Criminals Hide Payment-Card Skimmers In Gas Pumps 332
tugfoigel writes "A wave of recent bank-card skimming incidents demonstrate how sophisticated the scam has become. Criminals hid bank card-skimming devices inside gas pumps — in at least one case, even completely replacing the front panel of a pump — in a recent wave of attacks that demonstrate a more sophisticated, insidious method of stealing money from unsuspecting victims filling up their gas tanks. Some 180 gas stations in Utah, from Salt Lake City to Provo, were reportedly found with these skimming devices sitting inside the gas pumps. The scam was first discovered when a California bank's fraud department discovered that multiple bank card victims reporting problems had all used the same gas pump at a 7-Eleven store in Utah."
Great (Score:3, Interesting)
I remember running into something like this a long time ago when I was in New York City. There was this small piece of metal in the card slot. Needless to say I didn't insert my debit card in to find out what it was.
How do I protect myself from a skimmer inside a gas pump?
Re:Great (Score:5, Informative)
Pay cash inside.
Re: (Score:2, Insightful)
How do I protect myself from a skimmer inside a gas pump? Pay cash inside.
Or use a bike. Better for you and the environment too at the same time.
Re: (Score:2)
How do I protect myself from a skimmer inside a gas pump?
Or use a bike. Better for you and the environment too at the same time.
Okay, that's one problem avoided. So then how would one protect themselves from a skimmer on any other type of card reader, like at an ATM, vending machine, or a gas pump since no, you can't always just bike everywhere.
Re:Great (Score:4, Funny)
Re: (Score:2)
Pay with cash... or gold coins perhaps? :^)
Re:Great (Score:4, Funny)
what if you're buying a bike and the credit card machine at the bike shop has a skimmer installed?!
Use a car.
Re:Great (Score:5, Insightful)
How do I protect myself from a skimmer inside a gas pump?
Or use a bike. Better for you and the environment too at the same time.
Okay, that's one problem avoided. So then how would one protect themselves from a skimmer on any other type of card reader, like at an ATM, vending machine, or a gas pump since no, you can't always just bike everywhere.
Ok, on a serious note about the problem. How to figure out a solution to this problem. Issue is, there isn't a simple answer.
Some might say we just need more education on the subject. But lets be honest. That won't work, never has, never will. People have been told that about everything from health (eat less processed/junk food, exercise more, ect... and as there are more people obese today then ever shows how well that works), to drugs (I've heard of the problems with things like crack since the 80's when I was born, and it's still being used today), to the basics of never share passwords but these things still happen.
Others might say we need more surveillance with cameras and police. But this isn't working either with Britain having millions of CCTV and also being the most violent country in Europe ( http://www.dailymail.co.uk/news/article-1196941/The-violent-country-Europe-Britain-worse-South-Africa-U-S.html [dailymail.co.uk] ). So this is also not a solution.
Other things need to be taken into consideration. Why are these happening? People are need money more then before with a lack of jobs due to the recession. Also the ease of availability of these problems (these machines are showing up in more and more places). Also a lack of security in these newer forms of payment that are shown to be insecure ( http://tv.boingboing.net/2008/03/19/how-to-hack-an-rfide.html [boingboing.net] ) yet still forced upon the consumer due to the millions funded into these technologies and the fear of admitting these losses to shareholders.
Many of these company's and people are no doubt hoping things like DMCA laws and their inclusion into global laws like the ACTA will help get rid of the problems since it will make the technology illegal (these break digital security locks). Thing is, again it won't work. Drug growers have shown that when these problems come about, people will just go underground and look for other ways to do this. This was shown during the Regan years of the war against drugs. As time passed, it was harder to smuggle weed from places like Afghanistan, so people started shipping hash. Same type of drug but smaller and easier to ship. After that came hash oil since it was again smaller and the law started to figure out about hash. When hash oil was found out, people started to look into hydroponics (a new growing method for plants of ANY kind) and found they could grow a better crop (better watered, feed, controlled, ect...) in the country bypassing the issue of smuggling it in.And just like pot dealers/growers showed that the law means little in the end to get what they want, same will happen with this and as with every crime in history.
