A spokesperson for the ALDI Australia has claimed a data breach in the US branch of the international supermarket chain will not affect the integrity its local customer data.
The breach, which saw hackers tamper with and steal customer data from payment terminals at ALDI stores in 11 states in the US, affected more than 1000 customers in one state alone with the belief that fraudulent card activity could result for many more customers as a result of the data theft.
The hackers were believed to have used retrofitted terminals with a transparent overlay that captured PIN numbers from customer’s cards before it was encrypted.
It is also more than likely that the rogue PIN pads allowed the attackers to capture payment card data wirelessly from within the store itself or from a nearby location such as a parking lot.
However, the local ALDI spokesperson told Computerworld Australia that the local branch of the German-based company, which operates 200 stores in Australia, runs completely separate payment systems to those in the US, preventing any possibility of shared or compromised customer data.
Minister for Home Affairs, Brendan O’Connor, indicated earlier in the year that card skimming could ultimately cost Australians up to $100 million per year as the activities of international crime syndicates continues to rise. In January alone, NSW residents lost $50 million through credit card skimming.
In an attempt to curb such tampering, the Australian Payments Clearing Association released guidelines aimed at educating merchants about the risks associated with card skimming.
“EFTPOS terminals should be treated as securely as cash registers,” the guidelines read.
“Criminals tamper with EFTPOS terminals so that they can gather card account information; the information they capture is used to produce counterfeit cards to obtain cash at a later time. Criminals can also get PINs from the tampered EFTPOS terminal or through other means, such as a hidden camera.”
In April, a 23-year-old Chinese man was caught and charged with possession of ATM skimming equipment.