In association with heise online

11 October 2010, 13:44

Manipulated card terminals at US ALDI branches

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

ALDI Logo In the US, criminals have caused considerable damage via manipulated credit and debit card terminals at numerous branches of the ALDI supermarket chain. According to a press releasePDF by ALDI, the criminals copied the names and account numbers as well as the PINs on payment cards and used this information to clone customers' cards. ALDI Süd operates about 1,100 branches across 31 US states. The card terminals affected appear to be those installed at the branches between the 1st of June and the 31st of August 2010.

According to reports in the US media, more than 1,000 customers in Chicago, Illinois and Indianapolis, Indiana have already noticed fraudulent account activity. ALDI said that further branches in other US states have also been affected and that it hopes that all the affected terminals have now been replaced. Exactly how the manipulations were carried out has not been established. According to ALDI there is no reason to suspect that its employees were involved in the fraud. The US investigation authorities have been informed.

Manipulated card terminals in retail outlets and at petrol stations are increasingly becoming a problem. In mid-July, for instance, Visa withdrew its approval of devices made by vendor Ingenico after a successful skimming attack, using added electronic components, allowed criminals to read, store and later retrieve customers' credit card details as well as the entered PINs. The compromised terminal type (PIN entry device, PED) is used mainly in the US. Visa recommends, for instance, that retailers periodically weigh their terminals to detect any weight increases due to additional components.

In late 2008, US investigators and MasterCard uncovered a criminal operation which involved manipulating card terminals before they had even left the factory. Despite being manipulated, the devices passed security checks and were shipped in Europe. The criminals used mobile technology to retrieve the data.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit