Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Criminals Hide Payment-Card Skimmers In Gas Pumps

kdawson posted more than 4 years ago | from the swipe-and-get-swiped dept.

Crime 332

tugfoigel writes "A wave of recent bank-card skimming incidents demonstrate how sophisticated the scam has become. Criminals hid bank card-skimming devices inside gas pumps — in at least one case, even completely replacing the front panel of a pump — in a recent wave of attacks that demonstrate a more sophisticated, insidious method of stealing money from unsuspecting victims filling up their gas tanks. Some 180 gas stations in Utah, from Salt Lake City to Provo, were reportedly found with these skimming devices sitting inside the gas pumps. The scam was first discovered when a California bank's fraud department discovered that multiple bank card victims reporting problems had all used the same gas pump at a 7-Eleven store in Utah."

cancel ×

332 comments

Sorry! There are no comments related to the filter you selected.

Kdawson FUD (0, Flamebait)

sexconker (1179573) | more than 4 years ago | (#31253428)

How is this shit news for nerds?
Any fucking fucking nerd has known about this tactic for decades.

Re:Kdawson FUD (5, Funny)

creimer (824291) | more than 4 years ago | (#31253818)

We oldsters in the 1970's used to skim gas out of the gas tank. Some of the more ballsier-types would steal whole gas tankers. The fact that you can skim debit cards at the gas pump without spilling gas on yourself is a great technological improvement since you don't have to resell the gas.

Re:Kdawson FUD (4, Funny)

zx-15 (926808) | more than 4 years ago | (#31254272)

Hosers!

Great (3, Interesting)

areusche (1297613) | more than 4 years ago | (#31253436)

I remember running into something like this a long time ago when I was in New York City. There was this small piece of metal in the card slot. Needless to say I didn't insert my debit card in to find out what it was.

How do I protect myself from a skimmer inside a gas pump?

Re:Great (5, Informative)

YrWrstNtmr (564987) | more than 4 years ago | (#31253464)

How do I protect myself from a skimmer inside a gas pump?

Pay cash inside.

Re:Great (2, Insightful)

Kitkoan (1719118) | more than 4 years ago | (#31253496)

How do I protect myself from a skimmer inside a gas pump? Pay cash inside.

Or use a bike. Better for you and the environment too at the same time.

Re:Great (0)

Anonymous Coward | more than 4 years ago | (#31253530)

Or use a bike. Better for you and the environment too at the same time.

Ride 50 miles one way to work on your bicycle.

Re:Great (5, Funny)

interkin3tic (1469267) | more than 4 years ago | (#31253590)

Ride 50 miles one way to work on your bicycle.

Not too hard, I'd only need to do it once before my boss fires me for being 4 hours late.

Re:Great (1)

jeffmeden (135043) | more than 4 years ago | (#31253938)

hah hah hahahahahahahahaaaahaha

Where are my mod points, you sir wrote a good one.

Re:Great (0)

Anonymous Coward | more than 4 years ago | (#31253882)

Ride 50 miles one way to work on your bicycle.

Here's an idea: don't live 50 miles away from your work.

Re:Great (1)

JustOK (667959) | more than 4 years ago | (#31254104)

Better yet, don't work 80 kilometers from home.

Re:Great (3, Insightful)

pwizard2 (920421) | more than 4 years ago | (#31254176)

Not everyone lives in $big_local_city for a variety of reasons. (crowded conditions, crime, expense, etc.) If you live out in the sticks, (essential if you want to own a plot of land that is somewhat bigger than what your house actually sits on) public transportation or biking is not a serious option. Plus, who the hell wants to bike to work and get sweaty in the summer and freeze during the winter?

Re:Great (0)

Anonymous Coward | more than 4 years ago | (#31254234)

Too bad these whole "owning property" and "having a job" things are permanent affairs which you cannot possibly opt out of or exchange for a better option.

Re:Great (0)

Anonymous Coward | more than 4 years ago | (#31254246)

What an easy and realistic choice in this economy!

Are you naive or merely stupid?

Re:Great (1, Informative)

Anonymous Coward | more than 4 years ago | (#31254352)

Not all of us work at the same place every day. I move between hospitals on a daily basis and my drive can be anywhere from 4 miles to 50 miles according to where I'm needed. Such is the life of medicine.

Don't lump everyone into a nice little package.

or die (0)

Anonymous Coward | more than 4 years ago | (#31253538)

become fertilizer, no need to pollute

Re:Great (0)

Anonymous Coward | more than 4 years ago | (#31253540)

You just created a much bigger problem for anyone living in Utah, where they have to drive 400 miles to get anywhere worth being.

Re:Great (1)

interkin3tic (1469267) | more than 4 years ago | (#31253646)

How do I protect myself from a skimmer inside a gas pump?

Or use a bike. Better for you and the environment too at the same time.

Okay, that's one problem avoided. So then how would one protect themselves from a skimmer on any other type of card reader, like at an ATM, vending machine, or a gas pump since no, you can't always just bike everywhere.

Re:Great (4, Funny)

screamphilling (1173499) | more than 4 years ago | (#31253802)

what if you're buying a bike and the credit card machine at the bike shop has a skimmer installed?!

Re:Great (1)

Jon Abbott (723) | more than 4 years ago | (#31254348)

Pay with cash... or gold coins perhaps? :^)

Well, (0)

Anonymous Coward | more than 4 years ago | (#31254108)

Not with that attitude!

Re:Great (5, Insightful)

Kitkoan (1719118) | more than 4 years ago | (#31254184)

How do I protect myself from a skimmer inside a gas pump?

Or use a bike. Better for you and the environment too at the same time.

Okay, that's one problem avoided. So then how would one protect themselves from a skimmer on any other type of card reader, like at an ATM, vending machine, or a gas pump since no, you can't always just bike everywhere.

Ok, on a serious note about the problem. How to figure out a solution to this problem. Issue is, there isn't a simple answer.

Some might say we just need more education on the subject. But lets be honest. That won't work, never has, never will. People have been told that about everything from health (eat less processed/junk food, exercise more, ect... and as there are more people obese today then ever shows how well that works), to drugs (I've heard of the problems with things like crack since the 80's when I was born, and it's still being used today), to the basics of never share passwords but these things still happen.

Others might say we need more surveillance with cameras and police. But this isn't working either with Britain having millions of CCTV and also being the most violent country in Europe ( http://www.dailymail.co.uk/news/article-1196941/The-violent-country-Europe-Britain-worse-South-Africa-U-S.html [dailymail.co.uk] ). So this is also not a solution.

Other things need to be taken into consideration. Why are these happening? People are need money more then before with a lack of jobs due to the recession. Also the ease of availability of these problems (these machines are showing up in more and more places). Also a lack of security in these newer forms of payment that are shown to be insecure ( http://tv.boingboing.net/2008/03/19/how-to-hack-an-rfide.html [boingboing.net] ) yet still forced upon the consumer due to the millions funded into these technologies and the fear of admitting these losses to shareholders.

Many of these company's and people are no doubt hoping things like DMCA laws and their inclusion into global laws like the ACTA will help get rid of the problems since it will make the technology illegal (these break digital security locks). Thing is, again it won't work. Drug growers have shown that when these problems come about, people will just go underground and look for other ways to do this. This was shown during the Regan years of the war against drugs. As time passed, it was harder to smuggle weed from places like Afghanistan, so people started shipping hash. Same type of drug but smaller and easier to ship. After that came hash oil since it was again smaller and the law started to figure out about hash. When hash oil was found out, people started to look into hydroponics (a new growing method for plants of ANY kind) and found they could grow a better crop (better watered, feed, controlled, ect...) in the country bypassing the issue of smuggling it in.And just like pot dealers/growers showed that the law means little in the end to get what they want, same will happen with this and as with every crime in history.

Smartcards (1)

bearsinthesea (1619663) | more than 4 years ago | (#31254408)

The problem is the entire infrastructure that pretends certain data is secret (PAN, track, CVV2), but makes you provide it to everyone for a purchase. The answer is to use smartcards, so that even if they intercept the data, they can't use it for purchases. We have strong systems, if they will just deploy them.

This has driven down crime in the UK with their Chip and PIN system.

