Criminals Hide Payment-Card Skimmers In Gas Pumps 332
tugfoigel writes "A wave of recent bank-card skimming incidents demonstrate how sophisticated the scam has become. Criminals hid bank card-skimming devices inside gas pumps — in at least one case, even completely replacing the front panel of a pump — in a recent wave of attacks that demonstrate a more sophisticated, insidious method of stealing money from unsuspecting victims filling up their gas tanks. Some 180 gas stations in Utah, from Salt Lake City to Provo, were reportedly found with these skimming devices sitting inside the gas pumps. The scam was first discovered when a California bank's fraud department discovered that multiple bank card victims reporting problems had all used the same gas pump at a 7-Eleven store in Utah."
Re:Great (Score:2, Insightful)
How do I protect myself from a skimmer inside a gas pump? Pay cash inside.
Or use a bike. Better for you and the environment too at the same time.
Re:Great (Score:3, Insightful)
Pay at the counter.
How does that help?
http://www.wired.com/threatlevel/2009/10/florida_skimming/ [wired.com]
Russian mob was doing this in the 1990's (Score:5, Insightful)
Re:Great (Score:4, Insightful)
Who is the victim? (Score:5, Insightful)
Let's define this scenario clearly. You put your money in a bank. The bank then gives you access to the bank's services. It's not access to "your" money so much as it is access to a money exchange service. (Think of an ATM and similar services as a vending machine that serves up cash and other things in exchange for the money in your bank account.)
Now there are the criminal parties. These parties are the ones who come in and exploit weaknesses in the system to get cash and other things. In the course of exploiting these weaknesses, they use the credentials of other people to extract the cash and other things from the actual victims.
Who are the actual victims? They are the banks themselves and they are the sellers of other things.
When the people whose credentials were used in the commission of a crime against the banks and merchants are charged with responsibility for the criminal acts, it is the banks and merchants who are victimizing the people... their customers! The criminal performed their crimes against the banks and merchants. It is the banks and merchants who are passing the burden along to the innocent individuals who quite literally have no way to protect or control the situation. It is the banks and merchants who have the means to control and protect.
Every time I hear "identity theft" and other referrals of uninvolved parties as victims of a crime, the lie bothers me. These banks and merchants have created a system that is weak and exploitable that uses its customers as a buffer and even a shield against those weaknesses. You cannot protect your "secret information" so long as it must be shared in order to use it. And once that information is out there and used, the banks and merchants take money from your account instead of theirs. The original victims are, in turn, victimizing the innocent by declaring that the innocents are victims of the original crime.
I am sure there are plenty of people who disagree with my sentiments on the matter. But if you do, point out the flaw in the logic I presented.
Re:Great (Score:3, Insightful)
Re:Russian mob was doing this in the 1990's (Score:4, Insightful)
Re:Great (Score:3, Insightful)
That's why I don't have Credit/Debit Cards and only pay cash. Sure it's a PITA at times but I don't have to worry about this issue at all.
Re:Russian mob was doing this in the 1990's (Score:3, Insightful)
Re:Great (Score:3, Insightful)
They don't care what the data is or how the machine uses that data.
A typical mag card reader that you can legally buy off the shelf will happily record the info on your drivers license or preferred customer card every bit as easily as on your credit card. Mag stripe cards have the data in plain ASCII text, credit cards included.
If you've ever written a program that reads text data off a serial port and saves that data to a file you have all the knowledge you need to create a credit card skimmer that won't get confused based on what card is inserted.
Re:I guess I wouldn't be that hard... (Score:3, Insightful)
Buy a commercial van, outfit it with signage "Bobs fuel pump repair services" or some such. Carry the right tools. Make the attendant sign a receipt for the work. Turn up, install your stuff and go. Fake plates obviously.
Re:Great (Score:4, Insightful)
Re:Great (Score:5, Insightful)
How do I protect myself from a skimmer inside a gas pump?
Or use a bike. Better for you and the environment too at the same time.
Okay, that's one problem avoided. So then how would one protect themselves from a skimmer on any other type of card reader, like at an ATM, vending machine, or a gas pump since no, you can't always just bike everywhere.
Ok, on a serious note about the problem. How to figure out a solution to this problem. Issue is, there isn't a simple answer.
Some might say we just need more education on the subject. But lets be honest. That won't work, never has, never will. People have been told that about everything from health (eat less processed/junk food, exercise more, ect... and as there are more people obese today then ever shows how well that works), to drugs (I've heard of the problems with things like crack since the 80's when I was born, and it's still being used today), to the basics of never share passwords but these things still happen.
Others might say we need more surveillance with cameras and police. But this isn't working either with Britain having millions of CCTV and also being the most violent country in Europe ( http://www.dailymail.co.uk/news/article-1196941/The-violent-country-Europe-Britain-worse-South-Africa-U-S.html [dailymail.co.uk] ). So this is also not a solution.
Other things need to be taken into consideration. Why are these happening? People are need money more then before with a lack of jobs due to the recession. Also the ease of availability of these problems (these machines are showing up in more and more places). Also a lack of security in these newer forms of payment that are shown to be insecure ( http://tv.boingboing.net/2008/03/19/how-to-hack-an-rfide.html [boingboing.net] ) yet still forced upon the consumer due to the millions funded into these technologies and the fear of admitting these losses to shareholders.
Many of these company's and people are no doubt hoping things like DMCA laws and their inclusion into global laws like the ACTA will help get rid of the problems since it will make the technology illegal (these break digital security locks). Thing is, again it won't work. Drug growers have shown that when these problems come about, people will just go underground and look for other ways to do this. This was shown during the Regan years of the war against drugs. As time passed, it was harder to smuggle weed from places like Afghanistan, so people started shipping hash. Same type of drug but smaller and easier to ship. After that came hash oil since it was again smaller and the law started to figure out about hash. When hash oil was found out, people started to look into hydroponics (a new growing method for plants of ANY kind) and found they could grow a better crop (better watered, feed, controlled, ect...) in the country bypassing the issue of smuggling it in.And just like pot dealers/growers showed that the law means little in the end to get what they want, same will happen with this and as with every crime in history.
Re:Russian mob was doing this in the 1990's (Score:4, Insightful)
Yes, because if he's paid more, he and people like him have more money to spend on the things I make. A race to the bottom is bad for the economy and bad for society.
Re:This isn't new (Score:3, Insightful)
I just assume that half of all the comments on here are the result of millions of monkeys in front of million of keyboards, with some sort of quick check to filter out most of the comments without real words in them.
How to solve this for good (Score:5, Insightful)
Equip all cards with a simple chip. This chip contains an encryption algorithim (something strong enough to not be easily cracked by running brute force on data packets). It would also contain a secret key unique to your account. And it should not give the key itself out.
Then the reader sends a formatted packet containing the PIN (if entered), the options (credit vs debit etc) and the amount of the purchase. The card encrypts this data and hands the reader a data packet saying "this is a chip-and-pin transaction" and containing the encrypted data. The reader sends this through the bank networks to the issuing bank.
The issuing bank has another copy of the secret key which it uses to decrypt the data packet and validate that the transaction is possible (i.e. enough money there etc) and returns a "yes, proceed" result to the card reader. The bank would ONLY record the transaction as a chip-and-pin if it was sent through this process (thus preventing dodgy or compromised swipe-only terminals reading the mag stripe and running up the transaction like a mag stripe transaction but telling the bank its chip-and-pin)
Re:Great (Score:3, Insightful)
I don't think that there was anyone talking about forcing anyone to do anything. In fact no one forced you to argue via reductio ad absurdum, but you did it, anyway. Isn't freedom nice? :)
More seriously, most people could commute less. Many people could do without a computer (or ten). In fact, that's common in Asia, where gamers don't want to waste a bunch of money upgrading constantly. The game room absorbs the cost over many clients. More people could live in apartments or planned housing, which speaks directly to the AC that said he lives 50 miles from work in order to have a large house and yard. Not everyone needs to be Mr. Blandings [imdb.com].
People get to make that choice: I don't want to let them pretend that they had no choice or were required to buy a house or an SUV, unless they were. Most people just want to keep up with the Jones, even if that means going into massive debt, commuting an hour and a half each way, and getting all the massive stress that goes along with those things.
Me? I'll take a condo, a bike, public transportation, no debt, and two years' living money in the bank. It's better for my health. It's better for my future.
Re:Great (Score:3, Insightful)
Not everyone considers homes and jobs fungible.
Some of us invest significant thought and effort into finding the right home in the right area, maintaining it well, making improvements (e.g. replace the Linoleum with tile one year, build a larger deck the next, plant trees in the yard after that), getting to know the neighbors, etc. Having pride in and enjoying a home can easily outweigh an hour or more commute, and giving that up can be a very big deal for some people.
The same goes for jobs. Some people do in fact work for more than just a paycheck -- they identify with and take pride in their company and their work; they work hard not just to advance their career, but because they genuinely want to see the company improve and succeed. Here, too, giving that up can be a big deal.
Exchange for a better option? It's a matter of personal preference. If being able to ride your bike to work is important to you, changing your home or job might be the "better option." Just know that for some, the current home and job are the better option -- and the commute is an insignificant price to pay for being happy with each.
Re:How to solve this for good (Score:3, Insightful)
Would redeveloping chip & pin to solve the known issues and rolling out new terminals cost significantly more than the anticipated losses through fraudulent chip & pin transactions? Because as far as the bank is concerned, if the losses they have to eat are £100,000 per annum but the extra cost is in the millions, it'll be a long time before they can justify the investment.