Re:Great (Score:5, Funny)
We laugh at people on the internet for blowing things out of all proportion. It's nicknamed, "a series of tubes," for a reason.
I kept reading your post after I noticed the Score: 1 Flamebait moderation, sometimes they are too silly to pass up. Sorry you tea drinking, haughty twit.
Say American next time. We won't even make fun of you for getting your ass kicked a couple hundred years ago by a bunch of degenerates with pitchforks and your uptight neighbors that have something against shaving.
=P
Re: (Score:2)
He's snarky yeah, but not a troll. WTF mods?
Re: (Score:2)
Seriously... bikes work, even in the snow. 53 miles per burrito, baby [zeropergallon.com]!
Re:Great (Score:5, Funny)
Ride 50 miles one way to work on your bicycle.
Not too hard, I'd only need to do it once before my boss fires me for being 4 hours late.
Re: (Score:2)
hah hah hahahahahahahahaaaahaha
Where are my mod points, you sir wrote a good one.
Re:Great (Score:4, Funny)
Ride 50 miles one way to work on your bicycle.
Not too hard, I'd only need to do it once before my boss fires me for being 4 hours late.
This is your boss. You're fired for slacking off on slashdot.
Re: (Score:2)
If you have to travel 50 miles to get to your job, then something went seriously wrong in your life.
Re: (Score:2)
Better yet, don't work 80 kilometers from home.
Re:Great (Score:4, Insightful)
Re: (Score:3, Insightful)
Not everyone considers homes and jobs fungible.
Some of us invest significant thought and effort into finding the right home in the right area, maintaining it well, making improvements (e.g. replace the Linoleum with tile one year, build a larger deck the next, plant trees in the yard after that), getting to know the neighbors, etc. Having pride in and enjoying a home can easily outweigh an hour or more commute, and giving that up can be a very big deal for some people.
The same goes for jobs. Some people do
Re: (Score:3, Insightful)
I don't think that there was anyone talking about forcing anyone to do anything. In fact no one forced you to argue via reductio ad absurdum, but you did it, anyway. Isn't freedom nice? :)
More seriously, most people could commute less. Many people could do without a computer (or ten). In fact, that's common in Asia, where gamers don't want to waste a bunch of money upgrading constantly. The game room absorbs the cost over many clients. More people could live in apartments or planned housing, which speaks di
Re: (Score:2)
Stick'em up!
Re: (Score:3, Insightful)
That's why I don't have Credit/Debit Cards and only pay cash. Sure it's a PITA at times but I don't have to worry about this issue at all.
Re: (Score:2)
Re: (Score:3, Insightful)
Pay at the counter.
How does that help?
http://www.wired.com/threatlevel/2009/10/florida_skimming/ [wired.com]
Re:Great (Score:4, Insightful)
Re: (Score:2)
Are you sure? Last time I tried to pay my pack of gum and a soda with a 50 (lacking smaller bills) the clerk asked if there's a chance that I have a CC.
Re: (Score:3, Insightful)
Re: (Score:2)
Are you sure? Last time I tried to pay my pack of gum and a soda with a 50 (lacking smaller bills) the clerk asked if there's a chance that I have a CC.
They don't like carrying large bills ($50 and up), and they also don't like making $48 in change. It's not unlikely that the register had under $100 in it at the time.
Re: (Score:2)
> Last time I tried to pay my pack of gum and a soda with a 50 (lacking
> smaller bills) the clerk asked if there's a chance that I have a CC.
I'm sure she would have been happy to keep the change.
Re: (Score:2)
How do I protect myself from a skimmer inside a gas pump?
+1 Scroll of invincibility?
Or you could always eat a yummy slime mold...
XYZZY.
Re:Great (Score:5, Funny)
I remember running into something like this a long time ago when I was in New York City. There was this small piece of metal in the card slot. Needless to say I didn't insert my debit card in to find out what it was.
How do I protect myself from a skimmer inside a gas pump?
Step 1: Assume they're compromised.
