Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Gas Station Credit-Card Skimmers

Posted by kdawson on from the look-for-the-guy-with-the-blue-tooth dept.

coondoggie notes a Network World piece on credit-card skimmers found installed in gas pumps, this time in Florida. Like the similar wave of attacks in Utah earlier this year, the latest crop uses Bluetooth to transmit the illicitly collected data. Does this mean an accomplice has to hang around within 3m of the pump? "The Secret Service has indicated there's a crime wave throughout the Southeast involving the gas-station pump card skimmers, and it may be traced back to a single gang that may be working out of Miami... St. Johns County in Florida has also been hit by the gas-pump card skimmers. [A local sheriff's department spokesman] says criminals wanting to hide the credit-card skimmers in gas pumps have to have a key to the pump, but in some cases a single key will serve to get into many gas pumps." Here's an insight from the banking industry on the skimming fraud.

25 of 251 comments (clear)

  1. No worries here. by The+MAZZTer · · Score: 4, Insightful

    I always pay for gas in cash. I think I will not change this personal policy in the near future.

    1. Re:No worries here. by pgmrdlm · · Score: 3, Insightful

      You get a receipt? Peace of paper with the time, date, and transaction. Are you always in the habit of paying for anything, no matter how you pay for it, without receiving a receipt???????

      --
      Anonymous comments are as pathetic as the anonymous "sources" that contaminate gutless journalism from the New York Time
    2. Re:No worries here. by pgmrdlm · · Score: 2, Insightful
      I was trying to dispute the position of the previous AC.

      And if the clerk pockets the cash and calls the cops on you to cover the theft? Here's a 20 for pump #2. *pumps $20 worth of gas and takes off*.

      Just saying, ask for a receipt if your worried about the clerk pocketing your cash. Have proof of your purchase.

      --
      Anonymous comments are as pathetic as the anonymous "sources" that contaminate gutless journalism from the New York Time
  2. Doesnt sound overly hard to by kaptink · · Score: 4, Insightful

    Why don't they make gas stations check their pumps once a day for skimmers? Perhaps when they set the price in the morning. Seems relatively simple.

    --
    Those who can, do. Those who cannot, sue.
    1. Re:Doesnt sound overly hard to by Anonymous Coward · · Score: 2, Insightful

      They only need to have the card scanner in place for a short period (say an hour or two) to get enough credit cards, then they move on to the next target.

    2. Re:Doesnt sound overly hard to by fuzzyfuzzyfungus · · Score: 2, Insightful

      Even in situations where there isn't an inside man(and I'm sure that there sometimes is), a scheme that habituates the employees, anybody monitoring the CCTV cameras, and the public at large, to people frequently opening and poking at the pumps is likely to decrease security, rather than increase it.

      The uniforms of gas station employees aren't exactly secret, nor are clothes that look very much like them hard to get ahold of(given that they are generally just plaincloths, or mechanic-style coveralls, possibly with silkscreened logos), so it would be pretty trivial to concoct a plausible disguise in which to tamper with the device.

    3. Re:Doesnt sound overly hard to by Monkeedude1212 · · Score: 3, Insightful

      Most of the people who can't handle the gas station clerk position think exactly like you do,
      except they don't realize that they have to do paperwork at the end of each shift and quit because division is to hard.

      The problem is that not every gas station is structured like that. I worked at a Gas station for 2 and a half years, and they basically had 3 people on duty at all times. 2 to run the tills, maintain the cleanliness of the store, and watch the pumps. 1 would be in the back office, doing that paperwork and occaisonally watching security cams. The only paperwork the front line people had to do was count out their till to $100 each time their shift began and ended. Anyone with a pulse could have worked that job. The only way to keep that job was to NOT steal money.)

      And while I wouldn't expect much from even those people, I think they could identify a card reader if taught how. It's as easy as saying "Look at this specific part of the pump. Remember how it looks. Every morning I want you to look at it. If it ever looks different, inform me."

    4. Re:Doesnt sound overly hard to by Anonymous Coward · · Score: 2, Insightful

      division is to hard

      ooh ooh! I know this one!
      division is to hard as gas station attendant is to job.
      right?

  3. Re:Do they really need a key? by Aladrin · · Score: 3, Insightful

    Not many want to, no... But all those that want to do so illegally have really, really bad plans in store. It's enough to offset the relatively small number and need a good lock.

    I don't know that they DO have them, but they should.

    --
    "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
  4. Re:Hiders Keepers? by dan_linder · · Score: 4, Insightful

    ...and with the price of flash memory so low, it would be pretty easy to hide a little digital camera to snap photos of the person as they put the card in and/or stood in front of the machine. It would be easy to download those too and if they saw a few with the manager and a customer standing and pointing at the machine they would know that the gig was up and to just walk away.

    I'm really thinking the cash idea is the way to go from now on. :-(

    Dan

  5. Re:Islam is the shelter of murderers and liars by Anonymous Coward · · Score: 0, Insightful

    The religions are meant to enslave and execute people unless they adhere to the largely illogical creeds. It's time to cleanse the world of these blights.

    FTFY

  6. Re:Hiders Keepers? by Thelasko · · Score: 1, Insightful

    Mod parent up!

    The recording device is in the pump. It records the card numbers internally. The thief then comes back and downloads the data off the skimmer with bluetooth (probably with a phone). Totally inconspicuous.

