Targeting point-of-sale devices with malicious software is standard practice,
as the wave of retail hackings over the last few years have shown. But targeting
them with malicious hardware -- that requires another level of brazenness
altogether.
According to a letter that retailer Hancock Fabrics sent out to its customers
last week, the swipe and type PIN pad gadgets used in debit and credit card
transactions in several of its Wisconsin stores were actually stolen and
replaced with "visually identical, but fraudulent, PIN pad units."