Step 2: Pull out the concealed Glock that every freedom loving American carries around and fire wildly into them.
Step 3: If the machine is rendered out of order, move onto the next machine and go to Step 1. If someone tries to stop you, go to Step 1.
But in all seriousness I think you could pick up a "preferred customer card" at some grocery store and carry that around with you. When you approach the pump, put that card in first. A compromised machine might feel weird and will most likely not respond to you inserting a card. An uncompromised machine will swipe easily and also think for a second and then ask you to reswipe your card. While not flawless, this is the best thing I can think of aside from prepaying at the attendant in the store or something really crazy like demanding to borrow a passerby's card to see if it works before you put yours in. It's also probably your best option if you buy gas after hours like I do. The unfortunate side effect is it wastes time and makes it look like you're flipping through maxed/stolen cards.
Re:Great (Score:5, Informative)
You seem confused. The skimmer is entirely parallel to the regular reader, it does not effect the operation of the pump.
There will be no observable difference in the transaction.
The most secure remedy is cash.
Re:Great (Score:5, Funny)
> Pull out the concealed Glock...
A "Glock"? Please. That's an Austrian pistol. Every freedom loving American carries an M1911A1.
Re: (Score:3, Funny)
Re: (Score:3, Insightful)
They don't care what the data is or how the machine uses that data.
A typical mag card reader that you can legally buy off the shelf will happily record the info on your drivers license or preferred customer card every bit as easily as on your credit card. Mag stripe cards have the data in plain ASCII text, credit cards included.
If you've ever written a program that reads text data off a serial port and saves that data to a
Re: (Score:2)
Beyond that, the recording software will most likely have a filter for credit cards. Ie, 4xxx..., 5xxxx..., 6xxxx..., etc. It's been a while since I spent any time with people into that sort of thing, but each card type (Visa, MasterCard, Amex, etc) has their own sequence. The first digit denotes card type. The first sequence of three or four digits denotes the issuing bank.
As others have said, a mag stripe reader will read the card. The only hang up is finding a reader with the right number of tracks.
Re:Great (Score:4, Interesting)
Re:Great (Score:4, Informative)
No need to sit in proximity to the compromised pump. I haven't seen anything on the storage capacity but I dare say who ever was doing this just downloaded when they filled their tank up, or when they'd stop by for morning coffee.
The way they were able to make the switch is all pumps nationwide are made by only two manufacturers, and those manufacturers each have A key design to open their pumps. Two keys can open every modern gas pump in the country.
All the perps needed to do was get access to one machine of the model used at the targeted 7-11. Rewire the front panel from that one. Make the swap and rewire the swapped out panel for the next pump they want to wire.
Contrary to TFA, most reports are that only one or two stations were found to be compromised, but given time that number could have quickly grown.
Up above I linked to an article about a Gas chain that heard of this potential scam, identified the weakness in the key system and re-keyed all their pumps with each store having a unique key pattern for its pumps. Not perfect, but makes the inside part of such an inside job have to be an employee of the store the pump is located at.
My solution for just about anything, actually (Score:5, Funny)
1: Get a $10-$25 cash card from your credit card company
2: Slide it through the card reader
3: Light up a cigarette
4: Spray gas all over the pump
5: Slowly walk away, flicking the smouldering cigarette behind you, onto the pump. Speak a one-liner about gas, pumps, explosions, fire, smoking, or credit card fraud. It is very important NOT to laugh at your own joke.
6: No matter how hot your back suddenly gets, keep walking slowly and DON'T turn around, (glass or shrapnel is going to hit you, it's better to take it in the back than in the face.)
7: Never worry about gas pump skimmers for the rest of your life.
Re: (Score:3, Funny)
I am a gas pump mechanic, and I've wanted to do the same thing sooooo many times!!!!
Re: (Score:2)
Also, always always always check your account. There's always going to be a risk of fraud, whether it's from a waiter running yo
Re: (Score:2)
I'm starting to wonder when this type of crime is going to start being seen as an extension of our current corporate kleptocracy and just be accepted into the mainstream.
Similar behavior is already common in our banking industry (or it was until Monday, when President Obama signed the new credit card regulations).
