the United States hasn’t been as proactive as our European friends in instituting new technology to stop debit/credit card fraud, such as chip and PIN.

Of course, implementing PCI data protection standards isn’t exactly 100 percent, either.

PCI data protection standards were implemented by the payment card industry, and even when they are violated, the only consequence seems to be that the merchant will be fined. The standards are designed to stop merchants from storing information they aren’t supposed to.

Consumer Affairs story, here.

Of interest (in this case) is that (it appears) pin pads were tampered with inside the stores, which makes me wonder if there is some sort of inside connection?

Tom Fragala (CEO, Truston Identity Theft Services) did a recent post on his blog, where he linked to a video on how easily a remote ATM machine can be compromised in a store, here.

Of note, Truston is the only service for victims (that I know of), where someone doesn’t have to submit all their personal information to a database, which could be compromised, also.

This is a good video, but note the ATM was in a pretty concealed area, and I’m guessing that these pin-pads were in the check out lanes in stores?

Attrition.org and PogowasRight provide information on data breaches (frequently updated), here.

Someone should start a chronology of how many of the people stealing this information get caught. Unfortunately, the list wouldn’t be very long.

*(Update): I must have missed that Attrition.org is recording arrests, but the results are not encouraging.

The most recent news about legislation to protect the people being victimized by this growing problem isn’t good.

A recent article by Scott Bradner (Network World) about how special interests are preventing the passage of any meaningful legislation argues this point, eloquently:

The Leahey privacy bill: coddling the criminals?

Be Sociable, Share!