24 March 2015

Update on credit card skimmers


Over the past five years I've written three posts about credit card skimmers.  In 2009 an alert to the existence of skimmers that steal your credit card data at ATMs.  In 2010, photos of some virtually undetectable skimmers.   Then in 2011 reports of skimmers found inside hacked gasoline pumps.

This year's report comes from Krebs On Security, which reminds us that security tape on a card-accepting device (gas pump for example) is meaningless.
Tyler wanted to know what would prevent a scammer from simply removing the tape from one reader and placing it back on top of a compromised reader? Or, since most people probably wouldn’t know to look for the presence of tape around the card reader, how about just placing the skimming device right on top? I wondered that as well...

Of course, security tape wrapped around a card reader at a gas pump isn’t going to stop most pump skimming attacks, which start when someone with a master key for the pump opens it up and fiddles with the guts of the machine. The crooks figured out a long time ago that only a handful of master keys are needed to open the majority of the gas pumps in use today.

6 comments:

  1. To get around gas pump skimmers, I buy gas cards at the grocery store so I never use my credit card to buy gas. Our local Publix stores often offer coupons for $10.00 off $50.00 gas cards when you buy $50.00 worth of groceries. Since I'm now retired and don't drive as much, this works well for me. Even if I still used more gas, I think I'd buy the gas cards to avoid skimmers at the pump.

    ReplyDelete
  2. I try to be alert and aware, but at the same time, whether I am shopping in a grocery store (like last year when my credit card info was stolen that way), online, or at the gas pump, there's a chance that my information will be taken. For that reason, I generally don't use a debit card, because in my experience, with my credit card company, getting the illicit transactions reversed was pretty easy and I received new cards pretty quick. It could have been a much bigger mess if I was using an account directly tied to my checking/saving accounts. I hope it doesn't happen, but if it does, it will be an inconvenience. Still, I do like hearing about the latest ways skimmers are being installed. It's definitely good to keep up with it.

    ReplyDelete
  3. I'm surprised no one mentioned the simplest safeguard to prevent use of your credit card from point of sale terminals (such as on a gas pump) or an ATM card.

    The skimmers pull your card number. They don't get your PIN or code number needed to authorize the card. They'll either have someone watching the terminal or hide a small camera where it can see the keypad.

    If you just shield the keypad when you put in the code, even if they have your card number, its basically worthless. Just put your other hand over the keypad so only you can see what you are punching in. But like 90+% of people never shield the keypad when they punch in their code.

    Make it a habit to shield the keypad, and you'll be much safer against skimmers.

    ReplyDelete
    Replies
    1. Thermo-cameras defeat this, as the keys you touched will glow and often with different intensity to predict the correct order.
      4 digit PINS are pathetic for protecting your money and knowing what keys were involved, even more so.

      Delete
    2. In that case, what I should do after entering my 4-digit PIN is to rest my fingers on two other keys for a short time.

      Delete
  4. my gas pump asks for my zipcode. that makes me wonder how canadians buys gas at those pumps?

    I-)

    ReplyDelete