Bloomingfoods Co-op Market is taking steps to protect customers after finding a card skimming device on a register at its eastside location earlier this month.
Security footage showed that the device, found July 12, was placed on June 28.
“At Bloomingfoods, transparency and community trust are foundational to everything we do,” Bloomingfoods wrote in a statement on its website. “Your safety and trust mean everything to us.”
Management is inspecting payment terminals multiple times per day, according to the release. Surveillance and physical security have been tightened around registers and employees are receiving training to help identify skimming devices.
While the Bloomingfoods release said there is no confirmed evidence of stolen data, the business said customers who used register 3 during that two-week period should assume their cards have been compromised. Credit cards, debit cards, EBT cards and gift cards with a magnetic stripe are at risk.
Andy Allard, IU Credit Union chief operating officer, said skimming devices can be placed on ATMs, gas pumps or other point-of-sale machines. Skimmers take information such as CCV codes, account numbers, names and other relevant information from a card, which is then used to manufacture new cards.
“They’re designed to be kind of camouflaged within the hardware, and they’re just difficult to see sometimes,” Allard said.
Lori Forrester, vice president of member services support at IUCU, said skimming devices like the one found at Bloomingfoods are designed to blend in with card readers and typically have a small built-in camera to catch PIN numbers.
“What Bloomingfoods had was a device that snapped over their keypad,” Forrester said. “Honestly, there were just as many debit cards, if not more, exposed in that time frame than there were credit.”
Forrester said anyone who thinks they might have used the compromised register should order a new card and monitor their accounts for unknown charges. She said charges under a dollar are common indicators of fraud.
“The fraudster is… trying to test the transaction,” Forrester explained. “If they do it for that low dollar amount, and it doesn't really stand out, then what they'll do is they'll come in for a bigger dollar amount.”
Allard explained that most cards have three payment methods: tap, insert or swipe. Swipe is the easiest to compromise. Insertion provides an extra level of security over swipe. Allard said while the most secure method is tap-to-pay or using a mobile wallet like Google or Apple Pay, no method is foolproof.
Allard and Forrester suggested using methods such as covering the keypad when entering a PIN and setting up transaction notifications to reduce risk.
“People just need to be vigilant,” Allard said. “Just be aware of the activity that's going on their account.”
Bloomingfoods has added an FAQ section to its website. Customers can email support.team@bloomingfoods.coop and should expect a response within one business day.
“We’re truly sorry this happened,” the Bloomingfoods release said, “and we’re doing everything we can to make sure it doesn’t happen again.”