    --
    One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
  7. Re:Get the chip by fuzzyfuzzyfungus · · Score: 5, Insightful

    There is one unpleasant downside to "chip & PIN"...

    While it is certainly more secure than mag stripe, the various issuing institutions, at least in Britain, have tried to use this to argue that theft/skimming losses should now be the fault of the "negligent" customer, rather than their problem.

    I have nothing against better security, I do have a problem with better security being tarted up as evidence that no intrusion could possibly have occurred without the connivance of the customer.

  8. Re:Hiders Keepers? by mldi · · Score: 2, Insightful

    On the bright side, it's easily detectable by checking for BT radios.

    --
    If you aren't suspicious of your government's actions, you aren't doing your job as a responsible citizen.
  9. efficiency issue by peter303 · · Score: 2, Insightful

    (1) Takes extra time to visit a clerk and pay cash.
    (2) Amount not recorded automatically. Have to mess around with receipts. During high price periods my gas usage approaches 5% of my budget and should be tracked.
    (3) Requires carrying around more cash, especially in periods when prices are high.

  10. Re:Hiders Keepers? by fuzzyfuzzyfungus · · Score: 3, Insightful

    I doubt the skimmer-makers would bother, unless the cops have quietly been hunting bluetooth emissions for a while now; but it wouldn't exactly be rocket surgery to have a bluetooth device that just sits there, receiving but maintaining absolute radio silence unless it hears a particular transmission(from a particular bluetooth MAC, if you really want to get paranoid). The wireless analog of port knocking, more or less...

    Particularly with all the cellphones floating around, a BT radio, even one yelling its little amplifier out, is hardly automatically suspicious in a reasonably crowded area. Somebody who knew what they were doing, had the right set of antennas, and had some knowledge of what they were looking for(if, for instance, the skimmer-manufacturers produced a large batch, all with BT modules from the same manufacturer, or even with MACs in series, and some were captured by conventional physical inspection), could definitely hunt them down much more quickly, unless they are very short range units, or were using some stealth strategy like the above...

  11. Re:insight from the banking industry by fuzzyfuzzyfungus · · Score: 3, Insightful

    Sinclair said: "It is difficult to get a man to understand something, when his salary depends upon his not understanding it!"

    When dealing with PR flacks, their salary depends on you not understanding it, which is likely even worse...

  12. Re:Hiders Keepers? by Mister+Whirly · · Score: 1, Insightful

    White folks just do it differently - often legally and out in the open. Goldman Sachs, Morgan Stanley, Bank of America, Chase, etc.

    --
    "But this one goes to 11!"
  13. Re:ATM Skimmer by kaiidth · · Score: 2, Insightful

    The point, as far as I can tell, is that there are many chances to bolt on external junk, whilst it's pretty difficult/unusual to be able to compromise the ATM itself. External devices are just opportunistic ways of reading the data off your card (ie. magnetic strip, maybe a camera to read out the PIN as the user inputs it). I suppose you could place an overlay on the screen, but it sounds like a lot of work compared to a little magnetic strip reader.

    If you'd managed to compromise the ATM (so as to be able to change the image displayed on that particular screen) you wouldn't need to bolt anything onto the outside at all - the ATM knows everything you're likely to want to steal. But then, if you were able to successfully hack an ATM, why waste time skimming credit card numbers?

  14. Re:ATM Skimmer by spazdor · · Score: 2, Insightful

    And if someone is able to compromise both the card and that image of "what it should look like"?

    If an attacker has sufficient access to change what's being displayed on the ATM screen, then they can probably skip the external card-reader and just yoink the customer's bank data out of RAM.

    --
    DRM: Terminator crops for your mind!
  15. Virtual # writer by hedley · · Score: 3, Insightful

    How about a way to magstripe the virtual # you get from Citi or equiv. Basically, you program the card before use at the station with a fresh virtual#. So, skim away! I couldn't care less if they skimmed a virtual#.

    Or have a $75 limit on the card and only use it for gas.

  16. Re:Hiders Keepers? by Anonymous Coward · · Score: 2, Insightful

    Wait, what did Chase do? Or are you just listing bank names without actually knowing anything about what went on?

  17. Two Simple Rules by cdrguru · · Score: 1, Insightful

    1. Never, ever use a debit card for anything. It isn't worth it.

    2. Your credit card number will be stolen. Accept it as a fact of life. It doesn't cost you anything so stop worrying.

    That's it.

  18. Re:Hiders Keepers? by TheLink · · Score: 2, Insightful

    > I'm really thinking the cash idea is the way to go from now on. :-(

    Why? If I get mugged at (or on the way to) the gas station I lose my cash. If my card gets skimmed, I do not lose my money. If many people's cards get skimmed from the same place, I may not even have to dispute the transaction - the card company will just cancel the card, invalidate the transactions and issue me a new card.

    From the article:
    When a card is compromised, however, the card issuer has to reimburse the customer. If incidents of skimming at unattended terminals such as pay-at-the-pump continue to rise, gaps in security may be looked at with more scrutiny.

    Cash may be more private, but cash is definitely not safer than credit cards.

    --
  19. Cash by Anonymous Coward · · Score: 1, Insightful

    Just one more reason why I use CASH whenever possible. No account numbers to steal, few privacy issues (so far), and it has a hard time vanashing without your knowledge.