A blogger who writes about business security issues has reported that self-service mailing kiosks at post offices in 13 states and the District of Columbia have been targeted by criminals who place devices on the machines that record debit card information.
A spokesperson for the United States Postal Inspection Service confirmed to Linn’s May 15 that an investigation is underway, but declined to offer any details.
The official did offer tips about how to detect tampered vending machines and said that postal employees were being told to check vending machines frequently.
She recommended that postal customers “who use the point of sale machine personally visually inspect the machine prior to use” and “look for any type of plastic piece that looks like it has been added to the credit card reader.”
“Look for any other type of marking on the machine that looks as though it has been applied by a third party,” said spokesperson Lori J. McCallister.
If anything “appears to be out of place on the machine,” the customers should notify a postal supervisor, she said.
The Brian Krebs “On Security” blog reported that banking sources said the fraud began in late November and had been traced to stamp vending machines in Arizona, California, Colorado, Florida, Georgia, Kentucky, Massachusetts, Nebraska, New York, Oregon, Pennsylvania, Utah, Virginia and Washington, D.C.
According to Krebs, the skimmers target debit cards and steal the information stored on the cards and their PIN numbers.
They then create new cards and use them to make $500 to $800 in unauthorized cash withdrawals from the card accounts.
Krebs recommended using credit cards when buying stamps from a postal machine, noting that most cards have a maximum fraud limit of $50.
The Postal Inspection Service ended its e-mail on the investigation by noting, “The Postal Inspection Service vigorously investigates all allegations of identity theft against USPS customers.”