Breach At Michaels Stores Causes CUs To Cancel Debit Cards
CHICAGO – Credit unions and banks around the country were frantically cancelling debit cards yesterday after Michaels Stores announced that fraud stemming from tampered checkout line terminals at its stores had spread across 20 states.
Chicago’s Credit Union 1 posted a warning on its website: "Due to an enormous surge in fraudulent 'PIN based' ATM transactions in California throughout the financial industry, Credit Union 1 has shut down the availability of 'PIN based' ATM transactions in California only. Effective immediately, when a 'PIN based' transactions occurs in California, your Credit Union 1 Visa Debit card will be 'flagged' and will not be able to be used again."
Michaels identified 90 key pads that were tampered with in the states of Illinois, Colorado, Delaware, Georgia, Iowa, Massachusetts, Maryland, North Carolina, New Hampshire, New Jersey, New Mexico, Nevada, New York, Ohio, Oregon, Pennsylvania, Rhode Island, Utah, Virginia and Washington.
Debit card fraud is worse for consumers than credit card fraud. In the case of Michaels’ stores, many customers had money stolen directly from their bank accounts via ATM withdrawals.
“Suspicious PIN pads were disabled and quarantined immediately,” Michaels said in a statement. “Out of an abundance of caution, Michaels has removed approximately 7,200 PIN pads comparable to the identified tampered PIN pads from its U.S. stores.” Until those pads are replaced with upgraded models, customers can use cash, credit cards and signature-based debit cards.
The company said it has started replacing PIN pads in all U.S. stores and expects the replacement to be completed within the next 15 days.
Illinois was hit the hardest, with PIN pads compromised in 14 Michaels stores, all in the Chicago region.
The fraud attack has led many credit unions and banks to proactively freeze accounts of members they think may be vulnerable.