One of the six skimmers found and removed from cash registers at the Nordstrom store in Aventura, Fla. According to a police report on the incident, "no one would have detected it unless there was a problem with the register."
Crooks who steal credit and debit card numbers have found a devious new way to snag this information. They’re using a small and relatively cheap piece of off-the-shelf technology to compromise computerized store cash registers.
We know about this because a band of brazen thieves was caught on security cameras installing these high-tech skimmers on cash registers at the Nordstrom store in Aventura, Fla., two weeks ago.
The skimmers are built into standard PS/2 cable connectors that plug into the back of a computer where customers can’t see them. They’re only about an inch long — and look so innocuous that even if employees saw them they might not suspect anything.
“It’s a little piece of plastic, usually purple, that fits into the port where your keyboard connects to your computer,” explained security analyst Brian Krebs, who first reported this story on his KrebsOnSecurity blog. “It intercepts any data that is sent on that communication channel, whether it’s keystrokes or somebody swiping a card through a terminal.”
PS/2 Keystroke loggers have been available for years. They sell for as little as $40 and are marketed as “professional surveillance products.” Krebs said this is the first time he’s ever heard of them being used to skim card information from a retailer.
Nordstrom confirmed that it had found and removed “unauthorized devices on a small number of cash registers” at their Aventura store.
“We take this situation seriously and have been working closely with law enforcement and forensics experts to investigate this and understand any impact on our customers,” Nordstrom spokesperson Tara Darrow said in a statement to NBC News. Darrow said they believe this was an isolated incident at this one store in Florida.
No arrests have been made, and because the case is still under investigation, the Aventura Police Department would not comment on it or provide NBC News with a copy of the incident report.
The skimmer is inside a standard PS/2 connector that plugs into the back of a computer. This photo from a police report on the incident shows how small it is. A pen is on left for scale.
But Brian Krebs was able to obtain a copy of an information sheet prepared by the Department’s Crime/Intel Analysis Unit. It says Nordstrom located a total of six skimming devices attached to their registers.
The alert outlined what was seen on the Nordstrom surveillance footage. The thieves, all men, worked in teams of three. Two men distracted the sales staff while a third took pictures of the register, then removed its rear access panel and took additional photos.
Several hours later, three different men entered the store. Again, two of them distracted the sales staff while the third removed the register’s back panel and installed the skimmer. The police memo described the device:
It captures all track data from credit card transactions and stores it on the device, similar to a USB drive. The connector was made to match the connections on the back of the register to include color match. Therefore, no one would have detected it unless there was a problem with the register.
It’s unlikely customer card information was compromised in this case because the devices were discovered before the crooks could retrieve them and download the information they had recorded. But for as little as $135 they could have purchased keystroke loggers capable of sending the stolen information over a local wireless network.
Victor Searcy, director of the Fraud Resolution Center at IDentity Theft 911 said he wasn’t surprised the bad guys have found “yet another nefarious method” for stealing personal information from consumers.
“This scheme, involving smaller, harder-to-detect skimming devices, puts the onus on businesses to heighten their security efforts,” Searcy said.
Many retailers have card readers that connect to cash registers via PS/2 connections. These are now vulnerable to this sort of skimming attack and need to be secured.
The bottom line
We all need to be aware of the potential for this sort of identity theft. It can happen no matter how hard you try to protect yourself. So you need to remain vigilant.
That’s why it’s so important to continually review all the transactions on your credit card and bank account statements. If you spot charges that aren’t yours, report them right away. And if you’re at a store and see someone tampering with a register, say something to a store employee.
Herb Weisbaum is The ConsumerMan. Follow him on Facebook and Twitter or visit The ConsumerMan website.
First published October 16 2013, 5:51 AM