A number of banks have pointed towards third-party exposure of the data, and retailer OfficeMax is widely speculated to be the source -- this speculation is based on the data loss reported last month by the chain, however OfficeMax denies any blame in the incidents, an MSNBC article reports.
Many retail systems pass PIN numbers across a network unencrypted, and some of the more advanced transaction systems will store the PIN numbers in a temp file, despite warnings against such practices.
Investigations into the fraud are ongoing and widespread, involving everyone from local police agencies to the Secret Service and private organizations. The consequences of this theft remaining unchecked are dire for both consumers and businesses alike, and with consumers often on-the-hook for charges incurred (unlike with credit card transactions) the backlash against those found at fault could be substantial.
Posted by: Peter Laborge