Recently the FBI issued a warning to retailers throughout the country warning them that the type of recent hacking of their credit and debit card payment systems that was used against Target and Neiman Marcus can be expected to be used against many more retailers in 2014. The malware used in these attacks infects point of sale systems (POS) such as credit card swiping devices and, in some instances, cash registers at check-out counters. This malware, referred to as a “RAM scraper” intercepts the information on the card’s magnetic stripe in the brief moment before the data is encrypted and then transmits the information to the hacker. This type of malware is presently being sold to identity thieves on the black market for as little as $1,000 or as much as $6,000 for more advanced editions of the malware, which must then be downloaded on to the company’s computer system, most often through sophisticated phishing tactics or an insider co-conspirator. Presently the retailers do not have security software capable of preventing such attacks. At the present time they can only attempt to identify the attack as soon as possible in order to then take the steps to remove the malware. Although Target has gotten most of the publicity for its attack, smaller retailers with less sophisticated systems are probably more at risk and, in fact, may already have had their security breached, but not yet recognized the attack.
So what does this mean to you?
You may wish to discontinue using the self-swiping device present at many stores and instead ask the clerk to swipe your card directly through the cash register, which is somewhat more secure. I say somewhat because the cash registers are also able to be hacked, but they are somewhat less vulnerable and more secure than the credit card self-swiping devices we use in stores. Perhaps the most important thing you can do is, as I have advised you previously, refrain from using your debit card for shopping because the consumer protection laws regarding debit cards are much weaker than the laws regarding fraudulent use of your credit card. Potentially the entire bank account to which you have tied your debit card is at risk if you are a victim of a Target-like hacking, not to mention the inconvenience even if you identify the breach immediately.