Here in the states, the industry is pushing ahead with encrypting magnetic stripe readers, but that still does not protect you if the attacker taps into the read head before it is encrypted.

I saw a device inside a gas pump in California two years ago. It was the size of a pack of gum, and made specifically to plug into the pump's cables. Small ICs, a pro job.

Re:Great (1)

Xaositecte (897197) | more than 4 years ago | (#31254034)

He's snarky yeah, but not a troll. WTF mods?

Re:Great (0)

Anonymous Coward | more than 4 years ago | (#31254202)

Slashdot has a definite political slant, and anything that doesn't fit causes most mods to flip out and whine, "Troll!" or "Flamebait!"

Re:Great (1)

Kitkoan (1719118) | more than 4 years ago | (#31254206)

Sarcasm is a dying form of humor I guess.

Re:Great (1)

Jon Abbott (723) | more than 4 years ago | (#31254340)

Seriously... bikes work, even in the snow. 53 miles per burrito, baby [zeropergallon.com] !

Re:Great (1)

shentino (1139071) | more than 4 years ago | (#31253986)

Stick'em up!

Re:Great (2, Insightful)

fast turtle (1118037) | more than 4 years ago | (#31254044)

That's why I don't have Credit/Debit Cards and only pay cash. Sure it's a PITA at times but I don't have to worry about this issue at all.

Re:Great (0)

Anonymous Coward | more than 4 years ago | (#31253472)

Don't use the reader on the pump. If it's a prepay pump, inform the attendant (they won't care) and then corporate.

Re:Great (1)

MichaelSmith (789609) | more than 4 years ago | (#31253544)

Don't use the reader on the pump. If it's a prepay pump, inform the attendant (they won't care) and then corporate.

IIRC a scammer replaced the reader on a supermarket checkout at one point and skimmed a lot of cards.

Re:Great (1)

zippthorne (748122) | more than 4 years ago | (#31253476)

Pay at the counter.

Re:Great (2, Insightful)

Smallpond (221300) | more than 4 years ago | (#31253566)

Pay at the counter.

How does that help?
http://www.wired.com/threatlevel/2009/10/florida_skimming/ [wired.com]

Re:Great (3, Insightful)

zippthorne (748122) | more than 4 years ago | (#31253668)

The counter takes cash.

Re:Great (1)

Opportunist (166417) | more than 4 years ago | (#31253816)

Are you sure? Last time I tried to pay my pack of gum and a soda with a 50 (lacking smaller bills) the clerk asked if there's a chance that I have a CC.

Re:Great (2, Insightful)

HybridJeff (717521) | more than 4 years ago | (#31253894)

You could have said no. The clerk was probably just low on small bills and didn't want to clear them out if it wasn't necessary.

Re:Great (1)

Mad Merlin (837387) | more than 4 years ago | (#31253948)

Are you sure? Last time I tried to pay my pack of gum and a soda with a 50 (lacking smaller bills) the clerk asked if there's a chance that I have a CC.

They don't like carrying large bills ($50 and up), and they also don't like making $48 in change. It's not unlikely that the register had under $100 in it at the time.

Re:Great (1)

John Hasler (414242) | more than 4 years ago | (#31253984)

> Last time I tried to pay my pack of gum and a soda with a 50 (lacking
> smaller bills) the clerk asked if there's a chance that I have a CC.

I'm sure she would have been happy to keep the change.

Re:Great (0)

Anonymous Coward | more than 4 years ago | (#31253506)

Stop buying gas?

Re:Great (0)

Anonymous Coward | more than 4 years ago | (#31253556)

In reality, theres not much you can do.

Re:Great (1)

sdpuppy (898535) | more than 4 years ago | (#31253614)

How do I protect myself from a skimmer inside a gas pump?

+1 Scroll of invincibility?

Or you could always eat a yummy slime mold...

XYZZY.

Re:Great (0)

Anonymous Coward | more than 4 years ago | (#31253740)

Elbereth, scratched on the ground next to the pump with a gem ought to be enough. It's not like you're moving around.

Re:Great (4, Funny)

eldavojohn (898314) | more than 4 years ago | (#31253638)

I remember running into something like this a long time ago when I was in New York City. There was this small piece of metal in the card slot. Needless to say I didn't insert my debit card in to find out what it was.

How do I protect myself from a skimmer inside a gas pump?

Step 1: Assume they're compromised.
Step 2: Pull out the concealed Glock that every freedom loving American carries around and fire wildly into them.
Step 3: If the machine is rendered out of order, move onto the next machine and go to Step 1. If someone tries to stop you, go to Step 1.

But in all seriousness I think you could pick up a "preferred customer card" at some grocery store and carry that around with you. When you approach the pump, put that card in first. A compromised machine might feel weird and will most likely not respond to you inserting a card. An uncompromised machine will swipe easily and also think for a second and then ask you to reswipe your card. While not flawless, this is the best thing I can think of aside from prepaying at the attendant in the store or something really crazy like demanding to borrow a passerby's card to see if it works before you put yours in. It's also probably your best option if you buy gas after hours like I do. The unfortunate side effect is it wastes time and makes it look like you're flipping through maxed/stolen cards.

Re:Great (5, Informative)

maxume (22995) | more than 4 years ago | (#31253828)

You seem confused. The skimmer is entirely parallel to the regular reader, it does not effect the operation of the pump.

There will be no observable difference in the transaction.

The most secure remedy is cash.

Re:Great (4, Funny)

John Hasler (414242) | more than 4 years ago | (#31254024)

> Pull out the concealed Glock...

A "Glock"? Please. That's an Austrian pistol. Every freedom loving American carries an M1911A1.

Re:Great (2, Funny)

nomadic (141991) | more than 4 years ago | (#31254290)

You communist. Real Americans carry not one but two pearl-handled, silver-plated Colt .45s, which they are permitted to shoot into the air and shout "yahoo."

Re:Great (2, Insightful)

SpazmodeusG (1334705) | more than 4 years ago | (#31254092)

No, pretty much all a card skimmer does is record the data on the magnetic stripe.
They don't care what the data is or how the machine uses that data.
A typical mag card reader that you can legally buy off the shelf will happily record the info on your drivers license or preferred customer card every bit as easily as on your credit card. Mag stripe cards have the data in plain ASCII text, credit cards included.

If you've ever written a program that reads text data off a serial port and saves that data to a file you have all the knowledge you need to create a credit card skimmer that won't get confused based on what card is inserted.

Re:Great (3, Interesting)

Itninja (937614) | more than 4 years ago | (#31254344)

Or you could do what I do and just get a dedicated gas card from Chevron, Shell, etc. Then, even if it's scanned and compromised, all they could get are gas $40 worth of gas (and snacks) at a time.

Re:Great (1)

precariousgray (1663153) | more than 4 years ago | (#31254404)

I suppose if I were to insert some sort of device between my keyboard and computer, in order to facilitate the capturing of keystrokes, that typing would then "feel weird," too.

My solution for just about anything, actually (5, Funny)

CorporateSuit (1319461) | more than 4 years ago | (#31253710)

If you have a pair of sunglasses and a jacket, you should be good to go.

1: Get a $10-$25 cash card from your credit card company
2: Slide it through the card reader
3: Light up a cigarette
4: Spray gas all over the pump
5: Slowly walk away, flicking the smouldering cigarette behind you, onto the pump. Speak a one-liner about gas, pumps, explosions, fire, smoking, or credit card fraud. It is very important NOT to laugh at your own joke.
6: No matter how hot your back suddenly gets, keep walking slowly and DON'T turn around, (glass or shrapnel is going to hit you, it's better to take it in the back than in the face.)
7: Never worry about gas pump skimmers for the rest of your life.

Re:My solution for just about anything, actually (1)

speedingant (1121329) | more than 4 years ago | (#31254052)

Cheers for that ;)

Re:My solution for just about anything, actually (1)

ipquickly (1562169) | more than 4 years ago | (#31254318)

1: Get a $10-$25 cash card from your credit card company
2: Slide it through the card reader

I'm sorry, but I messed up on #3, I don't smoke. So I had to do without.
The clerk did look at me funny when I was spraying gas all over the place.
Needless to say, I couldn't stop laughing at my jokes, but even some of the guys
in the car thought those jokes were funny.

In the end, I did get to #7:

Never worry about gas pump skimmers for the rest of your life.

However, I don't like the color of the room I'm in, and the meds they give me taste like sh*t.
And I think I'm gonna report the room-mate they gave me. I think he's a little bit nuts.

Re:Great (1)

Kennon (683628) | more than 4 years ago | (#31254458)

How do I protect myself from a skimmer inside a gas pump?

I only use gas cards to buy gas at the pump and I pay the balance in full each month. These aren't cards with Visa logos on them or whatever they are just credit cards usable only at whatever station honors them. I have 3 of them that cover pretty much every major brand gas station in the US...as they are pretty much all merging nowadays anyway. I once lost my wallet and before I canceled my Union76/Conoco/Phillips/whatever card someone had already filled up like 2 cars and bought a bunch of stuff at the shop and rob at the gas station. A few weeks later when I got the statement I made one phone call and disputed the charges and they were removed from my balance immediately. Took all of ~5 mins, zero hassle.

This isn't new (1)

MrCawfee (13910) | more than 4 years ago | (#31253522)

This is a fairly old scam.

I remember atleast 10 years ago at an Arco station had a sticker on the machine that said don't enter in your card if the reader looks wierd. I have also seen that warning on swipe ATMs

Re:This isn't new (5, Informative)

Jah-Wren Ryel (80510) | more than 4 years ago | (#31253576)

I remember atleast 10 years ago at an Arco station had a sticker on the machine that said don't enter in your card if the reader looks wierd. I have also seen that warning on swipe ATMs.

The new part is that the reader does NOT look weird.
It looks physically identical to the standard reader.
Didja even read the summary?

Re:This isn't new (0)

Anonymous Coward | more than 4 years ago | (#31253788)

Didja even read the summary?

This is Slashdot, id be surprised if he even read the title.

Re:This isn't new (1)

uberjack (1311219) | more than 4 years ago | (#31253684)

Something like this happened to my mother once, though they used cameras to record the bank card's number and PIN, as she entered it. Then made $500 worth of withdrawals, in $1 increments.

Re:This isn't new (1)

thePowerOfGrayskull (905905) | more than 4 years ago | (#31254356)

Something like this happened to my mother once, though they used cameras to record the bank card's number and PIN, as she entered it. Then made $500 worth of withdrawals, in $1 increments.

Hell, if they're as slow as most people are at the ATM, that would've worked out to about $8/hr. At that rate, they might do better with honest work!

Re:This isn't new (1)

Opportunist (166417) | more than 4 years ago | (#31253908)

It's not new and the scam was actually used here at ATMs as well, not only putting an additional reader on top of the old one but also installing a video cam or a punch-through keypad on the ATM that recorded the keystrokes of your pin number. I was working for the security department of a bank when this was en vogue, and I still have a few of the confiscated cams and pads to prove it (strangely, nobody wanted them back...).

The "new" part is where these swipers don't even look suspicious anymore. These "old style" tools could easily be identified by anyone who spends a few seconds eyeing the ATM or swiper for suspicious looking "addons". The new ones are appearantly impossible to notice.

Guess it's time to send out a few consultation offers to some old friends of mine, I guess they'll appear here soon, too.

Russian mob was doing this in the 1990's (5, Insightful)

DVD9 (1751726) | more than 4 years ago | (#31253648)

And yeah maybe it is an inside job. Paying clerks $6.00 an hour to work from midnight to 8:00AM does not buy a lot of loyalty. Where do you think most of the pilfered credit card numbers really come from? Try paying people a living wage and this won't happen. Employees who have to live with their mother are not adverse to listening to some ones criminal scheme, which to them sounds like justice rendered.

Re:Russian mob was doing this in the 1990's (3, Insightful)

riker1384 (735780) | more than 4 years ago | (#31253924)

You gonna pay extra for gas from a station that pays its clerks "living wage"?

Re:Russian mob was doing this in the 1990's (4, Informative)

John Hasler (414242) | more than 4 years ago | (#31254054)

No. He expects the station owner to run it as a charity.

