WHO'S MINDING THE STORE? | Broadcast Date: March 12, 2010 on CBC-TV
Who's Minding the Store?
Download Flash Player to view this content.
FRAUD STATS & NOTIFICATION LAWS: Related Documents & Links
Comments are now closed. We are currently rebuilding the Marketplace website. You can still send us your thoughts on this story via email: marketplace@cbc.ca
A Marketplace investigation reveals the newest way thieves are stealing your credit card and debit card information. They're breaking into stores, gas stations and restaurants and actually ripping out the hard drives attached to the point of sale terminals used to swipe your plastic. While stores and restaurants are keeping quiet, and credit card companies cover your losses, in the end, we all pay a price -- and for the crooks, it's a windfall.
Posted on March 12, 2010 CommentBookmark, Email & Share
Your Comments — Post Your Comment

Bravo CBC for raising awareness! But the depth and breadth of this report may have missed the mark. While retailers are a easy target what isn't realized is just how many identities have already been compromised across the globe. How about showing some statistics? Two of the biggest culprits for storing truly sensitive personal data that has been compromised at least once are the credit tracking companies Equifax and TransUnion. These companies have an peoples entire life history of credit - current and past cards, loans, mortgages.. etc., all personally identifiable information (PII) including SIN, date of birth, dependencies, language, gender... etc. Not only have thieves gotten your card numbers - all of them, but also your entire identity. How about another segment for your show on these companies and how many people fall victim to improper credit collection and loss at their hands.

My wife and I have both had are Identity stolen and had our Equifax and TransUnion credit changed to the thiefs Address, All started with Visa, some how they got all my information,I blamed Visa, some one worked there or some one hacked the computer system they asured me no way, they wont give me any info, but sent them a credit card, I had it all straightened out and they sent the thiefs the new credit card, Visa, nice thing ,didn't have any credit left on the Card, (lol) still dealing with the problem 5 months later, every time they apply for credit, I get a call, still cost me money to watch my credit score, and will have to worry about this the rest of my life, some one should be FINED big time. We have never had are wallets or IDs stolen

What the report doesn't mention is that in many cases they don't even have to break in with wireless terminals. Just sit outside the store/restaurant and drive off to steal your money.

this is sorry. where lies confidentiality. is technology good or bad. In my part of the world we've not got there yet. But the issue is that how do we protect the consumer.

oh! i have never been using the credits card, but the risk i see will be high, as the companies afraid to tell their customer when their personal information has been stollen. but i realy need to know more about the trick.

It's so frustrating! I carry a debit card so I don't have to carry cash...and now it's safer to carry cash. There's no way to win.

I watched your show with interest. One thing was really missing beside blaming and pointing fingers.

These transactions are totally electronic from a to z, with the exception of somebody having to remember to clear the hard drive at night.

The root of the issue is that the problem cannot be solved by people having to remember. Why can't these point of sale terminals be programmed to clear all information at night. Or even better, right after the transaction has cleared. ( to discourage day time robberies).

Once this question is answered, in my opinion, the issue would be self-resolving and basically obsolete.

Thanks for taking the time to read my comments. Sabine

Great show, we need more like this to wake us up.
The big banks, big retailers and big government, have worked very hard to dumb down the population.
BIG BROTHER is not looking out for us.
You guy's and gal's are, keep up the good work.
And by the way, maybe you could look into the LPIF that bell is adding onto my bill, and expose the CRTC for the sham that it is. Thanks...Craig

I just wanted to say thank you Marketplace for looking out for us, the consumer. You have actively sought out answers to consumer's questions without any biases, and without trying to personally gain from us, and I just wanted to say "Thank You!". I love your program!

I agree there is way to much fear mongering on this episode. Marketplace is useful for a consumer show but this one tries to scare everyone. Erica Johnson acts like she knows the solution and talks down to the people who are trying to prevent theft.

I have been using a credit card since I was 18 (I'm 25 now) and I use it for EVERYTHING. Never had an issue. Not sure if it is because I am not in a bigger city (more theft in bigger city?...) anyway this episode makes it seem like everyones number has been stolen.

Hey Erica, how about saying what companies are doing to combat theft. I am sure there are many retailers out there who are doing the best with what they know (they all don't have unlimited funds to protect themselves against every conceivable theft action).

Very one sided reporting, focusing on the vulnerability and not on the “why”, leaving the report hanging and useless other than. What action needs to be taken? Who should take it and how? Nope…none of that…just the glory of "shock" reporting. Only problem is, it is not that big a shock. I think only idiots have 100% faith that their data is 100% secure (no offense to those interviewed). Dundas and Yonge is not exactly the place to interview particularly savvy people on the issue of awareness. Had they done so on the corner of Bay and King, I bet the answers would have been very different.

There are standards in place that some retailers are not adhering to either out of ignorance or b/c they don’t want to spend the $$. POS systems must comply with PCI standards www.pcisecuritystandards.org. The reporting should have addressed "who is enforcing this?"