Many of the biggest corporate "success stories" you'd read about in the Wall Street Journal work in fundamentally the same way: They don't actually provide you with any goods or services, but they
Re: (Score:2)
After getting bit in the butt twice, I opened a second account with an attached debit card. I transfer a couple of hundred dollars in there every pay check and use it for gas, groceries and online purchases. If the account gets compromised I am only temporarily out whatever is in there.
FWIW, the first time my account was compromised Wells Fargo contacted me. The second time I recognized the fraud and contacted them. Both times I had the money back in my account in less than three days. Both times it wa
Good move (Score:3, Interesting)
You nearly got carded.
http://en.wikipedia.org/wiki/Lebanese_loop [wikipedia.org]
How can you protect yourself? It's not easy anymore. You now see that a compromised machine doesn't necessarily have semi-obvious modifications you can see from outside. I think people will have to start using temporary credit cards with low limits more often.
I don't know if it was intentional but this seems to have been predicted in Batman of the Future - the characters carry around a large number of "creds" and each one seems to have a limite
Re: (Score:2)
Don't use the reader on the pump. If it's a prepay pump, inform the attendant (they won't care) and then corporate.
IIRC a scammer replaced the reader on a supermarket checkout at one point and skimmed a lot of cards.
This isn't new (Score:2)
This is a fairly old scam.
I remember atleast 10 years ago at an Arco station had a sticker on the machine that said don't enter in your card if the reader looks wierd. I have also seen that warning on swipe ATMs
Re:This isn't new (Score:5, Informative)
I remember atleast 10 years ago at an Arco station had a sticker on the machine that said don't enter in your card if the reader looks wierd. I have also seen that warning on swipe ATMs.
The new part is that the reader does NOT look weird.
It looks physically identical to the standard reader.
Didja even read the summary?
Re: (Score:3, Insightful)
I just assume that half of all the comments on here are the result of millions of monkeys in front of million of keyboards, with some sort of quick check to filter out most of the comments without real words in them.
Re: (Score:2)
It's not new and the scam was actually used here at ATMs as well, not only putting an additional reader on top of the old one but also installing a video cam or a punch-through keypad on the ATM that recorded the keystrokes of your pin number. I was working for the security department of a bank when this was en vogue, and I still have a few of the confiscated cams and pads to prove it (strangely, nobody wanted them back...).
The "new" part is where these swipers don't even look suspicious anymore. These "old
Re: (Score:3, Informative)
I'm a gas pump mechanic, and I'm shocked it's not way more prevalent. A handful of keys anyone can buy from a petroleum maintenance supply store without any questions, will open every gas pump on the continent. And most employees at gas stations don't watch their videos continuously, some don't even have video surveillance. The parts inside are easy to swap, as they are very similar to the way a PC is set up, with ribbon cables, USB, etc. I found myself staring at the card reading gear and be amazed at
Re: (Score:2)
Something like this happened to my mother once, though they used cameras to record the bank card's number and PIN, as she entered it. Then made $500 worth of withdrawals, in $1 increments.
Hell, if they're as slow as most people are at the ATM, that would've worked out to about $8/hr. At that rate, they might do better with honest work!
Russian mob was doing this in the 1990's (Score:5, Insightful)
Re:Russian mob was doing this in the 1990's (Score:4, Insightful)
Re:Russian mob was doing this in the 1990's (Score:5, Informative)
No. He expects the station owner to run it as a charity.
Re: (Score:3, Insightful)
Re:Russian mob was doing this in the 1990's (Score:5, Interesting)
About 45 minutes after this happened, my CC company calls me to check on purchases that were made not five minutes ago at a "discount clothing store in the Bronx" (I live in Boston). Now, I am certain that this is the source of the theft, because prior to that, I had not used the card in several months.
My understanding is that the banks themselves don't absorb this loss because they pass it on to the merchant-- the merchant absorbs the loss. But I have to wonder whether banks (and credit card users) would be better (and cheaper) served by simply fixing these security problems now. Those fancy fraud-detection units can't be cheap. Our existing CC/ATM system is woefully anachronistic.
