Slashdot Mirror
Criminals Hide Payment-Card Skimmers In Gas Pumps
tugfoigel writes "A wave of recent bank-card skimming incidents demonstrate how sophisticated the scam has become. Criminals hid bank card-skimming devices inside gas pumps — in at least one case, even completely replacing the front panel of a pump — in a recent wave of attacks that demonstrate a more sophisticated, insidious method of stealing money from unsuspecting victims filling up their gas tanks. Some 180 gas stations in Utah, from Salt Lake City to Provo, were reportedly found with these skimming devices sitting inside the gas pumps. The scam was first discovered when a California bank's fraud department discovered that multiple bank card victims reporting problems had all used the same gas pump at a 7-Eleven store in Utah."
How do I protect myself from a skimmer inside a gas pump?
Pay cash inside.
I remember atleast 10 years ago at an Arco station had a sticker on the machine that said don't enter in your card if the reader looks wierd. I have also seen that warning on swipe ATMs.
The new part is that the reader does NOT look weird.
It looks physically identical to the standard reader.
Didja even read the summary?
When information is power, privacy is freedom.
Ride 50 miles one way to work on your bicycle.
Not too hard, I'd only need to do it once before my boss fires me for being 4 hours late.
I remember running into something like this a long time ago when I was in New York City. There was this small piece of metal in the card slot. Needless to say I didn't insert my debit card in to find out what it was.
How do I protect myself from a skimmer inside a gas pump?
Step 1: Assume they're compromised.
Step 2: Pull out the concealed Glock that every freedom loving American carries around and fire wildly into them.
Step 3: If the machine is rendered out of order, move onto the next machine and go to Step 1. If someone tries to stop you, go to Step 1.
But in all seriousness I think you could pick up a "preferred customer card" at some grocery store and carry that around with you. When you approach the pump, put that card in first. A compromised machine might feel weird and will most likely not respond to you inserting a card. An uncompromised machine will swipe easily and also think for a second and then ask you to reswipe your card. While not flawless, this is the best thing I can think of aside from prepaying at the attendant in the store or something really crazy like demanding to borrow a passerby's card to see if it works before you put yours in. It's also probably your best option if you buy gas after hours like I do. The unfortunate side effect is it wastes time and makes it look like you're flipping through maxed/stolen cards.
My work here is dung.
And yeah maybe it is an inside job. Paying clerks $6.00 an hour to work from midnight to 8:00AM does not buy a lot of loyalty. Where do you think most of the pilfered credit card numbers really come from? Try paying people a living wage and this won't happen. Employees who have to live with their mother are not adverse to listening to some ones criminal scheme, which to them sounds like justice rendered.
Why do "Al Qaeda" bulletins allegedly authored by Osama Bin Laden sound as if they were authored by Oliver North?
This got my credit card over a year ago in Saskatchewan, Canada. However, my card was skimmed at a do-it-yourself ticket-terminal at the local movie theatre.
It turned out it was a very large network of people who came together and organized the attack and paid people all over the country to do this and sent the info back to 'headquarters' in Ontario Canada.
They racked up over $600 in charges and it all appeared to have been used at Gas stations in Toronto / Missisaga in Ontario.
They put these things on any 'do-it-yourself' terminal they could find. This included pay-at-the-pump gas stations, ATM's, and any kiosk that could read a debit/credit card.
Luckily Mastercard covers things like this so it was much easier to report and reverse than a few friends of mine who had their debit cards skimmed. They had a much harder process to deal with.
The move to "Chip" cards ([url]http://en.wikipedia.org/wiki/Chip_card[/url]) are rapidly increasing these days. I know my local credit union is fully switched over, although maybe half of the retailers in town actually support them.
Let's define this scenario clearly. You put your money in a bank. The bank then gives you access to the bank's services. It's not access to "your" money so much as it is access to a money exchange service. (Think of an ATM and similar services as a vending machine that serves up cash and other things in exchange for the money in your bank account.)
Now there are the criminal parties. These parties are the ones who come in and exploit weaknesses in the system to get cash and other things. In the course of exploiting these weaknesses, they use the credentials of other people to extract the cash and other things from the actual victims.
Who are the actual victims? They are the banks themselves and they are the sellers of other things.
When the people whose credentials were used in the commission of a crime against the banks and merchants are charged with responsibility for the criminal acts, it is the banks and merchants who are victimizing the people... their customers! The criminal performed their crimes against the banks and merchants. It is the banks and merchants who are passing the burden along to the innocent individuals who quite literally have no way to protect or control the situation. It is the banks and merchants who have the means to control and protect.
Every time I hear "identity theft" and other referrals of uninvolved parties as victims of a crime, the lie bothers me. These banks and merchants have created a system that is weak and exploitable that uses its customers as a buffer and even a shield against those weaknesses. You cannot protect your "secret information" so long as it must be shared in order to use it. And once that information is out there and used, the banks and merchants take money from your account instead of theirs. The original victims are, in turn, victimizing the innocent by declaring that the innocents are victims of the original crime.
I am sure there are plenty of people who disagree with my sentiments on the matter. But if you do, point out the flaw in the logic I presented.
If you have a pair of sunglasses and a jacket, you should be good to go.
1: Get a $10-$25 cash card from your credit card company
2: Slide it through the card reader
3: Light up a cigarette
4: Spray gas all over the pump
5: Slowly walk away, flicking the smouldering cigarette behind you, onto the pump. Speak a one-liner about gas, pumps, explosions, fire, smoking, or credit card fraud. It is very important NOT to laugh at your own joke.
