Earlier this year we reported on USPS self service kiosks in Oregon and Utah that had been modified by criminals to allow the collection of debit card data and PINs. Now computer security expert Brian Krebs says there are reports that kiosks in 15 states may have been targeted:
The United States Postal Inspection Service is investigating reports that fraudsters are installing skimming devices on automated stamp vending machines at Post Office locations across the United States, KrebsOnSecurity has learned.
Earlier this month, I began hearing from sources in the banking industry about fraudulent debit card activity on cards that were all recently used at self-service stamp vending machines at U.S. Post Offices in at least 13 states and the District of Columbia.
The USPIS declined to answer additional questions about the investigation, such as when the fraud first began. But according to sources at two separate financial institutions whose customers have been impacted by the activity, the fraud began in late November 2013, and has been traced back to self-service stamp vending machines in Arizona, California, Colorado, Florida, Georgia, Kentucky, Massachusetts, Nebraska, New York, Oregon, Pennsylvania, Utah, Virginia, and Washington, D.C.
One way to protect yourself against this type of fraud is to use a credit card in lieu of a debit card whenever possible.