Card skimmers eyed in Sam's Club data theft


"We are certain, in the coming days, more card issuers and financial institutions will be contacting their cardholders to take similar action to prevent fraudulent transactions from occurring," Swofford said. "We're aware of at least one large financial institution in Alabama that has more than 4,000 cards affected, but they have made no public announcement yet.

Dan Zerkle, an employee at a large California software company who was a victim of the breach, told Computerworld via e-mail Wednesday that he believes thieves got his data by placing their own counterfeit card reader over the regular credit card reader on the gas pump. "I remember the credit card reader looking different," he said. "Unfortunately, I realized what this meant after I discovered the fraudulent charges."

Zerkle said he suspects his card information was stolen from the gas station at a Sam's Club store in Roseville, Calif., on either Nov. 2 or Nov. 17 -- more than a month after Sam's Club said the breaches took place -- and was used to make fraudulent purchases on Nov. 21. "[The] thieves bought some jewelry at a shop in Sweden with a fake card that had my number on it," he said.

Although the activity drained his checking account, Zerkle said he has since been reimbursed for the fraudulent charges by his bank, Wells Fargo & Co. After realizing that the theft had occurred, Zerkle said he spoke filed a report with local police, and spoke with U.S. Secret Service agents and an automated teller machine fraud investigator at Wells Fargo.

If card skimmers were used to steal credit card data, Sam's Club is only the latest victim of an increasingly prevalent form of credit card fraud. "Gas-pump skimming has become the largest fraud problem for a lot of card issuers," Litan said.