I briefly asked myself, if this guy, who was Hispanic, and given his choice of profession, probably poor, deserved some sympathy when it came to CC theft, and I quickly decided: no. There are many, many other people who are in exactly the same position, or worse, and they choose to do the right thing regardless. CC thieves are thieves. They don't point a gun at you, but the end result is the same thing.
Re: (Score:2)
Getting an imprint is normal for pizza deliveries - or at least for Pizza Hut. The issue was the driver used the info on the receipt to fund a shopping spree.
Not much different than my one instance dealing with CC fraud. In my case my CC info was lifted off of my mail-in college tuition payment as it sat on some processor's desk.
Re:Russian mob was doing this in the 1990's (Score:4, Interesting)
Despite the fact that I ordered and paid for the pizza ahead of time, on the web, he told me that he "needed an imprint" of the card. Then he starts making the imprint with... his key? And then (and this is really where I kick myself), I take the original receipt and he goes, "Oh, nope, I need that one" and swaps with me. Of course, the carbon copy (which I am supposed to take but which he took) has the nicest key-imprint on it.
First of all, as somebody else already replied to, card imprints from pizza deliveries are the norm. It's not a scam, it's something they do.
About 45 minutes after this happened, my CC company calls me to check on purchases that were made not five minutes ago at a "discount clothing store in the Bronx" (I live in Boston). Now, I am certain that this is the source of the theft, because prior to that, I had not used the card in several months.
Then it can't possibly be the dude. 45-minutes is nowhere near enough time. You think if the pizza delivery guy is running a scam getting credit card imprints that he's just going to get ONE and then run off and start using it? And at a store? Do you think he just took your receipt and handed it over to the cashier when she told him how much the purchase was?
The actual imprinting scams involving scanning the magnetic strip, and making cards that people can use by actually scanning it at stores. I had my debit card skimmed (and so did a bunch of my friends, at the same time). The police eventually tracked it down to a waiter at a Ruby Tuesday restaurant. Apparently he would scan customers cards when he took our checks. It took months from the time he did so for the first purchases to occur, because the people doing the skimming are rarely the same people using the cards. They sell the information, other people make the cards, other people use them.
I briefly asked myself, if this guy, who was Hispanic, and given his choice of profession, probably poor, deserved some sympathy when it came to CC theft, and I quickly decided: no.
I'm going to assume you're not a racist moron, but I am wondering what the fuck him being Hispanic has anything at all with either being a thief or with a reason why a thief would deserve sympathy. Why did you even bother mentioning that factoid?
Re: (Score:2)
Gas prices should be higher anyway.
Re: (Score:2)
That depends (Score:2)
Are you going to pay for the billions of dollars it costs to have our military constantly deployed to the middle east?
There are about 115,000 gas stations. Let's say two clerks, open an average of 20 hours, gives m about 1.7 billion man hours per year. So, for about a month of expenses in Iraq, we could bump their pay from $6 to $13.
And if you're worried about security, we could triple the size of the TSA, monitor every parcel of incoming cargo, and follow the Israeli's policy of personally interviewing eve
Re: (Score:2)
Pay us or we'll break ya credit card's fuckin' legs.
Re: (Score:2)
You gonna pay extra for gas from a station that pays its clerks "living wage"?
Why not? We're already paying extra so oil company executives can enjoy salaries and bonuses in excess of what would be a living wage for some entire countries, which is itself small potatoes compared to the enormous sums of tax money that go towards using the military to run errands for them in the middle east.
Re:Russian mob was doing this in the 1990's (Score:4, Insightful)
Yes, because if he's paid more, he and people like him have more money to spend on the things I make. A race to the bottom is bad for the economy and bad for society.
Re:Russian mob was doing this in the 1990's (Score:4, Interesting)
>>Where do you think most of the pilfered credit card numbers really come from?
I had a friend (and no, it really was a friend, not me) that was involved in a ring of guys that did that sort of stuff out of Northridge. They'd take lists of CC numbers, pair them with PINs, reprogram some new cards using mag card writers, and then go to some place around 11:30, pull out all the money they could, wait for midnight to flip around, pull out all the money they could, split the money amongst them all, and bailed.
