More Gas Station Credit-Card Skimmers 251
coondoggie notes a Network World piece on credit-card skimmers found installed in gas pumps, this time in Florida. Like the similar wave of attacks in Utah earlier this year, the latest crop uses Bluetooth to transmit the illicitly collected data. Does this mean an accomplice has to hang around within 3m of the pump? "The Secret Service has indicated there's a crime wave throughout the Southeast involving the gas-station pump card skimmers, and it may be traced back to a single gang that may be working out of Miami... St. Johns County in Florida has also been hit by the gas-pump card skimmers. [A local sheriff's department spokesman] says criminals wanting to hide the credit-card skimmers in gas pumps have to have a key to the pump, but in some cases a single key will serve to get into many gas pumps." Here's an insight from the banking industry on the skimming fraud.
No worries here. (Score:5, Insightful)
Doesnt sound overly hard to (Score:5, Insightful)
Why don't they make gas stations check their pumps once a day for skimmers? Perhaps when they set the price in the morning. Seems relatively simple.
Re:Do they really need a key? (Score:4, Insightful)
Not many want to, no... But all those that want to do so illegally have really, really bad plans in store. It's enough to offset the relatively small number and need a good lock.
I don't know that they DO have them, but they should.
Re:Hiders Keepers? (Score:4, Insightful)
...and with the price of flash memory so low, it would be pretty easy to hide a little digital camera to snap photos of the person as they put the card in and/or stood in front of the machine. It would be easy to download those too and if they saw a few with the manager and a customer standing and pointing at the machine they would know that the gig was up and to just walk away.
I'm really thinking the cash idea is the way to go from now on. :-(
Dan
Re:No worries here. (Score:4, Insightful)
Re:Islam is the shelter of murderers and liars (Score:0, Insightful)
The religions are meant to enslave and execute people unless they adhere to the largely illogical creeds. It's time to cleanse the world of these blights.
FTFY
Re:Hiders Keepers? (Score:2, Insightful)
The recording device is in the pump. It records the card numbers internally. The thief then comes back and downloads the data off the skimmer with bluetooth (probably with a phone). Totally inconspicuous.
Re:Get the chip (Score:5, Insightful)
While it is certainly more secure than mag stripe, the various issuing institutions, at least in Britain, have tried to use this to argue that theft/skimming losses should now be the fault of the "negligent" customer, rather than their problem.
I have nothing against better security, I do have a problem with better security being tarted up as evidence that no intrusion could possibly have occurred without the connivance of the customer.
Re:Hiders Keepers? (Score:2, Insightful)
Re:Doesnt sound overly hard to (Score:2, Insightful)
They only need to have the card scanner in place for a short period (say an hour or two) to get enough credit cards, then they move on to the next target.
efficiency issue (Score:3, Insightful)
(2) Amount not recorded automatically. Have to mess around with receipts. During high price periods my gas usage approaches 5% of my budget and should be tracked.
(3) Requires carrying around more cash, especially in periods when prices are high.
Re:Hiders Keepers? (Score:4, Insightful)
Particularly with all the cellphones floating around, a BT radio, even one yelling its little amplifier out, is hardly automatically suspicious in a reasonably crowded area. Somebody who knew what they were doing, had the right set of antennas, and had some knowledge of what they were looking for(if, for instance, the skimmer-manufacturers produced a large batch, all with BT modules from the same manufacturer, or even with MACs in series, and some were captured by conventional physical inspection), could definitely hunt them down much more quickly, unless they are very short range units, or were using some stealth strategy like the above...
Re:Doesnt sound overly hard to (Score:3, Insightful)
The uniforms of gas station employees aren't exactly secret, nor are clothes that look very much like them hard to get ahold of(given that they are generally just plaincloths, or mechanic-style coveralls, possibly with silkscreened logos), so it would be pretty trivial to concoct a plausible disguise in which to tamper with the device.
