Thursday, 25 October 2012 19:56

PIN thievery at Barnes and Noble POS terminals

Written by

Reading time is around minutes.

63 largest U.S. Barnes & Noble bookstores are affected by serious safety problems. Criminals compromised Barnes & Noble POS (Point of Sale) devices and took data from credit and debit cards complete with PIN numbers for those debit cards. In each of the affected stores was found one compromised POS device. Barnes and Noble have more than 700 stores across the U.S. and more than 600 stores for students and professors so this problem is very serious.

The report stated that the criminals set up a "bug" in the POS device - we can assume that this expression meant a wireless transmitter or simply a device used to remember the numbers and allow criminals to pick them up at some point from the device. Because of this incident on 14 September B&N disallowed payments through their POS devices in all their stores and disconnected all of them. They then started an investigation with the police to find out who was behind this criminal act.

They also invited those who were buying in compromised stores to check if they were missing money from their account and advised them to change their PINs. Fortunately for students, stores that are inside the educational institutions / academic system have not found even one compromised POS device. Hopefully the ones who did this will be caught and any financial damage they caused will be reimbursed, even if not by the criminals. Most probably B&N will provide special offers to those affected to apologize for the inconvenience.

[Ed – This situation is actually a different twist on a hack that was done on ATM machines a while ago. What will be interesting is how they infected the POS systems (many of which still run on Windows XP). If it turns out that poor security on the part of Barnes & Nobel is to blame then there will be consequences for them. Still it illustrates that you always have to be careful out there even if you are using something that is supposed to be “secure”]

Tell us what you think about this in our Forum

Read 2540 times Last modified on Thursday, 25 October 2012 20:04

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.