Michaels Stores Inc. on May 5 began alerting customers that PIN pads at its Chicago-area stores may have been tampered with and that debit and credit card information possibly was compromised.
A representative from Irving, Texas-based arts and crafts retailer was unable to comment on the potential data breach by PaymentsSource deadline. In a press release, the company said banking and law-enforcement authorities contacted it after some fraudulent transactions were reported over the weekend, and they suggested the activity might be linked to legitimate transactions at its Chicago-area stores.
The breach appears to be localized and not part of a larger database breach, Julie Conroy McNelley, a senior risk and fraud analyst at Boston-based Aite Group LLC, tells PaymentsSource.
Some PIN-pad devices released “during the Payment Council Industry compliance age” are more difficult to tamper with, but many merchants still deploy older devices that are more susceptible to tampering, McNelley notes. If Michaels was using older PIN pads, the company would incur some substantial fines from the payments networks, she adds.
Sony Corp.’s PlayStation Network experienced a database breach in April (
“Card skimming is a big business, with debit card skimming leading the way,” McNelley says. In fact, many issuers have said that debit card skimming is more popular than credit card skimming by a 3-to-1 margin, she notes.
The company is encouraging customers of its Chicago-based stores that used a debit or credit card to monitor their bank statements, report any suspicious account activity. and change any PIN or other account-security settings. Consumers with compromised accounts should contact their card issuer directly, the company advised.
What do you think about this? Send us your feedback.