They'd use card readers and compromised clerks to get the CC numbers, and shoulder surfing (I imagine) to get the PINs. They'd move from gas station to gas station randomly in the LA area.
Now you know, and knowing is half the battle.
Re: (Score:3, Interesting)
I'm still amazing that people don't cover the num-pad when in shops. There are CCTV cameras everywhere.
Re: (Score:3, Funny)
Paying clerks $6.00 an hour to work from midnight to 8:00AM
They still have those? I thought they replaced them all with card readers years ago.
Nothing New (Score:5, Interesting)
This got my credit card over a year ago in Saskatchewan, Canada. However, my card was skimmed at a do-it-yourself ticket-terminal at the local movie theatre.
It turned out it was a very large network of people who came together and organized the attack and paid people all over the country to do this and sent the info back to 'headquarters' in Ontario Canada.
They racked up over $600 in charges and it all appeared to have been used at Gas stations in Toronto / Missisaga in Ontario.
They put these things on any 'do-it-yourself' terminal they could find. This included pay-at-the-pump gas stations, ATM's, and any kiosk that could read a debit/credit card.
Luckily Mastercard covers things like this so it was much easier to report and reverse than a few friends of mine who had their debit cards skimmed. They had a much harder process to deal with.
The move to "Chip" cards ([url]http://en.wikipedia.org/wiki/Chip_card[/url]) are rapidly increasing these days. I know my local credit union is fully switched over, although maybe half of the retailers in town actually support them.
Re: (Score:2)
That's a man-in-the-middle attack. While I'm not fond of them, chip cards will effectively remove the skimming problem (when it's fully adopted, anyway).
MITM attacks will always be an issue.
Who is the victim? (Score:5, Insightful)
Let's define this scenario clearly. You put your money in a bank. The bank then gives you access to the bank's services. It's not access to "your" money so much as it is access to a money exchange service. (Think of an ATM and similar services as a vending machine that serves up cash and other things in exchange for the money in your bank account.)
Now there are the criminal parties. These parties are the ones who come in and exploit weaknesses in the system to get cash and other things. In the course of exploiting these weaknesses, they use the credentials of other people to extract the cash and other things from the actual victims.
Who are the actual victims? They are the banks themselves and they are the sellers of other things.
When the people whose credentials were used in the commission of a crime against the banks and merchants are charged with responsibility for the criminal acts, it is the banks and merchants who are victimizing the people... their customers! The criminal performed their crimes against the banks and merchants. It is the banks and merchants who are passing the burden along to the innocent individuals who quite literally have no way to protect or control the situation. It is the banks and merchants who have the means to control and protect.
Every time I hear "identity theft" and other referrals of uninvolved parties as victims of a crime, the lie bothers me. These banks and merchants have created a system that is weak and exploitable that uses its customers as a buffer and even a shield against those weaknesses. You cannot protect your "secret information" so long as it must be shared in order to use it. And once that information is out there and used, the banks and merchants take money from your account instead of theirs. The original victims are, in turn, victimizing the innocent by declaring that the innocents are victims of the original crime.
I am sure there are plenty of people who disagree with my sentiments on the matter. But if you do, point out the flaw in the logic I presented.
Re:Who is the victim? (Score:4, Interesting)
I, like you, felt that the bank's money was stolen, not ours. I put my money in the bank, and had not withdrawn it, so this was essentially a remote bank robbery in my opinion.
Where it gets interesting is this is EXACTLY how the bank treated it. They immediately refunded all money to the account, and then went after the fraud on the other end of the transaction.
Not sure if all banks treat you this way, but B of A did us right. (And they are usually listed as the most evil of providers, so I tend to think they are not unique).
I think identity theft was a real problem 10 years ago before it was understood, but now the banks realize it is not fraud by the victim in most cases and deal with it fairly.
