My bank account was compromised the other day – more importantly, the EFTPOS card used to access my EveryDay Account at Bendigo Bank was compromised.
Bendigo Bank, to their credit, locked my accounts immediately they realised that the account, along with about 100 others, had been compromised. Yeah, my fault that they couldn’t contact me on Friday to notify me (wrong phone number), which meant that when we tried to get groceries, train tickets and petrol on Sunday evening it was somewhat “embarassing”.
After much sleuthing and speaking to the nice people at Bendigo, we determined that it wasn’t the result of my last few transactions at Coles North Richmond, as I had first surmised, but at the only other place the card has been used in recent memory, McDonalds Drive-Thru (Panthers, Claremont Meadows, St Marys, North Parramatta or Northmead) over the past 6 months.
Not that I “dine” regularly at Maccas, just that sometimes on the way to work an attack of the munchies must be satisfied with a Sausage McMuffin & Hash Brown – and to be fair, their McCafe coffee isn’t all that bad when it’s made properly !
This article, in WA Today will explain more about the method used, but here’s my take on it:
- Bad Guy drives up and orders food
- Bad Guy drives around and wants to pay with card
- Maccas Dude hands Bad Guy the EFTPOS terminal and turns back to take next order
- Bad Guy flicks the connector on the terminal free (they are the same as your telephone – an RJ12)
- Bad Guy replaces GOOD terminal with BAD terminal containing internal skimmer, feigns not remembering PIN to cover the delay, and then hands it back to Maccas Dude
- Bad Guy or Bad Guy’s Friend then starts to receive card details (including PIN) via bluetooth to (we assume) a nearby laptop or mobile phone
- Bad Guy & Company then recycle EFTPOS terminal with skimmer added to another Maccas
With probably every Maccas in Australia offering Free WiFi in their stores, one of the only reasons I still buy my coffee there occasionally, there will be plenty of people with their laptops, iPhones or other smartphones doing absolutely nothing more than checking their email, but there may be one Bad Guy in the bunch that is receiving YOUR card data.
Let me emphasise this though – thus far this scam has only concerned the DRIVE-THRU terminals. It would be almost impossible to get a skimming device on the FIXED counter machines. Although they do have the hand-held ones on the counter as well, and I SUPPOSE they could be replaced using the same method – although much more difficult as they are in sight at all times (then again, Maccas staff and not known for their looming intellects !!)
