National bookseller chain Barnes & Noble Inc. Oct. 24 revealed that it had discovered tampering with personal identification number pads used to process payment card transactions at 63 stores.
It is not clear from the company's statement when the tampering was discovered, but it did say that after discovering that “bugs” had been planted in some devices, it disconnected all PIN pads in its stores by the close of business Sept. 14.
The company said in a statement that it is working with law enforcement in an ongoing investigation of the breach.
“This is not a new trick,” Heather Sussman, a partner at McDermott Will & Emery LLP, in Boston, told BNA Oct. 24, adding that “it is becoming harder to detect due to increasingly sophisticated thieves.”
In May 2011, arts and crafts retail giant Michaels Stores Inc. announced that it had fallen victim to a similar scheme and had removed all of its PIN pads from service (10 PVLR 775, 5/23/11). Of the thousands of potentially compromised payment cards that were skimmed by thieves, only 100 were actually used for fraudulent purposes, Michaels said at the time.
Michaels continues to face consumer class lawsuits alleging that it failed to provide adequate data security (10 PVLR 1734, 12/5/11). The Federal Trade Commission, however, decided not to recommend a data security enforcement action against the company (11 PVLR 1140, 7/16/12).
The 63 stores affected represent approximately 9 percent of the chain's nearly 700 stores, but an internal investigation of all of its PIN pads showed that only one PIN pad in each of the stores was affected, the company said. That means fewer than 1 percent of all PIN pads in stores across the country were affected, Barnes &Noble said.
The company said that its investigation concluded that its customer database was not compromised by the attempt to collect card number and PIN data from debit and credit cards swiped on the compromised card readers.
No purchases made with payment cards through the company's website or using its e-book readers were at risk, the company said.
The affected stores were located in nine states: California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania, and Rhode Island.
A list of the Barnes & Noble stores where a PIN pad device was found to have been tampered with is available at http://op.bna.com/pl.nsf/r?Open=dapn-8zdp25.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).