Scam artists who deploy credit and debit card skimmers most often target ATMs, yet thieves can also use inexpensive, store-bought skimming devices to compromise modern-day cash registers. Just this past weekend, for instance, department store chain Nordstrom said it found a half-dozen of these skimmers affixed to registers at a store in Florida.
The fraud devices in this case resemble small keyloggers that are sold by dozens of stores for approximately $30 to $40 apiece. These hardware keyloggers are essentially Ps/2 connectors that are about an inch in length. The tiny data storage devices are usually purple in color to match the color-coded standard for keyboards, and are made to be inserted between the male end of a PS/2 keyboard connector and the female receptor on a computer.
According to an alert circulated by the police department in Aventura, Florida, on the afternoon of Saturday, Oct. 5, 2013, three male subjects were captured on closed-circuit cameras at Nordstrom tampering with registers in the store. Authorities there say the footage showed two of the men worked to distract sales staff, while the third took pictures of the register and removed the rear access panel to the register and took additional photographs.
Several hours later, three different males returned to the store and performed the same routine: Two of them again distracted sales staff while the third male removed the back panel to the register and installed the above pictured device. The Aventura Police Department said Nordstrom located a total of six devices attached to their registers.
“The subjects then return at a later date to recover the devices and create fake credit cards for fraud,” the Aventura PD stated in a memo describing how the thieves would complete their scam. “The connector was made to match the connections on the back of the register to include color match. Therefore, no one would have detected it unless there was a problem with the register.”
The Aventura PD did not return calls seeking comment. Nordstrom spokeswoman Kara Darrow said the company believes the skimmer incident is limited to one store location. She said it’s not clear yet if any of the men caught on camera were arrested, or if they tried to return to the store to retrieve the devices.
“We did find some unauthorized devices on some of our cash registers,” Darrow said. “”It’s not anything broader at this point. As soon as we figured out this was happening, we had forensics experts looking at the situation, but it’s still very early in our investigation.”
Skimmer scammers who place these devices on cash registers may not need to return to the scene of the crime to retrieve the stolen card data: I found several of these hardware keyloggers that include 2 GB of storage and built-in wireless support that allows the devices to connect to a local wireless network and send email reports of the stolen data.
Although the color and shape of these PS/2-based skimmers indicates that they are designed to interface with a keyboard, that does not mean they can’t steal data from a credit card reader. Many cash registers at retailers have PS2-based card readers, or connect the card reader directly to the computer’s keyboard.