Attention, Shoppers: Checkout Stand 4 Is Now Open to ID Theft

Living cashlessly is convenient. We swipe our credit and debit cards to buy gas, lunch, coffee, and groceries. But now, data thieves--eager to exploit U.S. consumers' dependence on plastic--are targeting keypads that we don't think twice about swiping our cards through.

Authorities in a number of states have reported local instances of a new high-tech crime: Crooks replacing or "bugging" checkout keypads at grocery and convenience stores. The rigged keypads record your credit card number or the personal identification number (PIN) that you key in when using your debit card. The crooks later return to collect the keypads--sometimes by ripping them from checkout aisles--and use the intercepted data to siphon large sums of money from unsuspecting store patrons.

Usually, the keypad devices show no outward signs of tampering. But inside, authorities say, scammers attach skimming devices that pass along customer data to the merchant (just as a normal keypad would), but also collect and store every credit card number, name, and debit card PIN entered on them.

The amounts that authorities suspect keypad thieves of stealing vary. Las Vegas police say that the total take in a crooked keypad scam in their jurisdiction may have been in the "millions of dollars"; representatives from the other affected states--California, Florida, Massachusetts, Pennsylvania, and Rhode Island--put the estimated cost to consumers at around $100,000 in each case. The magnitude of the actual losses may never be known, authorities say.

In Las Vegas, for example, hundreds of people had their financial information stolen when they stopped at convenience stores to grab a snack or fill up their gas tanks, according to the Las Vegas Metropolitan Police Department. Both in-store point-of-sale keypads and gas-pump keypads were compromised in a number of locations in the city, police say. Law enforcement officials are still investigating complaints, but no arrests have been made.

In Rhode Island, the Coventry Police Department says that it had better luck catching keypad crooks. In February, with help from U.S. Secret Service agents, four suspects from California men were arrested for having replaced checkout-lane keypads with the equivalent of electronic bugs. Investigators discovered bugs designed to steal customers' account information in keypads at Shop & Shop grocery stores in Bristol, Coventry, Cranston, Providence, and Warwick, Rhode Island, and in Seekonk, Massachusetts.

Subsequently, Coventry police, together with Rhode Island State Police, arrested the men when they returned to collect compromised keypads from affected stores, says detective Marcos Saenko, amember of the financial crimes unit of the Coventry police. The four suspects, all of whom are natives of Armenia, face two federal charges each: credit-card fraud and aggravated identity theft. Conviction on the first charge carries a penalty of up to five years in prison, while a finding of guilt on the second charge carries a mandatory two-year sentence.

Mari Frank, attorney and author of " Safeguard Your Identity," says that theft of customer data at the point of sale is one of the most dangerous security risks facing consumers. "If someone gets your financial information, your entire bank account can be wiped out," she says.

Unfortunately, protecting yourself isn't easy.

"There really isn't much anyone can do if the store has been compromised," says William Oettinger, who works with the Las Vegas Metropolitan Police Department and the Secret Service's electronic crimes task force.

Oettinger recommends vigilance in examining activity in your checking or credit card accounts as the best way to spot fraud. This means scrutinizing your credit card and checking account statements regularly. Often the amount skimmed from each victim's bank account is so small that victim might easily overlook it. So don't limit your review of your accounts to major debits or charges. Beyond monitoring, authorities advise consumers to be wary of using any keypad that looks as though it may have been tampered with in any way.

Police in the city of Alameda, California, just outside San Francisco, are investigating compromised point-of-sale keypads in their city after receiving more than 100 complaints from people who shopped at a local Albertsons supermarket and subsequently reported that money was missing from their checking accounts. Authorities suspect that the thefts are related to similar criminal activity involving an Albertsons in San Lorenzo, California, several towns away.