I was interested in the program about debit/credit card info but was dismayed to hear the announcer continually mispronounce the word "grocery". No it's not "groshery" (despite an epidemic to the contrary). Check your dictionary! I expect better from the CBC.

Unfortunately we live in an age where personal information is gold! One wonders how much of the card compromise situation is actually being aggravated by large merchant chains keeping this information accessible on their drives for their own marketing purposes?
As mentioned in the piece by the crown attorney, merchants must move to keep pace with the changing market place however with no legal reason to changed why change?I would further that law makers should move to keep pace and force merchants to wipe this information under threat of prosecution for complicity in new style theft!
I tend to think that if there were large fines and public disclosure about what particular business hard drives compromised consumers, big business would clear up the retention of personal information in short order to avoid negative publicity that would generated!

I was totally shocked that such private information was KEPT on retailers' computers, but was even more shocked that RETAILERS DON'T CARE about protecting their customers' privacy. All they have to do is simply wipe their drives each night at closing. Yet, they have an uncaring attitude about it. Perhaps loss of business by people who ARE concerned about their privacy will make more retailers -- like Tim Hortons, who also don't wipe their drives -- think twice about such an attitude.

By allowing the authorities to hide the names of "comprimised companies', it allows them to "dodge the bullet".

Some states allow the names to be published, and it should be this way. If I knew of one of these companies, I would not do business with them in the future.

It's not fair to us, as consumers, to let our information be given out without our knowledge or consent.

These companies should be left 100% responsible when our information is leaked out, and the authorities should be obligated to give out the names of these companies when asked.

When are our laws going to change?

Too much feamongering on this one.

Other than organized crime no one gains from debit/credit card theft. Retailers and banks are working hard to make debit/credit safer. Erica should have talked about PCI and EMV inititatives for a balanced perspective.

I watched with interest your show on credit card fraud and was not surprised when you came up with the merchants as being at fault for "letting" crooks steal our information. You are just regurgitating the same crap that other investigative shows before you have said. Merchants are the middle men here, why is it no one seems to point the finger at the credit card companies themselves? They are the ones who solicit the consumer to sign up for their cards, who sell us with their promises of fast and easy credit, who pander to our societies greed to "get it now". They are the first ones who get our information ( and we willingly give it!) and they are the ones who put that information in a format that gives others axcess to it. I would say in order of blame it should be us first for buying into the sales pitch, the credit card companies (& banks??) for selling it and lastly the merchants.

What good did it do when the banks upgraded our Credit Cards and ATM cards with a computer chip?. I thought this would protect my cards from theft.
I will probably start using cash as recommended by Marketplace.

I work in the Canadian financial payment industry and this episode focused on fear rather than facts. The facts are that point of sales systems need to be compliant with PCI standards for destruction of credit card numbers after use. Card numbers should not be stored on hard-drives. Retailers should check that their POS supplier is compliant. The comments about skimmers attacking a chain repeatedly seems to indicate that the skimmers discovered that the chain did not have a compliant POS system. The other fact that CBC failed to note is that in Canada more and more systems are going to smart cards which include a small encryption microchip which reduces fraud significantly by requiring you to enter a PIN which only you know. If your bank hasn't already sent you a smart card, give them a call.

I think the major problem is that most retailers are unaware that credit card information is even being stored on the hard-drive. I think a lot of business, and a lot of people, are uneducated about computers and security. CBC Marketplace is doing great work by bringing this to our awareness. And I think government should step in and enforce security of personal information.

I have some issues with the content of your show, but last night's program was particularly disturbing. Your stories don't go that one step further....I know for a fact that if someone is able to steal my mastercard information, mastercard will cover the unlawful charges and i won't be out a penny. It is up to me to verify my statement every month and if there is something on there that I didn't charge, it is a simple process to have those charges reversed. Your stories often fuel fears that people have, with no regard for the safety protocols that are actually in place to protect individuals. Yes, there are always ways to improve , but what about the safeguards that are already in place? Don't these companies,although not perfect (and who is), deserve some mention of the protocols they do have in place to protect us? Investigate, that's great, but stop telling only half the story.

Great show! Is it possible to download this episode? I would like to save it to a disk...

Interesting, but not surprising. I mostly pay in cash, though that's mainly because it gives me a better sense on how much money I spent.

I also have to wonder about the expert that they had with them to inspect the computer, all he seems to be doing is a cursory search through files on the HDD, even if the data is wiped the question on how it is wiped, there is a good chance that a simple delete is not going to suffice to prevent any data of being recovered from the HDD.

The question is why there would be any need to store this kind of data on a HDD in the first place, it simply comes down to lazy programmers / cheap product, if retailers want to really tackle this they should have the processing modul written by an industry group that has no financial interest in the POS systems out there and then force POS system providers to use it.

I find it amazing that retailers are not help responsible for the loss of their customers data. We entrust them to not give out our personal data yet who knows how many times a company has been compromised and never told anyone outside of IT about it. Great story, thanks for proving to me what I suspected all along!

