Lucky Supermarkets Hit Hard By Credit Card Scam.

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Remember that card reader scam at Lucky Supermarkets we told you about last month? Well, it looks like the situation is worse than originally thought. Guess a name change for the store is in order?

The company announced the scam in November, saying customers and employees who used the self-checkout kiosks in more than 20 of its 234 stores might have fallen victim to tampered credit card readers. The hackers reportedly used devices called "sniffers" that recorded credit card numbers.
Click to expand...
 
And other than some bad press Lucky isn't accountable for anything! Hurray for the system that works!
 
They should have some laws or regulations in place that require merchants to secure their systems and some consequences for failures like this. They never will, since the banks pay for the lobbyists that write the regulations, so we'll just keep having our credit cards numbers stolen. Since we are not liable for fraudulent charges, the banks act as if it's okay that this happens, completely discounting the fact that it is a big pain in the butt to change over credit card numbers.
 
In related news, Lucky Supermarkets has been renamed to Unlucky Supermarkets. :D
 
Was this a hardware hack, or one of those cover/faceplate readers that sit over the real card reader?

One is Lucky's fault, the other one is poor design and inadequate training of staff/poor public knowledge.
 
Brak710 said:
Was this a hardware hack, or one of those cover/faceplate readers that sit over the real card reader?

One is Lucky's fault, the other one is poor design and inadequate training of staff/poor public knowledge.
Click to expand...

From what I understand, they sit over / inside. They've been found on ATM machines and gas pumps throughout the country. I have heard (I have no way to prove this is factual) you should tug on the piece you insert your card into prior to engaging in your transaction to verify there isn't a sniffer.
 
It's odd because the ones I dealt with would make it almost impossible to have one of those fake covers on the readers.

It's not like at a gas pump or ATM, where you insert the card. Most new machines make them transparent for that reason alone.

Ones at grocery stores you slide.
 
Mackowitz said:
They should have some laws or regulations in place that require merchants to secure their systems and some consequences for failures like this. They never will, since the banks pay for the lobbyists that write the regulations, so we'll just keep having our credit cards numbers stolen. Since we are not liable for fraudulent charges, the banks act as if it's okay that this happens, completely discounting the fact that it is a big pain in the butt to change over credit card numbers.
Click to expand...

Yet, if you happen to be computer stupid, and leave your wireless router wide open, guess who's coming to dinner if someone hops on your system and downloads everything from kiddy porn to kazaa leeching (is that still around?)
 
That article sucks in terms of giving us specific info. This one is better:

http://www.ktvu.com/news/news/lucky-stores-warn-possible-dangers-credit-card-sca/nFtqj/

KTVU talked to the company's chief financial officer Stephen Ackerman on the phone Monday night. He told me they found circuit board sniffer devices inside the card readers.
"The Secret Service tells me that it is the most sophisticated device they've ever seen in the United States," said Ackerman. "They planted a second head in our units and the computer boards picked up the credit card numbers."

----

If the sniffers were inside the regular card readers there is no way anyone could visually notice.
 
hmm should we be worried about using the self check-out counters at other grocery stores?
 
This is a little unrelated I guess but right now I've got 3 cred it cards and two of them have been scammed.

With the the two that got scammed it was after I got a new card and stopped using the old one. Then I get a call from the old CC company's fraud department. The first one to get scammed was my Discover card that I've had for about 10 years..... no problems till I stopped using it after getting a new card.

Anyone have this kind of thing happen?
 
Two members of my family just had their debit cards scammed. Two totally different banks, one was a small local bank and the other was Chase. Tried to figure out if they had both used their cards in the same place recently but couldn't locate a common denominator. Maybe some online retailer database got haxored? Not sure, but it has been a p.i.t.a. getting it straightened out.
Don't understand retailers that ship to non-billing addresses without confirming with the customer first.
 
This Luckys thing has been a pain in my ass for the past week. From a bank's perspective you're damned if you do, damned if you don't. If you close out the cards immediately to prevent fraud, you have angry customers. If you give it a bit of time to allow for new cards to ship, your customers accounts get hit and you have angry customers. :(
 
When I had my credit cards scammed it wasn't that big of a pain. Just one phone call and it was taken care of. Chase even offered to overnight a new card to me but I just had them ship it standard since I only used the card for two monthly bills that weren't due for a couple of weeks.

I'm not sure if it's related in any way but I found it interesting that both of the cards were scammed after I found better cashback cards and stopped using them all the time.
 
AssMan said:
When I had my credit cards scammed it wasn't that big of a pain. Just one phone call and it was taken care of. Chase even offered to overnight a new card to me but I just had them ship it standard since I only used the card for two monthly bills that weren't due for a couple of weeks.

I'm not sure if it's related in any way but I found it interesting that both of the cards were scammed after I found better cashback cards and stopped using them all the time.
Click to expand...

My card wasn't scammed, I work in the fraud business, so I have to deal with it on the other end. ;)

It is possible for an internal fraudster to look for inactive accounts that are less likely to be checked by a customer, then sell them to a ring. Unfortunate but difficult to catch ahead of time.
 
TwistedAegis said:
My card wasn't scammed, I work in the fraud business, so I have to deal with it on the other end. ;)

It is possible for an internal fraudster to look for inactive accounts that are less likely to be checked by a customer, then sell them to a ring. Unfortunate but difficult to catch ahead of time.
Click to expand...

My Discovercard was the first one to get scammed and at the time I probably wasn't charging anything... if I was it would have been here and there for the 5% cashback promo's.

I replaced Discover with a Chase Freedom and about a year later I replaced that with an AMEX Blue Preferred and only used Chase for my cable and electric bills and it got scammed.

With both companies though it was just one phone call that was like 5-10 mins and they took care of it and sent me replacement cards. Other than that I just had to setup my auto pay again but that's quick and easy.

You said you work in the fraud business.... Do the CC companies end up paying for the stuff that posts to the account or can they cancel the charge themselves. Both cards had over 1k in fraudulent charges and I've wondered if they took that as a loss.
 
AssMan said:
You said you work in the fraud business.... Do the CC companies end up paying for the stuff that posts to the account or can they cancel the charge themselves. Both cards had over 1k in fraudulent charges and I've wondered if they took that as a loss.
Click to expand...

Within a certain timeframe or parameters it can be charged back to the merchant; a significant period of the time the card issuer eats the loss.
 
You must log in or register to reply here.
Back
Top