Re:Russian mob was doing this in the 1990's (2, Insightful)

Dalambertian (963810) | more than 4 years ago | (#31254076)

Do you pay extra for cotton?

Re:Russian mob was doing this in the 1990's (4, Interesting)

raddan (519638) | more than 4 years ago | (#31254102)

That's a good point, and obviously the answer is 'no'. I recently had my CC # stolen by a pizza guy. I had just finished something like a 15-hour shift at work, I was tired, and I fell for a scam that, in retrospect, I should have caught on to immediately. Despite the fact that I ordered and paid for the pizza ahead of time, on the web, he told me that he "needed an imprint" of the card. Then he starts making the imprint with... his key? And then (and this is really where I kick myself), I take the original receipt and he goes, "Oh, nope, I need that one" and swaps with me. Of course, the carbon copy (which I am supposed to take but which he took) has the nicest key-imprint on it.

About 45 minutes after this happened, my CC company calls me to check on purchases that were made not five minutes ago at a "discount clothing store in the Bronx" (I live in Boston). Now, I am certain that this is the source of the theft, because prior to that, I had not used the card in several months.

My understanding is that the banks themselves don't absorb this loss because they pass it on to the merchant-- the merchant absorbs the loss. But I have to wonder whether banks (and credit card users) would be better (and cheaper) served by simply fixing these security problems now. Those fancy fraud-detection units can't be cheap. Our existing CC/ATM system is woefully anachronistic.

I briefly asked myself, if this guy, who was Hispanic, and given his choice of profession, probably poor, deserved some sympathy when it came to CC theft, and I quickly decided: no. There are many, many other people who are in exactly the same position, or worse, and they choose to do the right thing regardless. CC thieves are thieves. They don't point a gun at you, but the end result is the same thing.

Re:Russian mob was doing this in the 1990's (1)

Ihmhi (1206036) | more than 4 years ago | (#31254126)

Gas prices should be higher anyway.

Re:Russian mob was doing this in the 1990's (1)

SpazmodeusG (1334705) | more than 4 years ago | (#31254200)

That's why the minimum wage should be higher. If everyone was paying a livable wage you wouldn't be paying extra from one gas station to the next.

That depends (1)

copponex (13876) | more than 4 years ago | (#31254312)

Are you going to pay for the billions of dollars it costs to have our military constantly deployed to the middle east?

There are about 115,000 gas stations. Let's say two clerks, open an average of 20 hours, gives m about 1.7 billion man hours per year. So, for about a month of expenses in Iraq, we could bump their pay from $6 to $13.

And if you're worried about security, we could triple the size of the TSA, monitor every parcel of incoming cargo, and follow the Israeli's policy of personally interviewing every single person trying to enter the country. They haven't had a single incident since they started, and we'd still be saving money.

Hooray for diversions!

Re:Russian mob was doing this in the 1990's (1)

precariousgray (1663153) | more than 4 years ago | (#31254418)

When this is the only choice, as should be the case, yes. This would require someone to own only seventeen yachts as opposed to forty-two, however, so quite clearly this will not be happening.

Re:Russian mob was doing this in the 1990's (0)

Anonymous Coward | more than 4 years ago | (#31254012)

Except standing around with your thumb up your ass for 7 hours, and spending an hour mopping, and stocking cigarettes isn't worth more than $6 an hour. I used to work the 11 to 7 shift at 7-11. Oh, and all the free slurpees you can drink ain't bad either.

Paying people more than the job is worth won't buy loyalty, unless you're paying them a lot more. And believe it or not, those are fairly low-margin operations.

Nothing New (4, Interesting)

corychristison (951993) | more than 4 years ago | (#31253656)

This got my credit card over a year ago in Saskatchewan, Canada. However, my card was skimmed at a do-it-yourself ticket-terminal at the local movie theatre.

It turned out it was a very large network of people who came together and organized the attack and paid people all over the country to do this and sent the info back to 'headquarters' in Ontario Canada.

They racked up over $600 in charges and it all appeared to have been used at Gas stations in Toronto / Missisaga in Ontario.

They put these things on any 'do-it-yourself' terminal they could find. This included pay-at-the-pump gas stations, ATM's, and any kiosk that could read a debit/credit card.

