MyFox
 

signal12's Blog

by signal12 from The Squirrel Cave

Last Post 106 days, 6 hours Ago


Card ’Skimming’ pay-at-the-pump customers
Jun 17, 2008 | 4:42 PM
Category: News
Report This Post

As if the high cost of gas wasn’t enough, credit and debit card users who pay at the pump have to face a new way to be gouged at the pump: skimmers.
article-gas-station-card-skimmers-1282.jpg
Skimmers are inconspicuous electronic devices that thieves install either inside or outside a gas pump. These small and inexpensive devices record card numbers as you pay for your petrol. Free-roaming fraudsters and gas station insiders then help themselves to the card information in the skimming devices, then go out and use the stolen card numbers to make fraudulent purchases.

According to electronic payments Inc.  the 1.36 million gas pumps in the United States, an estimated 700,000 gas pumps accept pay-at-the-pump — and not one of those pumps is secure against skimming.

Some skimmers also incorporate the use of tiny remote cameras to capture PIN numbers of debit card users who enter them at pump-side.

More technologically advanced skimmers are turning to wireless technology, to intercept signals some gas stations use to transmit card data from the pumps to their central computers. Instead of manually installing the equipment on the pumps, they can lurk in their cars nearby while downloading your card information to a laptop, says Jeff Wakefield, a vice president with VeriFone, the largest secure payment terminal vendor.

But the basic technique for getting credit and debit card data from gas pumps is not rocket science: Crooks simply attach card-skimming devices to exposed wiring inside the pump to collect card data before it is secured, according to Wakefield.

Other skimming technology attaches outside the pump. The devices can cost anywhere from $50-$600 and can be as small as a pager and attach with magnets. The card swipe is essentially captured twice: once for the gas purchase and then again for the crooks. The devices are then removed from the pump at a later date or time.

Point of sale’ a weak link
Visa first noted a rise in credit and debit card skimming at the pump in its November 2006 data security alert. According to the alert, skimming operations have been targeting gas pumps at increasing rates. At least 60 percent of people buy gas using pay-at-the-pump, says Jeff Lenard, vice president of communications of the National Association of Convenience Stores (NACS).

Gartner, a leading global technology analyst firm, predicts that in 2008, most attacks against retailers will target their point-of-sale hardware, which includes pay-at-pump terminals. Its prediction is based in part on its 2007 study of 160 cases of credit card data being compromised. Of those, 128 took place at a brick-and-mortar retailer’s point of sale. Crooks have found a weak spot in point-of-sale terminals and are exploiting it, according to Avivah Litan, a vice president and analyst with Gartner.

Skimming occurs in bursts, says Mike Urban, senior director of fraud solutions at Fair Isaac Corp., the company behind the FICO credit score. “There are periods of time during which criminals try to compromise several terminals, then they start using the card information,” says Urban. Skimming operations by insiders (those who contract with or work for the gas stations) compromise as many as 2,000 cards at a time, while outside operations compromise a few hundred cards at a time, he says.

Consider these stories:

  • In March 2007, an Orange County man plead guilty to skimming credit and debit cards at pumps at Arco/AM-PM gas stations, according to the U.S. Attorney’s office. The man stole information from 90 cards, using it to create phony cards. He then withdrew $186,000 from the victim’s accounts at ATMs.
  • In August 2007, the Los Angeles County Sheriff’s Department reported that someone had installed a skimming device at a USA Gas Station in Agoura Hills. The same gas station had fallen victim to skimming a few months prior, costing victims thousands of dollars.
  • In January 2008, crooks skimmed credit and debit card information from at least nine customers at a Newport Beach Exxon station.

Fraud graduates to wireless
Some retail outlets connect their gas pump hardware to their main computers wirelessly, creating a new weak spot. Crooks who can identify such a station can bypass the risk of installing skimming machines. Instead, they hack in via a wireless connection and download credit and debit card information directly from retailer computers, according to Gartner’s Litan. Once they’re “in,” they can simply sit somewhere in signal range, stealing via a wireless-connected a laptop.

According to a Visa USA Inc. Data Security Alert, Visa is addressing this by urging retailers to comply with the Payment Card Industry (PCI) standard, which requires retailers to separate wireless networks from those that carry sensitive cardholder information.

While shoring up weak points with standards is possible, stamping out the crime is a different matter. “It’s hard for the credit card companies to mandate to the fuel industry what they need to do when there hasn’t been any solution that stops skimming,” says Wakefield.

How to protect yourself
To prevent your credit or debit card from being skimmed at a gas station:

  • Go in the store to process transactions and sign all credit card receipts, recommends Jean Ann Fox, director of financial services of Consumer Federation of America.
  • Check your statement as soon as it arrives or online and report inconsistencies quickly, adds Fox. “This is especially true with debit cards. If you don’t report it fast enough, you can lose the opportunity to get your money back,” Fox says.
  • If you do suspect skimming, call law enforcement immediately. “Let the station attendant know, but don’t rely on them to call the police,” says IDTheftSecurity.com CEO Robert Siciliano. Until the industry has answers, consumers are their own best protection.

This is a New Twist on the ever popular card skimming practice... To which I have fallen victim to this week.. See I normally only use my ATM card for fuel, I only use it for the Pay at the Pump refuels.. My bank called me and said my account had been frozen due to a charge made in Montrial Canada, this week.... So I just had to go through all that BLEEP this afternoon.... From now on I will have to start pulling on those card readers too.....

2 Comments |  Add a Comment

Member Comments Total Comments: 2
Page 1 of 1
Twizlled read my blog view my photos
Jun 17, 2008 | 8:40 PM

Its ...&**%^* like this that makes me hate this world, why so few honest good hardworking people, and sooooooooo many $%^&$%&*('s?
candyaquino read my blog view my photos
Jun 18, 2008 | 9:46 AM

Yep another good one Signal..they are also doing this at ATM's the would be thieves put in a piece of rubber or sometime of interference so when you use your ATM Card..the card gets stuck in the machine the robbers come in and ask you if you need help ..the person innocently thinkin they're being help gives the pin numbers..the card remains stuck..to call the bank WHEN CUSTOMERS LEAVES..the thieves also pretend they are leaving then they come back and retrieve the card and already have your pin number. This was in the news not too long ago but I don't think it was Fox..maybe you can blog about that scheme too......thanks for the updates.
Page 1 of 1


Write your comment below:




signal12

Im a blue collar worker, a Smoker & Social drinker. I've been a Native Floridian for 38 yrs.

Member Since: 12/20/2007


 

View All Photos


RSS: XMLWhat is RSS?