The report stated that the criminals set up a "bug" in the POS device - we can assume that this expression meant a wireless transmitter or simply a device used to remember the numbers and allow criminals to pick them up at some point from the device. Because of this incident on 14 September B&N disallowed payments through their POS devices in all their stores and disconnected all of them. They then started an investigation with the police to find out who was behind this criminal act.

They also invited those who were buying in compromised stores to check if they were missing money from their account and advised them to change their PINs. Fortunately for students, stores that are inside the educational institutions / academic system have not found even one compromised POS device. Hopefully the ones who did this will be caught and any financial damage they caused will be reimbursed, even if not by the criminals. Most probably B&N will provide special offers to those affected to apologize for the inconvenience.

[Ed – This situation is actually a different twist on a hack that was done on ATM machines a while ago. What will be interesting is how they infected the POS systems (many of which still run on Windows XP). If it turns out that poor security on the part of Barnes & Nobel is to blame then there will be consequences for them. Still it illustrates that you always have to be careful out there even if you are using something that is supposed to be “secure”]

Tell us what you think about this in our Forum