Luckily Mastercard covers things like this so it was much easier to report and reverse than a few friends of mine who had their debit cards skimmed. They had a much harder process to deal with.

The move to "Chip" cards ([url]http://en.wikipedia.org/wiki/Chip_card[/url]) are rapidly increasing these days. I know my local credit union is fully switched over, although maybe half of the retailers in town actually support them.

Re:Nothing New (0)

Anonymous Coward | more than 4 years ago | (#31254020)

A "very large network" grossed an amazing $600? Are they even trying?

Re:Nothing New (1)

ooshna (1654125) | more than 4 years ago | (#31254336)

Probably meant $600 just from his card douche nozzle.

Re:Nothing New (1)

Zencyde (850968) | more than 4 years ago | (#31254390)

It's unfortunate that chip cards are still pretty useless from a security standpoint: http://www.silicon.com/technology/security/2007/02/06/chip-and-pin-hack-attack-demoed-39165665/ [silicon.com]

I think Japan might have the right idea with using phones for this purpose instead of magnetic cards. At least with a phone you could always be required to transmit a couple forms of identity (let's say a thumbprint and a password) and the easiest path of compromise is to man in the middle the radio signals. Throw in some encryption and that should put it beyond the reach of MOST criminals. Sure, not everyone owns a phone. But how much longer is that going to be?

Encrypt the data for starters (1)

SillyKing (720191) | more than 4 years ago | (#31253670)

PCI (Payment Card Industry) will deal with this eventually, as traffic should be encrypted from the reader to the backoffice server or whatever brokers the transaction to the payment processor. What needs to be done is encrypt the card information at the reader at the pump, even if the information is transmitted via serial connection (out of PCI scope today). Prudent companies keep the keys to the gas pumps secure as well as do at least daily checks on the pumps (crack the box, look for skimmer).
I suspect this type of skimming is more prevalent that is getting press for.

Re:Encrypt the data for starters (1)

42forty-two42 (532340) | more than 4 years ago | (#31253758)

At some point, you have an analog signal coming from a pickup coil. If the attacker taps in there, no amount of encryption will protect you.

Re:Encrypt the data for starters (1)

mirix (1649853) | more than 4 years ago | (#31253846)

Definitely... but the pumps should be harder to break open then, and someone should be checking them on a regular basis, to make sure they haven't been compromised.

Although my assumption is it's probably in house, so they should probably have a third party be doing the checkups, not the $5.50/hr clerk...

Who is the victim? (5, Insightful)

erroneus (253617) | more than 4 years ago | (#31253686)

Let's define this scenario clearly. You put your money in a bank. The bank then gives you access to the bank's services. It's not access to "your" money so much as it is access to a money exchange service. (Think of an ATM and similar services as a vending machine that serves up cash and other things in exchange for the money in your bank account.)

Now there are the criminal parties. These parties are the ones who come in and exploit weaknesses in the system to get cash and other things. In the course of exploiting these weaknesses, they use the credentials of other people to extract the cash and other things from the actual victims.

Who are the actual victims? They are the banks themselves and they are the sellers of other things.

When the people whose credentials were used in the commission of a crime against the banks and merchants are charged with responsibility for the criminal acts, it is the banks and merchants who are victimizing the people... their customers! The criminal performed their crimes against the banks and merchants. It is the banks and merchants who are passing the burden along to the innocent individuals who quite literally have no way to protect or control the situation. It is the banks and merchants who have the means to control and protect.

Every time I hear "identity theft" and other referrals of uninvolved parties as victims of a crime, the lie bothers me. These banks and merchants have created a system that is weak and exploitable that uses its customers as a buffer and even a shield against those weaknesses. You cannot protect your "secret information" so long as it must be shared in order to use it. And once that information is out there and used, the banks and merchants take money from your account instead of theirs. The original victims are, in turn, victimizing the innocent by declaring that the innocents are victims of the original crime.

I am sure there are plenty of people who disagree with my sentiments on the matter. But if you do, point out the flaw in the logic I presented.

