Scam of the day – November 20, 2012 – Holiday shopping scams part 2

As we continue our countdown to and through the unofficial start of the holiday shopping season on Black Friday, the day after Thanksgiving, today I want to discuss the dangers presented when shopping with credit cards in brick and mortar stores.  Credit cards are an easy way to shop, but they also present an easy way to become a victim of identity theft.  Just recently the card swipe machines at many Barnes & Noble stores were disclosed to have been tampered with and many shoppers, including myself, were warned to be on the alert for identity theft because the identity thieves had captured the credit card information from these machines as well as debit card information and PINs.


Credit cards are still a good way to shop.  However, to minimize your chance of becoming a victim of identity theft in a brick and mortar store, ask the clerk to run the credit card through his or her cash register in full view of you rather than using the card swipe machine which is easier for identity thieves to tamper with.  In addition, whenever you make purchases in a retail store with a credit card, make sure that you keep your credit card in sight throughout the transaction so that a rogue clerk does not swipe your card through a small electronic device about the size of the palm of your hand that is called a “skimmer” that is used to capture the information imbedded in your credit card.  Finally, don’t use debit cards for purchases because if you do become a victim of identity theft, you do not have the same protections and $50 limit on unauthorized purchases that you have with a credit card.  Limit your debit card use to being used as an ATM card.

Scam of the day – October 25, 2012 – Barnes and Noble data breach

Barnes and Nobles on Tuesday announced that it had suffered a data breach in stores in California, Florida, New York, New Jersey, Rhode Island, Connecticut, Massachusetts, Illinois and Pennsylvania.  The data breach was traced back to PIN pad devices used by customers at the cash registers to pay for their purchases through the use of either debit cards or credit cards.  Even if you have not shopped in a Barnes and Noble store recently, the lessons to be learned from this hacking are important.  Although the case is still being investigated, it appears that one PIN pad device in each of the affected stores was tampered with such that the hackers were able to retrieve the information and use it for identity theft purposes.  The tampering could have been done by identity thieves either with the assistance of a rogue employee or by hackers who managed to get unwary employees to click on a link that installed malware.


If you used a debit card at a Barnes and Noble store within the last few months, you should change your PIN and carefully monitor your account.  If you used a credit card, you should also monitor your monthly credit card statements to make sure that there are no unauthorized charges.  Debit cards are a particularly dangerous way to shop because unlike credit cards, the law does not limit your liability to $50 of unauthorized charges.  In fact, if you fail to report the breach of your security for a debit card for more than 60 days after the breach, you could potentially lose all of the money in your checking account without recourse.  And even if you do promptly report a breach of your debit card security promptly, your account may be frozen while the situation is investigated by your bank.  A good piece of advice to anyone using a credit card or debit card to make store purchases is to have the clerk swipe the card thorugh the register.  As with the Barnes and Noble data breach, increasingly identity thieves are accessing the PIN pad devices to get your information.  Having your card swiped directly through the register is somewhat safer.