If you recently used your credit card at a Barnes & Noble, you may have been a victim of a data breach. In September (2012), 63 stores were impacted by the data breach. The stores were located in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania, and Rhode Island. In this particular breach, hackers were able to gain access to the keypads where customers swipe their debit or credit cards and enter PIN information.
Consumers who shopped at Barnes & Noble during that time should check their credit card and bank statements to be sure there has been no fraudulent activity on your account. Report fraudulent charges to your credit card issuer or bank and change your PIN to be safe.
What’s scary about the recent Barnes & Noble breach is the company didn’t notify potentially affected customers right away. In fact, the United States Justice Department told Barnes & Noble not to disclose the breach while the FBI investigated. Barnes & Noble could even have waited until December 24 to disclose the breach.
While it’s understandable that authorities need to be able to investigate these crimes, it’s also appalling that companies are told to withhold information that could prevent customers from becoming victims of fraud and identity theft. Early notification would allow consumers to protect themselves against unauthorized activity on their accounts. Even though you’re often fully protected against credit and debit card fraud that occurs when your card is still in your possession, your bank account could be wiped out for several days until the bank confirms the fraud and makes your funds available again.
Also frightening: these types of data breaches are increasing. According to a quote in the New York Times, hackers are increasingly attacking point-of-sale systems making PIN-transactions less safe. Using a credit card may be safer since, if compromised, the funds in your checking account aren’t at risk.
Barnes & Noble has removed the keypads from all their stores. As such, cashiers will have to swipe debit and credit cards through their cash registers. While this is generally more secure, it doesn’t completely remove the risk of theft. Unscrupulous cashiers can swipe your card through a skimming device that captures your information.
Knowing companies don’t have to immediately alert you to a data breach means you have to be more aware of your account activity. Monitor your bank account and credit card account often to catch fraud earlier. The sooner you find and report unauthorized transactions, the sooner your bank can issue a new credit or debit card or close your account completely, if necessary.
Sources: New York Times, Barnes & Noble Inc.
Leave Comments