Re:No worries here. (Score:3, Insightful)
And if the clerk pockets the cash and calls the cops on you to cover the theft? Here's a 20 for pump #2. *pumps $20 worth of gas and takes off*.
Just saying, ask for a receipt if your worried about the clerk pocketing your cash. Have proof of your purchase.
Re:Doesnt sound overly hard to (Score:4, Insightful)
Most of the people who can't handle the gas station clerk position think exactly like you do,
except they don't realize that they have to do paperwork at the end of each shift and quit because division is to hard.
The problem is that not every gas station is structured like that. I worked at a Gas station for 2 and a half years, and they basically had 3 people on duty at all times. 2 to run the tills, maintain the cleanliness of the store, and watch the pumps. 1 would be in the back office, doing that paperwork and occaisonally watching security cams. The only paperwork the front line people had to do was count out their till to $100 each time their shift began and ended. Anyone with a pulse could have worked that job. The only way to keep that job was to NOT steal money.)
And while I wouldn't expect much from even those people, I think they could identify a card reader if taught how. It's as easy as saying "Look at this specific part of the pump. Remember how it looks. Every morning I want you to look at it. If it ever looks different, inform me."
Re:insight from the banking industry (Score:4, Insightful)
When dealing with PR flacks, their salary depends on you not understanding it, which is likely even worse...
Re:Hiders Keepers? (Score:1, Insightful)
Re:ATM Skimmer (Score:2, Insightful)
The point, as far as I can tell, is that there are many chances to bolt on external junk, whilst it's pretty difficult/unusual to be able to compromise the ATM itself. External devices are just opportunistic ways of reading the data off your card (ie. magnetic strip, maybe a camera to read out the PIN as the user inputs it). I suppose you could place an overlay on the screen, but it sounds like a lot of work compared to a little magnetic strip reader.
If you'd managed to compromise the ATM (so as to be able to change the image displayed on that particular screen) you wouldn't need to bolt anything onto the outside at all - the ATM knows everything you're likely to want to steal. But then, if you were able to successfully hack an ATM, why waste time skimming credit card numbers?
Re:ATM Skimmer (Score:3, Insightful)
And if someone is able to compromise both the card and that image of "what it should look like"?
If an attacker has sufficient access to change what's being displayed on the ATM screen, then they can probably skip the external card-reader and just yoink the customer's bank data out of RAM.
Virtual # writer (Score:4, Insightful)
How about a way to magstripe the virtual # you get from Citi or equiv. Basically, you program the card before use at the station with a fresh virtual#. So, skim away! I couldn't care less if they skimmed a virtual#.
Or have a $75 limit on the card and only use it for gas.
Re:Doesnt sound overly hard to (Score:2, Insightful)
ooh ooh! I know this one!
division is to hard as gas station attendant is to job.
right?
Re:Hiders Keepers? (Score:2, Insightful)
Wait, what did Chase do? Or are you just listing bank names without actually knowing anything about what went on?
Two Simple Rules (Score:2, Insightful)
1. Never, ever use a debit card for anything. It isn't worth it.
2. Your credit card number will be stolen. Accept it as a fact of life. It doesn't cost you anything so stop worrying.
That's it.
Re:Hiders Keepers? (Score:3, Insightful)
Why? If I get mugged at (or on the way to) the gas station I lose my cash. If my card gets skimmed, I do not lose my money. If many people's cards get skimmed from the same place, I may not even have to dispute the transaction - the card company will just cancel the card, invalidate the transactions and issue me a new card.
From the article:
When a card is compromised, however, the card issuer has to reimburse the customer. If incidents of skimming at unattended terminals such as pay-at-the-pump continue to rise, gaps in security may be looked at with more scrutiny.
Cash may be more private, but cash is definitely not safer than credit cards.
Cash (Score:1, Insightful)
Just one more reason why I use CASH whenever possible. No account numbers to steal, few privacy issues (so far), and it has a hard time vanashing without your knowledge.