Re: (Score:2)
Stories like this are scarier these days with the advent of debit cards. With credit card fraud, if it turns out that the issuer decides they want to collect the money from you then there are at least a couple roadblocks in the way. Once it's gone from the checking account though, all bets are off. And it really boils down to how much you're worth to the bank as a customer.
Personally, I don't like the odds and that's why I store my bank issued ATM/Debit card in very tiny pieces down at the landfill.
Re: (Score:2)
You can often get the debit functionality of those combo atm/debit cards disabled if you ask the issuing bank.
Also, debit cards are even worse now than credit cards with the whole mandatory "overdraft protection" scam. All banks require "overdraft protection" on their debit cards (but not necessarily credit unions). They call it a "feature" but it is just a way to screw over people who think having a debit card is a way to enforce fiscal responsibility on themselves as in, "I can't spend it if I don't hav
Re: (Score:3, Informative)
Yeah, the Fed prounounced that mandatory overdraft covers was verboten and that it had to be opt-in, but it isn't 100% - it doesn't apply to things like checks or scheduled payments and the change doesn't go into effect until July.
Alternate title (Score:5, Funny)
After waiting patiently for the US Government to implement a carbon tax, the ever-altruistic Utah mafia has decided to take matters into their own hands.
Re: (Score:2)
Never use Debit (Score:3, Interesting)
Obviously you have to use debit at an ATM, but at gas stations i use credit, even with my debit card, because once they have your pin they can get cash out of your account and not just do a credit card charge. The crooks would much rather have the greenbacks than having to buy crap with your stolen card and fence it.
Re:Never use Debit (Score:4, Informative)
The bank is also far more likely to go to bat for you over a fraudulent credit card charge than a fraudulent debit card transaction. The reason, of course, is that in the former case, its the bank's money on the line (until you pay them), but in the latter case, its your money on the line.
Re:Never use Debit (Score:4, Informative)
The bank is also far more likely to go to bat for you over a fraudulent credit card charge than a fraudulent debit card transaction. The reason, of course, is that in the former case, its the bank's money on the line (until you pay them), but in the latter case, its your money on the line.
Actually... the bank is most likely to go to bat for you over credit card charges because the consumer protections on credit cards are vastly stronger than the protections on debit cards.
I've never used a debit card for just that reason. You have a problem with your credit card and it's just the one card that might get frozen. You have a problem with your debit card and your bank account might get locked down, which usually leads to a cascading array of problems for most people.
Use legal tender, huh? (Score:2)
This is but one reason why I use only cash to buy gas. The other is that greedy operators like ARCO will skim $0.45 off the top of every debit card transaction. I happened to be an early victim of debit card reproduction over a decade ago, before these current devices even existed; back then it apparently required collusion with a station employee to redirect outside security cameras and collect register data. The result was the same: my Versatel card was duplicated without ever leaving my possession, an
Re: (Score:2)
Re: (Score:3, Insightful)
Buy a commercial van, outfit it with signage "Bobs fuel pump repair services" or some such. Carry the right tools. Make the attendant sign a receipt for the work. Turn up, install your stuff and go. Fake plates obviously.
Re: (Score:3, Funny)
As a gas pump mechanic, I can say that most of those security features are just security theatre. Anyone with even 1 weeks apprentice knowledge of gas pumps can probably get into most pumps without notice, after hours or not.
Also, a safety vest, hard hat, clip board, fancy business card, and an attitude will get you everywhere. Hell you could probably get them to turn off all their security cameras for "testing" purposes too LOL.
fud? maybe, but it does happen (Score:2)
It happened to me in Malibu. Bastards made some kind of copy of my debit card and spent $250 before my bank shut them down. Fortunately, my bank (wells fargo) restored the $250 to my bank account. I bet the gas stations where the fake card was used got stuck with the bill. Serves them right for not guaranteeing the financial security of their customers. They should keep an eye on their pumps.
Re: (Score:2)
I have to say, despite not being very pleased in other ways with Wells Fargo, that they are on top of the game with fraud as far as I can see. I've had five separate issues with my WF credit card in the last year, all of which were handled swiftly (once before I even reported it).
