The bookseller Barnes & Noble announced today that someone hacked debit-card swipe devices at 63 stores around the country. The company has not released any information on exactly how the swipe machines were hacked, only that one machine at each of 63 stores were compromised.
Brian Krebs is an investigative reporter who covers cyber security. He says, “If past breaches are any indicator, it was almost certainly an inside job at some level.”
Hacks like these can happen one of two ways. One is at the factory where these devices are made. The criminals can either install malicious software or hardware can be inserted directly into the device before it’s shipped. Or Krebs pointed out, “they are compromised by employees or contractors.”
That could be employees of the chain or employees of the company that services the readers. Barnes & Noble declined to comment, citing an investigation by the FBI. As part of the investigation, all 7,000 keypads at Barnes & Nobles across the country have been shut down.
Former hacker turned security consultant Kevin Mitnick expects these attacks to continue. “The system in America is broken” he says.
Partly because these types of scams are simple to pull off. And because they are hard to detect.
“And the profits are huge.” Mitnick says. “We’re talking about wholesale interception of credit card numbers and PIN numbers, which translates directly to money at an ATM machine.”
So what can you do to protect the debit card in your hand? Not much other than checking your monthly statement for any unauthorized charges. Barnes & Noble suggests changing your PIN number if you think your card may have been compromised at one of its card readers prior to Sept. 14.