Gas pump and ATM skimmers: How to spot them

0
90


Use your eyes, fingers, an app and common sense to cut your fraud risk

Susan Ladika

Personal Finance Writer
Expert on fraud, travel and debt.

How to spot a credit card skimmer

Your eyes, fingers and now
even your smartphone may be able to help you spot card skimmers at gas pumps and ATMs, but nothing is foolproof.

“Some of the newer skimmers are almost
impossible to see, even if you know what you’re looking for,” says David Tente,
U.S. executive director of the ATM Industry Association.

With AAA projecting a
record 107.3 million Americans will hit the roads, catch a plane or ride on a
train or bus for holiday travel from Saturday, Dec. 23, through Monday, Jan. 1,
drivers should be alert for skimmers at fuel pumps and everyone should
scrutinize ATMs before inserting your bank or credit union card.

Skimmer
fraud soaring at ATMs and gas pumps

During the first six months of 2017, the
number of compromised ATMs and point-of-sale devices jumped 21 percent,
compared to the first six months of 2016, according to data from FICO. Meanwhile, the number of compromised cards soared 39 percent.

That comes on the heels
of a 30 percent increase in compromised devices from 2015 to 2016, and a 70 percent
increase in compromised cards during that time, according to FICO.

The ATM EMV liability
shift
was in October 2016 for Mastercard and October 2017 for Visa.

Gas pumps received a three-year extension on EMV transition in 2017, meaning fuel pumps will
continue to be a fertile field for fraudsters with skimmers until October 2020. EMV chip technology has
reduced fraud at the checkout counter since the EMV liability shift in October
2015.

Until fueling pumps read
EMV chip cards, gas stations will be “one of the last bastions” for thieves,
says Eva Velasquez, president and CEO of the Identity Theft Resource Center.

Magnetic-stripe
technology, she says, lacks layers of protection. “If thieves know how to
compromise that, that’s where they will go,” she says. “It’s lucrative – people
wouldn’t do it if it wasn’t.”

Gas pump skimming: How big a risk is it?

There are no reliable statistics on the extent of skimming, since it is a local crime and not centrally tracked, but experts say it is on the rise. How big is the risk? According to the National Association for Convenience Stores:

  • 37 million Americans refuel every day.
  • Of them, 29 million pay for fuel with a credit or debit card.
  • When skimming occurs at a gas station, it usually takes place at only one pump.
  • A single compromised pump can capture data from 30 to 100 cards per day.

So how can you spot a
skimmer and reduce your risk of card fraud during your holiday travels?

1. Use your eyes: Look before you insert your card.

Before you slide your
card in a fuel pump or ATM, take a good look at the keyboard and card reader,
says Jeremy Hajek, industry associate professor of information technology and
management at the Illinois Institute of Technology.

“Does anything look
different if this is an ATM you’ve used before?” Tente asks.

Bad guys can use a 3-D
printer to create a new keyboard to put on top of the real one. The keyboard might look different than the
rest of the ATM, or the keys could look bigger.

With fuel pumps, is the seal broken? To
place a skimmer inside a fuel pump, fraudsters must open the fuel dispenser
door to insert the skimmer.

Station employees may
place serial-numbered security tape across the dispenser door, so check to see
if the tape has been broken, according to NACS, the Association for Convenience
& Fuel Retailing. If there’s no tape, check to see if the dispenser door
looks as though it has been forced open.

Also, look inside the
throat of the card reader to see if you can spot anything hidden there, Tente
says. A skimmer inside a gas pump or ATM can steal the information off the
magnetic stripe of your credit card or debit card. 

2. Use your fingers: If something doesn’t feel right, move on.

Wiggle the ATM card reader to
see if it’s loose, Tente suggests. The crooks might place a card reader on top
of the existing one, he says.

You should also be wary
if it’s hard to insert your credit card or debit card.

Some gas station credit card skimming victims
have, in hindsight, remembered that the card reader had “a weird feeling, like
the slot had been tampered with,” says Lt. John Faine, criminal investigations
section commander in Warren County Sheriff’s Office, Lebanon, Ohio.

“It wasn’t noticeable
when it happened, but after the fact, they said, ‘You know what, it did feel
like something was off when I put my card in.’”

3. Use your phone: Apps now can alert you to possible skimmers.

A free Skimmer Scanner Android app released in September
2017 scans for available Bluetooth connections looking for a device with
title HC-05. How does it work? A blog
post from SparkFun
, the app maker, explains:

“If found, the app will
attempt to connect using the default password of 1234. Once connected, the
letter ‘P’ will be sent. If a response of ‘M’ then there is a very high
likelihood there is a skimmer in the Bluetooth range of your phone (5 to 15
feet).”