What I really want is a card that I can use for on-line purchases where I either transfer the money for the transaction in advance, or authorize it up to two hours later or it's canceled. I've looked (not very seriously) for two ye
hit twice... (Score:5, Interesting)
I've been the victim of skimming twice. I love paying at the pump but it's getting out of hand. Even with a credit card it's the inconvenience of filing a dispute, canceling the card, etc. This time they laundered the money by buying five $200 wal mart gift cards with a cloned card.
Here locally they say it's been the Fast Trip and AM PM stations that have been hit. The two with the lowest prices of course.
Kinda fun to see this on Slashdot... (Score:2)
Off and on, over the last year, I have been employed as a contractor to the ATM industry, to develop anti-skimming hardware and software.
When I started, I was amazed that skimmers worked at all.
Now, I am truly impressed by the ingenuity of skimmer makers.
BUT...in the end, our technology will defeat them...
wow..... (Score:3, Funny)
How to solve this for good (Score:5, Insightful)
Equip all cards with a simple chip. This chip contains an encryption algorithim (something strong enough to not be easily cracked by running brute force on data packets). It would also contain a secret key unique to your account. And it should not give the key itself out.
Then the reader sends a formatted packet containing the PIN (if entered), the options (credit vs debit etc) and the amount of the purchase. The card encrypts this data and hands the reader a data packet saying "this is a chip-and-pin transaction" and containing the encrypted data. The reader sends this through the bank networks to the issuing bank.
The issuing bank has another copy of the secret key which it uses to decrypt the data packet and validate that the transaction is possible (i.e. enough money there etc) and returns a "yes, proceed" result to the card reader. The bank would ONLY record the transaction as a chip-and-pin if it was sent through this process (thus preventing dodgy or compromised swipe-only terminals reading the mag stripe and running up the transaction like a mag stripe transaction but telling the bank its chip-and-pin)
Re: (Score:3, Informative)
If you use a PGP key, you don't need a 2nd copy of the secret key at the bank, just the matching public key.
Re: (Score:3, Informative)
Wow, what an amazing and original idea. You should sell it to Mastercard - you'd make a fortune.
Oh, wait... [wikipedia.org]
Re: (Score:3, Interesting)
The problem with chip-and-pin is that the implementation is broken because it relies on the security of the card reader. My method does not rely on the security of the card reader and is not vulnerable to hacked card readers (wasnt there a recent story on here about chip-and-pin being broken?)
Designed right, its possible to even protect the account number so that only the smart card and the bank can see it (and since you never present enough of the mag strip to the mag strip reader, it cant read data from t
Re: (Score:3, Insightful)
Would redeveloping chip & pin to solve the known issues and rolling out new terminals cost significantly more than the anticipated losses through fraudulent chip & pin transactions? Because as far as the bank is concerned, if the losses they have to eat are £100,000 per annum but the extra cost is in the millions, it'll be a long time before they can justify the investment.
Re: (Score:3, Informative)
Problem with a new solution is dealing with all the legacy hardware out there for processing transactions. Retailers have to buy new readers that would support both old and new cards, or buy new readers and keep the old ones in service. Retailers profits are hurt.
Card Issuers could force the change over by only processing transactions with the new cards, but if retailers push back and not install new readers the Card Issuers profits take a hit.
Consumers would have to update as well. Some people just won't d
Re: (Score:2)
Re: (Score:2)
Definitely... but the pumps should be harder to break open then, and someone should be checking them on a regular basis, to make sure they haven't been compromised.
Although my assumption is it's probably in house, so they should probably have a third party be doing the checkups, not the $5.50/hr clerk...
Re:Kdawson FUD (Score:5, Funny)
Re:Kdawson FUD (Score:5, Funny)
Hosers!
Re: (Score:2)
Re:Kdawson FUD (Score:4, Funny)
My grandfather stole horses...
My father smuggled cigarettes...
My brother stole gas...
I, meanwhile, read Slashdot...
Jeesh, you're an embarrassment to your family's 3 generations of nefarious activities! Get your butt in gear and write some malware or something. :-)
Re: (Score:2)
Or Joseph Smith, Jr.