Michaels Stores Inc. is alerting customers that PIN pads at its Chicago-area stores may have been tampered with and that debit and credit card information was possibly compromised.
Banking and law enforcement authorities contacted the company after some fraudulent transactions were reported over the April 30 to May 1 weekend, and the authorities suggested the activity might be linked to legitimate transactions at its Chicago-area stores, Michaels said Wednesday.
A representative from the Irving, Texas, arts and crafts retailer was unable to comment on the potential data breach by deadline.
The incident appears to be localized and not part of a larger database breach, Julie Conroy McNelley, a senior risk and fraud analyst at Aite Group LLC, said in an interview.
Recent PIN pad devices, which are designed to adhere to industry security standards, are more difficult to tamper with, but many merchants still deploy older devices, McNelley said.
If Michaels was using older PIN pads, the company would incur some substantial fines from the payments networks, McNelley said.
"Card skimming is a big business, with debit card skimming leading the way," McNelley said. Many issuers have said that debit card skimming is more popular than credit card skimming by a 3-to-1 margin, she said.
Michaels is encouraging customers of its Chicago-based stores that used a debit or credit card to monitor their bank statements, report any suspicious account activity and change any PIN or other account security settings. Consumers with compromised accounts should contact their card issuer directly, it said.