If your smartphone
detects a skimmer, use a different pump or go to a different gas station.

How does Bluetooth relate
to skimmers?

In the past, bad guys had
to return to the the fuel pump or ATM to retrieve skimmers. That’s not always
the case now.

Thieves have begun to use
Bluetooth technology to glean your credit card or debit card information. The
crime is called bluesnarfing or blue skimming, and the crooks can sit 100 yards
away in their vehicle while credit and debit card information is transmitted to
their laptop.

Blue skimming is tough to
detect, says Karl Sigler, threat intelligence manager at Trustwave SpiderLabs
Research. Sigler has tried to do spot skimmers by checking the Bluetooth on his
phone. “It’s hard to decide what’s skimming and what’s a Bluetooth headphone,”
he says.

4. Use your common sense: Use fuel pumps and ATMs in safe places.

Avoid gas pumps that are
out of sight of the clerk and ATMs in areas with little traffic.

“Criminals attack
low-hanging fruit,” says Hayek,

It’s particularly
important to be cautious at non-bank ATMs, such as those located at convenience
stores or nightclubs, says Michael Betron, senior director of product
management at FICO.

Non-bank ATMs accounted
for the majority of compromised devices in 2016, he notes. Often with non-bank
ATMs, “no one is around for a long time so it’s easier to get a skimmer in
there,” he says.

At banks, on the other
hand, security is tighter, with cameras recording transactions and more people
coming and going. But “bank ATMs are more profitable” for the bad guys, Betron
says, as more transactions take place there.

At ATMs, always cover the
keyboard when you type your PIN. There might be a new cardboard box containing literature
next to the ATM, which crooks set up to conceal a pinhole camera, Tente says.
They use the camera to record you as you key in your PIN.

skimming devices

There is no foolproof way to spot skimmers.


The challenge comes from skimmers that are so small that they can be embedded
inside the ATM, says Sigler. “It’s becoming harder
and harder to physically identify skimmers that are in place.”

These small skimmers
can’t be spotted – even if you’re using your eyes, fingers and
your common sense – he says, and the criminal needs to use a special retriever
to extricate them.

So what else can you do
to protect your card information when you’re heading over the river and through
the woods – or by plane, train or bus – for the
holidays?

Law officers and gas
pump and ATM experts suggest:


  • Pay
    inside, with cash or a credit card, rather than at the pump.


    There is less chance a fraudster placed a card skimmer on the payment terminal in front of the clerk inside the gas station or convenience store. However, it takes just seconds to place a skimmer on a card reader, as this video shows, if a clerk is distracted. 

    In fact, the sheriff’s office in Austin, Texas, has urged area residents to pay for gas inside because card skimmers were so common at area fuel pumps.


  • Choose
    pumps closest to a physical building.


    Also, for obvious personal safety reasons, do not use fuel pumps or ATMs hidden
    around the corner of the building. Avoid sketchy ATMs, warns CreditCards.com expert Erica Sandberg. If the ATM seems jimmied, steer clear, she says.


  • Use
    a credit card, not a debit card, when you pay.


    If a credit card number is skimmed, you’re playing with the bank’s
    money and protected by the
    card’s zero-liability policy
    . A stolen debit card number could yield
    far worse damage.

    “If a debit card gets compromised, and they have your
    PIN, you’ve just given someone access to your cash,” says Velasquez of the
    Identity Theft Resource Center.


  • Use your issuer’s fraud alerts
    and check your card statements.


    Set up fraud alerts on your credit cards. Nearly every issuer offers these,
    and many will email and/or text you when your card is used at a gas station. Check your credit card and debit
    card transactions frequently to make sure no fraudulent activity has occurred.


  • Consider paying or withdrawing cash with your
    digital wallet.


    If you have Apple Pay, Samsung Pay or Android Pay – or your card issuer or
    bank’s mobile wallet – paying by phone is an incognito way to make a payment or withdraw cash at an ATM offering cardless access.
    Essentially, your credit card company sends a randomly generated 16-number
    token or code to your smartphone as a stand-in credit card number.

    Some gas
    stations are even beginning to offer this option, such as if you pay
    through ExxonMobil‘s
    Speedpass+ app. 

See related: The new card skimming is called ‘shimming’, 6 ways to reduce your risk of skimmer fraud, How credit cards take a bite out of gas prices, Rack up card rewards on your next road trip, Gas rewards credit cards




Original Source