Credit card skimmers were detected in Walmart stores in Virginia and Kentucky, according to Krebs on Security.
The overlay devices are placed atop card readers sold by payment solutions company Ingenico and are outfitted with a pad to capture the user's PIN and a gadget capable of capturing information stored on a card's magnetic stripe. A wire then offloads data after criminals pickup their devices, which are nearly impossible to detect, Krebs said.
Newer chip-based cards are harder to counterfeit and can combat the vulnerabilities presented by card-skimming strategies. Even though the devices used at Walmart held slots for chip-enabled cards, Krebs said the thieves depended on customers choosing the swipe option.
However, not everyone is convinced that EMV cards are immune from fraud.
"The big push for new hardware will only create a hurdle for dedicated credit card thieves," Alexander Heid, CRO at SecurityScorecard, wrote in an email to SCMagazine.com. Eventually fraudsters will create skimmers that capture or bypass features of EMV [Europay, MasterCard, Visa] cards – the standard used in the chip cards, he wrote. In fact, software kits are already circulating within the so-called carding underground that allegedly allow carders to clone EMV-compatible cards, he said.
"In the short term, the massive migration to EMV will only benefit the manufacturers and vendors of EMV hardware, while creating new challenges for merchants who attempt to adapt to a shifting threat landscape," Heid said.
Only 20 percent of terminals in the U.S. accept chip cards as of April 2016, the Mercator Advisory Group found. Meanwhile, credit card fraud via hacking will reach $4 billion this year, according to the Aite Group.