6: No matter how hot your back suddenly gets, keep walking slowly and DON'T turn around, (glass or shrapnel is going to hit you, it's better to take it in the back than in the face.)
7: Never worry about gas pump skimmers for the rest of your life.
I am the richest astronaut ever to win the superbowl.
After waiting patiently for the US Government to implement a carbon tax, the ever-altruistic Utah mafia has decided to take matters into their own hands.
what if you're buying a bike and the credit card machine at the bike shop has a skimmer installed?!
We oldsters in the 1970's used to skim gas out of the gas tank. Some of the more ballsier-types would steal whole gas tankers. The fact that you can skim debit cards at the gas pump without spilling gas on yourself is a great technological improvement since you don't have to resell the gas.
You seem confused. The skimmer is entirely parallel to the regular reader, it does not effect the operation of the pump.
There will be no observable difference in the transaction.
The most secure remedy is cash.
Nerd rage is the funniest rage.
> Pull out the concealed Glock...
A "Glock"? Please. That's an Austrian pistol. Every freedom loving American carries an M1911A1.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
I've been the victim of skimming twice. I love paying at the pump but it's getting out of hand. Even with a credit card it's the inconvenience of filing a dispute, canceling the card, etc. This time they laundered the money by buying five $200 wal mart gift cards with a cloned card.
Here locally they say it's been the Fast Trip and AM PM stations that have been hit. The two with the lowest prices of course.
How do I protect myself from a skimmer inside a gas pump?
Or use a bike. Better for you and the environment too at the same time.
Okay, that's one problem avoided. So then how would one protect themselves from a skimmer on any other type of card reader, like at an ATM, vending machine, or a gas pump since no, you can't always just bike everywhere.
Ok, on a serious note about the problem. How to figure out a solution to this problem. Issue is, there isn't a simple answer.
Some might say we just need more education on the subject. But lets be honest. That won't work, never has, never will. People have been told that about everything from health (eat less processed/junk food, exercise more, ect... and as there are more people obese today then ever shows how well that works), to drugs (I've heard of the problems with things like crack since the 80's when I was born, and it's still being used today), to the basics of never share passwords but these things still happen.
Others might say we need more surveillance with cameras and police. But this isn't working either with Britain having millions of CCTV and also being the most violent country in Europe ( http://www.dailymail.co.uk/news/article-1196941/The-violent-country-Europe-Britain-worse-South-Africa-U-S.html ). So this is also not a solution.
Other things need to be taken into consideration. Why are these happening? People are need money more then before with a lack of jobs due to the recession. Also the ease of availability of these problems (these machines are showing up in more and more places). Also a lack of security in these newer forms of payment that are shown to be insecure ( http://tv.boingboing.net/2008/03/19/how-to-hack-an-rfide.html ) yet still forced upon the consumer due to the millions funded into these technologies and the fear of admitting these losses to shareholders.
Many of these company's and people are no doubt hoping things like DMCA laws and their inclusion into global laws like the ACTA will help get rid of the problems since it will make the technology illegal (these break digital security locks). Thing is, again it won't work. Drug growers have shown that when these problems come about, people will just go underground and look for other ways to do this. This was shown during the Regan years of the war against drugs. As time passed, it was harder to smuggle weed from places like Afghanistan, so people started shipping hash. Same type of drug but smaller and easier to ship. After that came hash oil since it was again smaller and the law started to figure out about hash. When hash oil was found out, people started to look into hydroponics (a new growing method for plants of ANY kind) and found they could grow a better crop (better watered, feed, controlled, ect...) in the country bypassing the issue of smuggling it in.And just like pot dealers/growers showed that the law means little in the end to get what they want, same will happen with this and as with every crime in history.
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
Hosers!
Equip all cards with a simple chip. This chip contains an encryption algorithim (something strong enough to not be easily cracked by running brute force on data packets). It would also contain a secret key unique to your account. And it should not give the key itself out.
Then the reader sends a formatted packet containing the PIN (if entered), the options (credit vs debit etc) and the amount of the purchase. The card encrypts this data and hands the reader a data packet saying "this is a chip-and-pin transaction" and containing the encrypted data. The reader sends this through the bank networks to the issuing bank.
The issuing bank has another copy of the secret key which it uses to decrypt the data packet and validate that the transaction is possible (i.e. enough money there etc) and returns a "yes, proceed" result to the card reader. The bank would ONLY record the transaction as a chip-and-pin if it was sent through this process (thus preventing dodgy or compromised swipe-only terminals reading the mag stripe and running up the transaction like a mag stripe transaction but telling the bank its chip-and-pin)
what if you're buying a bike and the credit card machine at the bike shop has a skimmer installed?!
Use a car.
I know you're a Brit because you used the word, "Yank" - no one here says that. Few people will even claim to be Yankees.
We laugh at people on the internet for blowing things out of all proportion. It's nicknamed, "a series of tubes," for a reason.
I kept reading your post after I noticed the Score: 1 Flamebait moderation, sometimes they are too silly to pass up. Sorry you tea drinking, haughty twit.
Say American next time. We won't even make fun of you for getting your ass kicked a couple hundred years ago by a bunch of degenerates with pitchforks and your uptight neighbors that have something against shaving.
=P
Motorcycles, Robots, Space Gossip and More!