Costco Confirms: A Data Skimmer’s Been Ripping Off Customers

2021-11-12 23:19

Costco has discovered a payment card skimming device at one of its retail stores and has sent out notification letters informing customers that their card data may have been ripped off if they shopped there recently.

Immediately after finally renewing my Costco membership online this morning I discovered $2200 of fraudulent credit card charges made in the UK on August 31st. So now I have a Costco membership but no credit card to use to shop there for the next seven to nine business days.

"We recently discovered a payment card skimming device at a Costco warehouse you recently visited. Our member records indicate that you swiped your payment card to make a purchase at the affected terminal during the time the device may have been operating," Costco said in the letter.

Costco didn't go into detail about what type of skimmer it found, but it sounds like it was old-school, as in, a physical gadget glommed on top of a regular card scanner so that a payment-card thief can intercept card details from their magnetic strips, then use the details to imprint fresh, new, fraudulent cards.

"It's sobering how much damage a single credit card skimmer can do at a high traffic location like a retail register that may process nearly a hundred credit cards per day," noted Chris Clements, VP of Solutions Architecture at Cerberus Sentinel.

It's particularly prudent given that Costco doesn't accept all major credit cards, Kron said, meaning that many members have to process the payment as a debit card.

News URL

https://threatpost.com/costco-data-skimmer-customers-notification/176320/

#skimmer