Card skimmers eyed in Sam's Club data theft
An Alabama Credit Union official says the breach may affect thousands of customers
Computerworld - A victim of the recent Sam's Club security breach suggested that fraudsters may have stolen credit card information by using illegal "card-skimming" devices attached to the pumps at the company's gas stations. The fraudulent activity may also have been going on for a longer period than that suggested by the wholesale giant, and it may affect thousands of people (see "Update: Security breach at Sam's Club exposes credit card data").
Sam's Club, a division of Bentonville, Ark.-based Wal-Mart Stores Inc., said in a brief Dec. 2 statement that it was investigating a security breach that had exposed the credit card data of an unspecified number of customers who bought fuel at its gas stations between Sept. 21 and Oct. 2. The company said it was alerted to the problem by credit card issuers whose customers were complaining of fraudulent charges on their statements.
Apart from saying that "electronic systems and databases used inside its stores" were not involved, Sam's Club officials have refused to disclose what happened. They have not returned repeated telephone calls for comment.
The breach prompted the Alabama Credit Union (ACU) to block and reissue debit cards to about 500 of its customers after it learned of the problem last week. The ACU was alerted to the breach by Credit Union National Association Inc., according to Kayce Bell, chief operating officer at the Tuscaloosa, Ala.-based credit union.
The fact that one institution alone had to block so many cards suggests that the breach may have affected a lot more than the 600 or so victims Sam's Club said it knows about, said Avivah Litan, an analyst at Gartner Inc. in Stamford, Conn.
In fact, ACU President Steve Swofford, in comments posted on the credit union's Web site, said that the breach affects "many, many cardholders, card issuers and financial institutions.
"We are certain, in the coming days, more card issuers and financial institutions will be contacting their cardholders to take similar action to prevent fraudulent transactions from occurring," Swofford said. "We're aware of at least one large financial institution in Alabama that has more than 4,000 cards affected, but they have made no public announcement yet.
Dan Zerkle, an employee at a large California software company who was a victim of the breach, told Computerworld via e-mail today that he believes thieves got his data by placing their own counterfeit card reader over the regular credit card reader on the gas pump. "I remember the credit card reader looking different," he said. "Unfortunately, I realized what this


- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Switching Schedulers - Not As Complicated As You Think
- Changing or consolidating job schedulers may seem daunting. However, the benefits of switching to enterprise workload automation outweigh the risks. Read how BMC...
- Capture-Enabled Business Process Management
- Organizations today must deal with a vast amount of incoming information from many different sources. Efficient, automated business processes are critical to managing...
- Using Case Management to Empower Employees and transform Customer Service
- This Kofax paper shows how successful customer service organizations have transformed customer service by empowering their employees. We will see how Dynamic Case...
- Case Study: Audi-Volkswagen Improves Procurement Control
- Audi-Volkswagen required a user-friendly, easy-to-use Business Process Management system that did not require programming skills or high levels of technical expertise in-house. This...
- AIIM Market Intelligence: The paper-free office, dream or reality?
- In this Aiim Market Intelligence report, produced in association with Kofax, we look at the success of paper-elimination projects, where and why paper... All BI and Analytics White Papers
- Live Webcast
How to Reduce Complexity and Automate Your Partners for Efficient E-Business: - Date: Tuesday, June 5, 2012, 2:00 PM EDT
Whether your B2B complexity is caused by multiple technologies due to M&A, business or application specific... - BMC Control-M - Single Point of Control Demo
- With BMC Control-M, you schedule and manage everything - down to the very last platform and application - from one simple interface. It's...
- BMC Control-M - Single Point of Control Demo
- With BMC Control-M, you schedule and manage everything - down to the very last platform and application - from one simple interface. It's...
- Sun Chemical Customer Success Story
- Sun Chemical, the world's largest producer of printing inks and pigments, quadrupled its complex batch environment with zero extra headcount using BMC Control-M's...
- Service-Enabling CICS Applications: Best Practices
- This informative webcast provides an informed, thorough look into CICS service-enablement options and how they can affect your environment. You'll learn how to...
- Teaching Legacy Application Elephants How to Dance
- This four-minute video podcast shows how you can create services to continuously reuse enterprise applications, however and whenever needed, while leaving legacy logic... All BI and Analytics Webcasts