The capitalist system retailers & advertisers',in fact the entire system is fraught with perils for the consumer.
With downright collusion in creating false needs by bringing products to the marketplace for mass conspicuous consumption to.. creating the "tools" the credit cards & debit cards
which we have been "classically conditioned" to come rely upon..to make purchases for rewards;points;cash back;air miles -we are paying a steep price for those Capitalist profit takers & their shareholders looking for profit margins.
The banks,the merchants, the credit & debit card corporations
and there respective "security" departments are all complicit in keeping the consumer deliberately uninformed & therefore under the control of the system. In this manner we are all
compliant slaves to the interact/credit card systems.
The system perpetuates itself; the debt slave; & our privacy is the currency

I was absolutely astounded when I watched this broadcast!! The woman from Retail Canada is so obviously in denial about what a serious problem this is. We need stronger protection of our information and retailers MUST be made culpable for any theft of consumer information.
I will certainly be doing what I can to maintain the "safety" of my ATM information and I will also be contacting my MP and MLA regarding this problem.
Thank you for opening my eyes.

Re: Credit Cards
You are so right! My CIBC Visa card was compromised 2 times in 6 weeks! Despite my contacting their Ombudsman and other authorities, CIBC refuses to release the name of the merchant[s] as they are under investigation and refuse to name them even after a successful prosecution! As a result, I have removed all my automatic billers from all credit cards. At least CIBC gave me 2 years credit on my card fees because of my complaints! Why should I pay them for such abuse and lack of security!?

Wow...it loads just fine and plays instantly for me. They did say it was a preview so your disappointment doesnt mean much.

Marketplace rocks!!!
CBC rocks!!! Its the only news from Canada I watch since CTV lied to Dion.

Did anyone actually wait long enough for the video to load? CBC's sever appears to be so incredibly slow that you have to wait 10-15 minutes to stutter through this 71 second video.

In the end, this is just a teaser ad for a show this Friday on CBC, which I won't watch because I don't have a television.


They need to force retailers to disclose then your credit or debit card info has been stolen.
In Calgary, the police won't release the stores where card skimming operations have occurred.
The justification is that the business its owners shouldn't suffer for “bad” employees.
Actually in 99% of the cases the business and its owners SHOULD suffer for hiring criminals and not supervising employees properly.
When a skimming operation is busted, the police should be forced to publish the name of the business and provide the dates that it happened!!!

When to Watch
Fridays 8:30 p.m.
(9 p.m. Newfoundland & Labrador)
Saturdays at 5:30 p.m.
Sundays at 2:30 a.m., 6:30 a.m.
TV IconRecent Episodes
Rate Hike Outrage Rate Hike Outrage: Has your home insurance rate gone up? Wendy Mesley reveals it could be connected to your credit score.  Comments 150
Something's Fishy Something's Fishy: It's labelled halibut, but can you count on it? When you buy fish are you getting what you pay for? Erica Johnson goes fishing for answers.  Comments 25
Stretching the Truth? Stretching the Truth?: Erica Johnson investigates the widely advertised decompression therapy for back pain.  Comments 98
Burning Question Burning Question: Firefighters know there's one thing that can help save lives in a fire, so you'll be surprised to learn this one thing is still missing in thousands of buildings across Canada.  Comments 31
The Debt Trap The Debt Trap: Erica Johnson investigates a new wave of so-called American-style non-profit charities offering debt advice to Canadians.  Comments 10
Who's Minding the Store? Who's Minding the Store?: Erica Johnson reveals the newest way thieves are stealing your credit and debit card numbers.   Comments 30
Canada's Worst Cellphone Bill Canada's Worst Cellphone Bill: Wendy Mesley investigates the story behind huge bills many Canadians rack up from using their cellphones.   Comments 155
Magic in a Bottle? Magic in a Bottle?: Erica Johnson puts Herbal Magic to the test and raises questions about its products, how they’re sold, and what evidence there is to back up some of its claims.  Comments 144
Road to Rich Dad Road to Rich Dad: The pitch is how to get rich, or is it how to get ripped off? Erica Johnson investigates who's getting rich off Rich Dad.  Comments 183
GPS Distraction GPS Distraction: Convenience over safety? Marketplace conducts a first of its kind test in Erica Johnson's investigation into GPSs.   Comments 48
Grow Op Cover Up Grow Op Cover Up: Erica Johnson and contractor Mike Holmes reveal a new twist on home inspectors: more Canadians are buying houses that were formerly used as marijuana grow-ops. How could home inspectors miss the obvious signs?  Comments 134
Who gets Busted?
Find out on Marketplace
BulletWhen you buy from Bloomex, do you get your money's worth?  12
BulletWhat's the real story behind the prices at easyhome?  37
BulletDo Canadian pediatricians really endorse Lysol?  5
BulletWhen it comes to cord blood banks, is the marketing misleading?  14
BulletIf your roof wears out early, how well are you covered?  40