U.S. Secret Service Issues Warning to Gas Pump Skimmer Operators

I always give a good tug on the card reader before putting my card in. Guess I will also check for bluetooth signals for the readers that are inside the pump.

 

Just chip enable the damned pumps, and this problem goes away permanently.

I can't wait until the magnetic strip is permanently removed from all cards.

 

Did they upgrade Bluetooth to transmit over long distances? They HAVE to at least be within a certain proximity at least to retrieve the data or come back to retrieve the skimmer

 

I'm sure body checking the pump to enable it is going to go over real well LOL.

Guessing you meant "chip" and not hip.

 

yes.

 

Screw every other card skim / phish / scam, there's government fuel tax money to protect!

 

Illegal card reader.

 

This is very cost prohibitive to the operator. A lot of private operators would go under instead convert. Hense all the delays. I can get technical if anyone cares.
Also, all card readers have swipe as a fallback so the chip reader won’t matter as they’d still get the strip info.

As someone who is in the industry and has seen some awesome advances in skimmer prevention...I rarely use my card outside at a pump. There are dozens of types and depending on the operations ability to monitor the inside of a dispenser, you’d never have an opportunity to see it.

If you are set on using a card outside. Get a credit card ONLY for gas. It’s easier to monitor and if you have to cancel it, it’s not an inconvenience to change bill pay or whatever is tied to it.

 

Knowing this is and has been an issue for a while I always go to my bank and withdraw cash and keep it on me for all gas purchases and anywhere I may think a skimmer might be such as shady non English speaking shop owners etc.

I know you cant be 100% safe using a card but you can avoid the obvious risks.

 

I'll just keep going inside to pay for my gas.

 

they are going to have to do it soon as VISA/MC will no longer accept fraud claims from non chip reading devices... those guidelines were in 2015

https://www.creditcards.com/credit-card-news/understanding-EMV-fraud-liability-shift-1271.php

 

I am actually curious. I don't understand why this would cost so much, when the likes of Square sells chip card readers for like $40 a pop. Sure, there is more to it for a gas pump, but still. It seems like someone is overinflating costs here, and trying to rip gas operators off...

 

Gas dispensers are exempt for a few more years. I’ll look up later, but outside poitof sale got categorized differently to make people happy.

 

Most CC data is transmitted over lines designed back when dial up was a thing. A CC # is cheap and easy to transmit inside for processing.
Emv would be crazy slow. Running cat 6 plus networking dispensers isn’t a small endeavor. Slowly operators have been moving to more technical dispensers so the hardware outside is capable. But those are to the tune of 10 to 20 grand a pop depending on if they’re upgradable or having to replace. Emv card readers are nearly grand a piece. Just for the reader.
There are retro kits coming out to utilize the old phone line style data lines, but there are only 2 major players in gas dispensers so they can charge whatever they want for it.

Edit. Side rant. with the chip reader, card readers cannot be cleaned of debris or the emv pins will short or break so if someone sticks paper or forgets to take the glue off, the whole thing has to be replaced and sent back in hopes the mfg will give core credit and repair. (Again only 2 companies so they don’t give a F)

 

Sounds like there is an opportunity for someone to come in and really shake up this market undercutting the existing players.

 

How come the card skimming devices use Bluetooth? Maybe it's cellular data instead of BT? If it's BT, then the devices have to connect to another nearby device to transmit the data, and that other device must have some kind on internet connection.

 

No internet is needed during the transfer. A thief can walk into the store and get the data from the pumps or just walk down the street.

 

And the article states "
The devices use Bluetooth so the criminal never has to come back to retrieve the stolen data." as if BT was a long range communications protocol, but in reality you get like 20-30m range tops with line of sight.

 

Maybe they meant the criminal did not have to retrieve the device out of the pump to obtain the data.

 

20-30m is all you need to park across the street, out of view of any cameras. Or drive up to the pump get gas read the skimmer and take off.

Gas pumps make a great target because most gas station owners and the attendant are not going to go and check the readers. Best case the state inspector sees it when they do their yearly inspection. Banks actively check their ATMvs pretty regularly.

Also the good readers will sit inside the card slot, and fit well enough againt the exterior that just grabbing it and pulling it would pass the majority of the publics checking the pump.

 

Yeah thats more likely. Shitty writers are shitty

 

Most business owners already shudder at the costs of CC transactions they get the bill for. Running more secure transactions with encrypted data and additional checks/steps isn't going to lower those fees. I know a lot of people ONLY use their credit cards on site like amazon, and won't use it for anything else. Do these same people research what stores they are using them at, and avoid all the stores that have ever been effected by credit card breaches? No.

 

Easy to detect. Turn on your bluetooth on your phone see if signal comes up. If it does dont use.

 

The last time i swiped a card in Brazil my VGA was a geforce 5200.. Guess USA are not the tech leaders on all fields...

 

Pretty much what I always say, just use a separate credit card for such purchases and online. NEVER use debit card. As for scams, they happen all the time but banks offer a no liability on scam transactions. So pretty much if you monitor your card, it's extremely easy to dispute of get a new card should the info leak out. Some banks offer virtual card which is good for one purchase which is very handy and helps around vendors that just save your CC info anyway or keep it for longer than they should. It recall at some point there were horizontal readers where head moves over the card strip no you physically insert it and move over the herd. But like you said, it is very expensive for vendors to implement so they likely won't unless mandated by some law. Much easier to be smart about your card use and monitor them than be paranoid as physical skimming is a much lower risk than hacking of a vendor site where millions of records are stolen.

 

Does it come up ‘I steals your shiznat’ in the device manager?

 

I use the best solution, my card stays maxed out so if anyone steals the number and tries to use it they get a rejection notice for anything over about $30

 

I always pay cash, saves me about $1 / fill up. Not a big deal since I don't drive much, but WTF they make enough money anyway.

 

Does anyone know if you use Samsung / Android / Apple Pay whether you will face the same vulnerability? If not, maybe we should all switch to those?

 

I almost always buy my gas at Costco, they have Costco seals on the reader slot/pump, so it would be obvious if it's tampered with.

 

I'd have to drive an extra 60miles to get gas at Costco. But sounds like a reasonable thing to do (I mean sealing the slot).

edit for clarity

 

Around me, my usual gas places still charge the same cash / credit, so no point in paying cash if you can collect points or cash back or whatever while getting gas but I'm glad to see the somebody doing something about this scam.

 

Need to stop supporting magnetic stripe it will reduce the reward from card skimmers tremendously.

 

a lot of card skimmers now are no longer outside skimmers. they either fit in the mag swipe slot or are stuffed in the dispenser. 99% of retailers never change the locks on the dispenser and are still using the stock factory key...(made up the 99% based on observation. I do not have proof of that. CH751 is a very common key and it is the default lock on at least one brands dispenser)

 

And using Password as their password?

 

Yep Happened to me in NY skimmer got my card. We all have chip readers in Canada so no skimming at all. USA really needs to get rid of magnet strips.

 

I stopped paying at the pump a long time ago. I know I been skimmed in the past and they have found at least 3 times skimmers at the pumps in the area about 3 times last year.

I now pay inside chip or use phone. people need to stop swiping at the pump.

 

Why is this the Secret Services job?

 

that is their primary function and why the department was created (protection from counterfeiting and fraud). the presidential part was added later.