Now the Mountain View (California) Voice reports on the arrest of two men who had installed skimmers INSIDE gasoline pumps at service stations:
Police were initially tipped off on Dec. 6, 2010, when a gas station attendant discovered a small skimmer -- capable of harvesting credit card numbers from unwitting customers -- attached to the circuit board inside a gas pump...This is really quite scary, and undoubtedly more widespread than just California. These guys had stolen 3,600 credit card numbers. As the article notes, the only way a consumer could be guaranteed of safety would be to pay the attendant inside the station.
After searching the duo's van, police found keys that opened the gas pump as well as address information for other stations in the area. An investigation... recovered six identical skimming devices installed at five gas stations...
A specialist in prosecuting high tech crimes, Flattery said it only takes "a matter of seconds" to install the skimming devices, which are made from modified commercial credit card scanners used by retailers. Skimmers record everything needed to produce an exact replica of a credit card.
The ease with which counterfeiters can produce and install the skimmers is exacerbated by the fact that many gas pumps can be opened with the same key, regardless of the brand, Flattery said.
He said this type of scheme is "especially frustrating to consumers," because it is impossible to know from the outside which pumps have been hacked. Law enforcement has to rely on the diligence of individual gas station owners.
In EU, just because skimming is so easy, the cards have started to come with a chip; a little computer on the card, that needs the right pin and confirmation from the bank to work. It can't be copied, and it can't be used without the PIN. Are you starting to see those over there as well? (See https://secure.wikimedia.org/wikipedia/en/wiki/Chip_and_PIN)
ReplyDeleteonly in very, very few places (I have seen ONE in my whole life) in Germany, can you pay at the pump, and then with a EC card, that needs pin verification.
ReplyDeleteMany people don't even have credit cards, and I'd say the majority just uses them for buying stuff on the internet, or when traveling.
Note that the more sophisticated skimmers incorporate a camera that detects the user's fingertaps on the keypad to decipher and record the PIN as well...
ReplyDeleteGoing into pay the cashier may not be all that safe either. Back in the early 80's I worked at a Gas Station, and discovered that the cashier on the previous shift had run the customer's card through the imprinter twice, once with the real number and once with a higher price. The customer would then sign the real one and leave with a copy of the real price, but the cashier was then forging the signature onto the fake (possibly by having the customer unwittingly sign it as well), and place the fake into the cash box, and helped himself to the difference in the cash box.
ReplyDeleteYou just can't trust people.
I live .5 mile from one of those machines in Mountain View, and my card number was stolen some how a few months ago (but the thieves used it on a shopping spree in San Francisco, about 40 miles away). I wonder if this was the link!?
ReplyDeleteHi, from Latvia.
ReplyDeleteWe too have chip and pin credit cards here (you can not get one without chip for 5 years or so). But chip and pin cards are not a panacea as you can see for yourselves here:
http://www.lightbluetouchpaper.org/2010/12/25/a-merry-christmas-to-all-bankers/
They make the attack much harder, though.
Here is a nice picture of camera setup in gasoline sef service station somewhere in Finland
https://twitpic.com/4w667k
I can't see the camera, unless it's behind that pinhole directly above.
ReplyDeleteYou are correct - the tiny square pinhole at the center of plastic is all that is needed.
ReplyDelete