Electronic devices that steal credit card data were found at Wal-Mart self checkout stations in Fort Wright, Kentucky, and Fredericksburg, Virginia.
"They installed a skimmer, which covered a credit card reader at this self-serve checkout, on May 11. It wasn't found until a week later," a WLEX reporter said.
A local Virginia outlet reports the skimming device there was spotted after almost 40 customers noticed large ATM withdrawals were made without their knowledge.
Credit card skimmers can be relatively easy to install, according to cybersecurity expert Brian Krebs.
In a post on his website, Krebs says the exact devices used in the Wal-Mart incidents overlayed the checkout terminals and were able to access not only customers' credit card information, but also their PIN numbers.
But a skimmer can only get that sensitive information if customers swipe their credit card.
Credit card fraud was one of the main reasons banks began distributing chip-enabled cards — also known as EMV cards — to customers in 2015.
But despite a 2015 deadline that switched some fraud liability from banks to businesses, CreditCards.com says about 30 percentof Americans still don't use or don't know if they have chip-enabled cards.
As of Friday, there are no reports that police have found the people responsible for the Wal-Mart incidents.
This video includes clips from Wal-Mart, Visa and CreditCards.com and images from Mike Mozart / CC BY 2.0 and Getty Images.