Protect yourself from hacked credit card readers

Photo courtesy Flickr user 401(K) 2012

(MoneyWatch)  Every week seems to bring news of some new kind of online security breach, and the one that recently affected Barnes & Noble (BKS) is no different. What is unique is the way that the hack took place.

Last week, the book retailer disclosed that credit card readers at 63 of its stores were compromised by hackers. Although the company took action to protect consumers, it appears that some credit card data was captured by criminals, and Barnes & Noble is now working with the FBI on the case. As a precaution, the store has taken card readers offline at all of its 700 locations.

So how did the fraudsters hack the credit card readers? The traditional method is to use a "skimmer" -- a small hardware component that attaches to the outside of a card reader, allowing criminals to intercept data when the card is swiped. Skimmers can be very hard to detect, which means that consumers can swipe their card on a skimmer and not realize that their data has been compromise.

But this attack apparently was the work of malware embedded in the card readers by rogue credit cards. Here's how it works. A criminal, posing as a customer, swipes a tampered card to surreptitiously install software on the card reader. The transaction fails, but leaves behind malware that can later be used to take control of the card reader and intercept credit card data.

There's not much you can do to protect yourself from such an attack. Unlike a skimmer scam, there's no way to know if a credit card reader has been hit by hackers using malware. The best advice: Don't use a debit card. Said Wired writer Kim Zetter in a recent NPR interview, "With a debit card, once a thief has your PIN number, they're going basically straight into your account, and they can withdraw the funds that way."

If you use a credit card, of course, you are never liable for more than $50 in charges if your card is stolen or compromised. A debit card has no such protection.

Photo courtesy of Flickr user 401(K) 2012