Market a common link in debit card breaches

About 40 debit-card users in the Huntington Beach area had money stolen from their bank accounts over the last few weeks, most after shopping at a local supermarket, police said Friday.

Such debit-card crimes are becoming increasingly common, security experts say, with thieves peeking over shoulders to learn personal identification numbers or employing more sophisticated hacking techniques.

In almost all of the Huntington Beach cases, the cards had been used at a Ralphs supermarket at Goldenwest Street and Garfield Avenue before the funds were illegally withdrawn.

“We are looking into whether their system was hacked into,” said Lt. Craig Junginger of the Huntington Beach Police Department.

He said the thieves got access to the bank accounts tied to the cards and then withdrew amounts from $300 to $700. The withdrawals were made from automated teller machines in California and Arizona.

The Ralphs market is cooperating with the investigation, Junginger said. No suspects have been identified, he said, adding that he didn’t know whether Ralphs employees had been ruled out.

Cincinnati-based Kroger Co., which owns the Ralphs chain, said it had gotten complaints from customers. “We take it very seriously,” company spokesperson Lynn Marmer said. “We don’t know whether we have a problem or not.”

As of Friday afternoon, customers were told they could still use their debit cards at the store.

In some cases, debit cards used at the Ralphs were canceled by issuing banks even though no unauthorized withdrawals had been made.

A Huntington Beach woman who had used her card at the market this week found out Thursday that it had been canceled. She took the card, issued by Bank of America, to a local bank branch to inquire about it.

“They told me, ‘We can’t comment on that. We need your card,’ ” said the woman, who didn’t want to be identified because of her uncomfortable brush with card fraud. “And then they shredded it right there in front of me.”

Bank of America spokeswoman Betty Riess wouldn’t comment on the situation but said it was the bank’s policy to “lock and reissue” a card if misuse was suspected. Debit card customers who have money stolen from their accounts generally are reimbursed by the bank, she said.

Lt. Junginger said debit cards from several banks were targeted by the scammers.

There are indications that in-store theft of debit card information is on the rise.

“We are noticing more and more card and PIN numbers being offered for sale in chat rooms,” said Dan Clements, chief executive of Cardcops.com, a Calabasas-based company that investigates card fraud for businesses and individuals. “They’re used to make counterfeit cards that are used in ATM machines.”

The PIN is usually disguised when recorded by merchants for a purchase. But Clements said hackers had been known to get around those kinds of electronic safeguards.

In another scheme, security or illicit video cameras can be rigged by scammers to record customers punching in their numbers. “It’s called shoulder surfing with a camera,” Clements said.

The visual is then matched with card number data recorded during the transaction.

Clements said it was generally riskier to use a debit card rather than a credit card to make in-store purchases because of the chance the PIN could be stolen.

david.colker@latimes.com