By Mila Besich-Lira
Pinal County Sheriff Paul Babeu and his staff addressed several hundred residents of Queen Valley last night regarding the recent rash of credit card fraud that has been reported. The focus of the meeting was on how residents can keep their sensitive financial information safe and to provide an update on the security breech that occurred at the Bashas’ family of stores.
The Bashas’ credit card payment system was attacked by a sophisticated malware that allowed the hackers to obtain the sensitive credit card data. Those criminals then used those card numbers to make other purchases using the sensitive data. Hundreds of customers to the 136 Bashas’, Food City and AJ’s Fine Food stores across the state have noticed fraudulent charges to their credit and debit card accounts. The charges are often being made in other states and in some cases other countries such as France and Italy. It is believed that the criminals involved with the breech are not located in Arizona. To date 507 reports of credit card fraud have been filed with PCSO
Sheriff Babeu updated the residents about the ongoing investigations and how the Pinal County Sheriff’s Office got involved with the case. In his presentation to residents, Babeu explained that they had discussed not releasing the information about the rash of fraud cases but decided it was in the public’s best interest to share the information.
“We work for the people not a company,” explained Babeu. PCSO reports that they contacted Bashas’ on Jan. 23, 2013 regarding the high number of credit card fraud reports. Babeu explained that based on their information the malware attack happened sometime in the summer of 2012 and that the malware has been collecting data since then. One suspect involved with the crime has been arrested.
Detectives from PCSO gave a presentation to the residents on how to protect themselves from these types of fraud. They encouraged the residents to shop on secure websites, shred mail and old credit cards and try to keep cards out of the view of other customers when making a purchase. They also shared information on credit guard services and wallets that prevent crooks from scanning data off cards that are placed in a wallet or purse. The detectives explained that using cash is one of the only full proof ways to avoid credit card fraud. The detectives and Sheriff Babeu stressed the importance that the residents monitor their credit and debit card statements carefully.
A resident in the audience explained that during a recent trip to Bashas’ there were notices that the system was secure and safe to use. Sheriff Babeu explained that PCSO could not confirm that the malware had been removed from the credit card system at the Bashas family of stores, he also commented that attorneys from Bashas asked him to make a retraction on his statements or face a potential law suit.
Copper Area News spoke with officials from Bashas’ regarding the security breech and found that Bashas’ Corporate Office began an investigation with a third party forensic specialist as soon as the they started receiving calls from customers reporting the fraud complaints. Upon confirmation that the payment system had been attacked the company alerted law enforcement, the media, their stores and customers.
Kristy Jozwiak, Director of Communications for Bashas’, confirmed that the forensic investigator has found that no customer information was obtained in the summer of 2012.
“Bashas’ is and has been compliant will all Payment Card Industry (PCI) security requirements and we have installed additional security measures, beyond what is required by the industry to our point of sale and enterprise systems to further protect our customers’ information from such attacks in the future,” explained Jozwiak in a written statement.
The company is working directly with federal law enforcement authorities and not with PCSO.
“It is important to know that there have been some erroneous statements made by the Pinal County Sheriff’s Department regarding the situation,” explained Jozwiak. According to Bashas’, PCSO contacted the company in late January but only to say that they (PCSO) thought the Bashas’ payment system was a common denominator in their fraud reports from residents. PCSO did not confirm that Bashas’ was in fact the source of the problem when they made the call.
According to state laws businesses are not required to release any information when security breaches occur, however Bashas decided it was best to inform their customers and go public with the information. Joswiak further explained that they released this information within 48 hours of the company’s knowledge that the malware was in the system. She encouraged customers to contact Bashas’ Customer Service Department if they have any questions or concerns. The number to reach customer service is 480-883-6131.
Customers who shop at the Bashas’ family of stores regardless of where they reside are encouraged to monitor their credit and debit card statements carefully and alert authorities if fraudulent charges are found. Those living in incorporated communities should contact their local police departments; those living in un-incorporated areas should contact PCSO or their county sheriff’s office. The non emergency line for PCSO is 1-800-420-8689.