Slashdot Mirror

← Back to Stories (view on slashdot.org)

Criminals Hide Payment-Card Skimmers In Gas Pumps

Posted by kdawson on from the swipe-and-get-swiped dept.

tugfoigel writes "A wave of recent bank-card skimming incidents demonstrate how sophisticated the scam has become. Criminals hid bank card-skimming devices inside gas pumps — in at least one case, even completely replacing the front panel of a pump — in a recent wave of attacks that demonstrate a more sophisticated, insidious method of stealing money from unsuspecting victims filling up their gas tanks. Some 180 gas stations in Utah, from Salt Lake City to Provo, were reportedly found with these skimming devices sitting inside the gas pumps. The scam was first discovered when a California bank's fraud department discovered that multiple bank card victims reporting problems had all used the same gas pump at a 7-Eleven store in Utah."

7 of 332 comments (clear)

  1. Re:Great by YrWrstNtmr · · Score: 5, Informative

    How do I protect myself from a skimmer inside a gas pump?

    Pay cash inside.

  2. Re:This isn't new by Jah-Wren+Ryel · · Score: 5, Informative

    I remember atleast 10 years ago at an Arco station had a sticker on the machine that said don't enter in your card if the reader looks wierd. I have also seen that warning on swipe ATMs.

    The new part is that the reader does NOT look weird.
    It looks physically identical to the standard reader.
    Didja even read the summary?

    --
    When information is power, privacy is freedom.
  3. Re:Great by maxume · · Score: 5, Informative

    You seem confused. The skimmer is entirely parallel to the regular reader, it does not effect the operation of the pump.

    There will be no observable difference in the transaction.

    The most secure remedy is cash.

    --
    Nerd rage is the funniest rage.
  4. Re:Never use Debit by Mad+Merlin · · Score: 3, Informative

    The bank is also far more likely to go to bat for you over a fraudulent credit card charge than a fraudulent debit card transaction. The reason, of course, is that in the former case, its the bank's money on the line (until you pay them), but in the latter case, its your money on the line.

    --
    Game! - Where the stick is mightier than the sword!
  5. Re:Russian mob was doing this in the 1990's by John+Hasler · · Score: 4, Informative

    No. He expects the station owner to run it as a charity.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  6. Re:Never use Debit by TubeSteak · · Score: 3, Informative

    The bank is also far more likely to go to bat for you over a fraudulent credit card charge than a fraudulent debit card transaction. The reason, of course, is that in the former case, its the bank's money on the line (until you pay them), but in the latter case, its your money on the line.

    Actually... the bank is most likely to go to bat for you over credit card charges because the consumer protections on credit cards are vastly stronger than the protections on debit cards.

    I've never used a debit card for just that reason. You have a problem with your credit card and it's just the one card that might get frozen. You have a problem with your debit card and your bank account might get locked down, which usually leads to a cascading array of problems for most people.

    --
    [Fuck Beta]
    o0t!
  7. Re:Great by dwillden · · Score: 3, Informative

    Good analysis. The skimmers in question were built by someone who knows their way around these pumps. They evidently replaced the entire panel. The device would read the card data, and record the typed in PIN. It then held the data until the paired Bluetooth receiver came in range and then would dump it's data.

    No need to sit in proximity to the compromised pump. I haven't seen anything on the storage capacity but I dare say who ever was doing this just downloaded when they filled their tank up, or when they'd stop by for morning coffee.

    The way they were able to make the switch is all pumps nationwide are made by only two manufacturers, and those manufacturers each have A key design to open their pumps. Two keys can open every modern gas pump in the country.

    All the perps needed to do was get access to one machine of the model used at the targeted 7-11. Rewire the front panel from that one. Make the swap and rewire the swapped out panel for the next pump they want to wire.

    Contrary to TFA, most reports are that only one or two stations were found to be compromised, but given time that number could have quickly grown.

    Up above I linked to an article about a Gas chain that heard of this potential scam, identified the weakness in the key system and re-keyed all their pumps with each store having a unique key pattern for its pumps. Not perfect, but makes the inside part of such an inside job have to be an employee of the store the pump is located at.

    --
    I'm too lazy to compose a creative sig.