Security Corner

May 16 2011   10:50PM GMT

Michaels POS Breach Bigger than Reported

Ken Harthun Ken Harthun Profile: Ken Harthun

Michaels Stores, Inc. says that their point-of-sale (POS) PIN pads at 90 stores in 20 states were tampered with. The craft store chain is replacing PIN pads at most of its 964 U.S. Stores. According to BankInfoSecurity.com, the breach is much bigger than the company initially thought. [See Michaels: Patterns Showed Fraud.]

Michael Stores initially reported that a scheme, in which point-of-sale pads customers use to key in their personal identification numbers, was isolated to Chicago, but on Tuesday [May 10, 2011] the arts and crafts supplies retailer issued a statement that said nearly 90 stores in 20 states, stretching from Rhode Island to Washington, were affected.

Michaels’ statement includes a list of the stores they determined were actually affected, but decided to be extra cautious and said this about the incident:

Michaels has identified less than 90 individual PIN pads (or approximately 1% of the total
devices) in its 964 US stores that showed signs of tampering. Suspicious PIN pads were
disabled and quarantined immediately. Out of an abundance of caution, Michaels has
removed approximately 7,200 PIN pads comparable to the identified tampered PIN pads
from its US stores.

The company has commenced replacing these PIN pads in all US stores and expects the
replacement to be completed within the next 15 days. Until the new upgraded PIN pads are
installed, customers may have their credit and signature debit transactions processed on the
store register. As an additional precaution, Michaels is screening all PIN pads in Canadian
stores.

It is highly likely that this is a very carefully targeted organized crime effort, given the scope and level of effort needed to accomplish the physical tampering of the POS devices.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: