The card-skimming epidemic in West Australia continues, with over 3500 McDonald’s customers in Perth losing $2.5 million after visiting restaurants with hijacked EFTPOS machines.
But an industry body warns the latest development shows why businesses must be extremely careful when using EFTPOS technology, and says they should develop policies for employees around the use of the machines.
McDonald’s has issued a statement which states it has replaced the affected machines, and is “continuing to roll out measures to address any further issues”.
Fraud squad detective senior sergeant Don Heise said in a statement initial inquiries had confirmed the EFTPOS machines at the stores had been tampered with, with information and PINs from debit and Visa cards having been obtained by the hackers.
Get daily business news.
The latest stories, funding information, and expert advice. Free to sign up.
“Police are continuing to work closely with numerous financial institutions and McDonald’s, with McDonald’s being the only EFTPOS sale devices affected at this time,”
he said. “Information supports that thousands of customers’ cards are at risk.”
Both the number and locations of affected stores have not been revealed, with police also saying they cannot reveal details about what skimming devices have been used.
“Details of these measures cannot be outlined in any detail at this stage because they may compromise the ongoing police investigation,” Heise said.
The alleged fraud is the latest development in the WA skimming scandal, after police said last week that up to 2,500 accounts may have been comprised with a confirmed $150,000 lost.
Electronic Frontiers Australia board member Georgie Guy says he is “gob smacked” by the size of the alleged fraud, and warns businesses to be quick to develop policies regarding skimming.
“Businesses have to be really careful. Go through a trusted supplier, and pay attention to the use of you EFTPOS machines. If it turns out that these machines have been taken and them placed back with modifications, maybe it’s important for staff to have a chat with the employers. Staff need to keep an eye on those machines, and if you see someone holding it for uses other than paying for something, then tell a manager.”
“It’s safe to say this is a large and complicated situation, and a large operation. Someone has modified a lot of machines and it has gone undetected for a long time.”
Both the WA police and the EFA recommend customers familiarise themselves with their frequently used ATM machines, and note any abnormalities. Additionally, they say customers should shield their hands when entering PINs, check bank statements regularly and report any suspected skimming activity to the police.
Sharon Paz, McDonald’s marketing manager for WA, said in a statement the company is working with the police to determine how the skimming attack occurred, and it is developing stricter security policies.
“As a precautionary measure we have removed and replaced all EFTPOS devices in the restaurants initially identified and we are continuing to roll out measures to address any further issues. Details of these measures cannot be outlined in any detail at this stage because they may compromise the ongoing police investigation.”