Walmart Confirms Large Credit Card Breach

If you have made any purchase at the Central Park Wal-Mart in Fredericksburg during the period March - April 2016, and used your card (debit or credit), then it is likely that your card data has been stolen. The thieves have used the card data to drain the bank accounts of the card owners.

The Fredericksburg Police Department has warned customers who had purchased at Wal-Mart during that period to immediately get a new card from their provider – bank or financial institution. And when you get one make sure you get a chip-based card and not a magnetic stripe card. More than 37 customers have reported that their bank accounts had been wiped out, while Walmart has issued a statement that many more cards could have been compromised.

The cyber thieves had somehow managed to install card skimming overlays over the POS Security payment terminals. There are different types of card skimmers, and some are laid over the pin pads and some are installed over the POS devices. Some skimmers can be installed over the POS terminals within seconds. Cyber thieves continuously improvise card skim theft methods and they have the audacity to plant skimmers even at shops that have camera surveillance. Evidence captured by surveillance cameras in shops show that the skimmer installation happens within seconds. Removal of the skimmer also seems to be pretty easy.

There are two types of cards – magnetic strip and chip-based cards. Card holder information is stored on these stripes or chips. As it has been seen that magnetic-strip based card data can be easily stolen and replicated, worldwide, financial institutions are adapting to chip-based cards. While Europe has moved over to using only chip-based cards, the US is in the transition phase and the complete transition to chip-based cards is not yet complete. The payment card industry security standards council has demanded that payments must be moved completely to chip-based cards, and that usage of magnetic stripe cards must be stopped.

In the Walmart theft, the data that had been stolen was from stripe-based cards. The stolen data can be used to create fraudulent/ cloned cards that can then be used for cash withdrawal at ATMs or for purchases. It has also been reported that the stolen Walmart data is up for sale on card data selling marketplaces on the dark web. The Fredericksburg police are continuing investigations to identify the compromised POS terminals at Walmart.

Customers at their end should take proactive measures to protect their account and money.

• If you still possess a magnetic strip-based credit or debit card immediately surrender it and switch over to a chip-based card.
• Whenever you make card payments never let the card out of your sight.
• When swiping your card in a POS machine or at the ATM, try to carefully observe if any device has been overlaid – if something looks fishy then don't do the payment.