Criminals tampered with the credit and debit card readers placed on a number of self-checkout terminals belonging to a California supermarket chain, which resulted in dozens of instances of account fraud.
Twenty Lucky Supermarkets locations reported that their card readers were compromised, according to a Monday statement from parent Save Mart.
As of Monday, the company had received about 80 reports of employees or customers whose credit or debit card accounts were accessed to either conduct fraud or attempt to make a unauthorized transaction.
"We strongly recommend our customers who used a self-checkout lane in the affected stores contact their financial institutions to close existing accounts and seek further advice," according to the statement, which listed all of the impacted outlets.
Avivah Litan, a Gartner vice president and analyst, said these types of attacks typically are perpetrated by an organized racket who have deep knowledge of the POS equipment used by their targets.
In an email to SCMagazineUS.com on Thursday, she explained how the crime ring's organizational structure functions.
"The ringleader(s) hire ‘flackies' to insert skimmers in the equipment or to replace the equipment Save Mart has have installed altogether," Litan said. "Most likely it's the former option. They then hire the counterfeit specialists that turn the stolen data into counterfeit cards (with PIN numbers, if they have them) taped on to the counterfeit cards. And finally they hire the ‘cash out' flunkies to use the cards at ATM machines or other POS systems to turn the stolen cards into stolen cash or easily fence-able goods (like TVs, tablets or other electronic goods)."
She added that the crooks hired to withdraw the cash or resell the stolen merchandise work quickly before fraud detection systems can catch on to the scam.