Re:Who is the victim? (4, Interesting)

randy of the redwood (1565519) | more than 4 years ago | (#31253858)

Actually, my wife was a victim of this type of scam recently. They systematically cleaned our entire checking account out.
I, like you, felt that the bank's money was stolen, not ours. I put my money in the bank, and had not withdrawn it, so this was essentially a remote bank robbery in my opinion.
Where it gets interesting is this is EXACTLY how the bank treated it. They immediately refunded all money to the account, and then went after the fraud on the other end of the transaction.
Not sure if all banks treat you this way, but B of A did us right. (And they are usually listed as the most evil of providers, so I tend to think they are not unique).
I think identity theft was a real problem 10 years ago before it was understood, but now the banks realize it is not fraud by the victim in most cases and deal with it fairly.

Re:Who is the victim? (0)

Anonymous Coward | more than 4 years ago | (#31254128)

Try getting your identity actually stolen, down to the SSN and all vital statistics. The problem then is that while you may be who you say you are, the bank has no reason to believe you aren't the one scamming and hoping you can get all the money put back in the account. Be prepared for many hours spent on the phone, trying to recall inane details about your life (or the lives of those around you) in hopes of convincing the bank you are really you.

Re:Who is the victim? (1)

theskipper (461997) | more than 4 years ago | (#31254188)

Stories like this are scarier these days with the advent of debit cards. With credit card fraud, if it turns out that the issuer decides they want to collect the money from you then there are at least a couple roadblocks in the way. Once it's gone from the checking account though, all bets are off. And it really boils down to how much you're worth to the bank as a customer.

Personally, I don't like the odds and that's why I store my bank issued ATM/Debit card in very tiny pieces down at the landfill.

Alternate title (5, Funny)

drewm1980 (902779) | more than 4 years ago | (#31253722)

After waiting patiently for the US Government to implement a carbon tax, the ever-altruistic Utah mafia has decided to take matters into their own hands.

Re:Alternate title (0)

Anonymous Coward | more than 4 years ago | (#31253764)

Utah is full of mormons, why would they want a "carbon tax"?

Re:Alternate title (1)

cunina (986893) | more than 4 years ago | (#31253836)

Why would being Mormon affect your opinion about a carbon tax?

mod 04 (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31253826)

moans and groans 4rseholes at Walnut NIGGER community

Never use Debit (2, Interesting)

TheNarrator (200498) | more than 4 years ago | (#31253874)

Obviously you have to use debit at an ATM, but at gas stations i use credit, even with my debit card, because once they have your pin they can get cash out of your account and not just do a credit card charge. The crooks would much rather have the greenbacks than having to buy crap with your stolen card and fence it.

Re:Never use Debit (3, Informative)

Mad Merlin (837387) | more than 4 years ago | (#31254048)

The bank is also far more likely to go to bat for you over a fraudulent credit card charge than a fraudulent debit card transaction. The reason, of course, is that in the former case, its the bank's money on the line (until you pay them), but in the latter case, its your money on the line.

Use legal tender, huh? (1)

macraig (621737) | more than 4 years ago | (#31253914)

This is but one reason why I use only cash to buy gas. The other is that greedy operators like ARCO will skim $0.45 off the top of every debit card transaction. I happened to be an early victim of debit card reproduction over a decade ago, before these current devices even existed; back then it apparently required collusion with a station employee to redirect outside security cameras and collect register data. The result was the same: my Versatel card was duplicated without ever leaving my possession, and then a withdrawal spree took place over three days at race track and casino third-party ATMs all over four counties.

New SCO business model. (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31253920)

I think we found the method SCO is using to get out of bankruptcy.

definitely an inside job (0)

Anonymous Coward | more than 4 years ago | (#31253936)

taking it to a new level, of course

Leave it to california (-1, Troll)

jeffmeden (135043) | more than 4 years ago | (#31253976)

"The scam was first discovered when a California bank's fraud department discovered that multiple bank card victims reporting problems had all used the same gas pump at a 7-Eleven store in Utah."

Of course those nanny liberals in CA found out about it, they are watching EVERYTHING YOU DO. In Utah, they were simply waiting for the free market (or Jesus) to sort it out.

Anonymous? I probably should have.

Re:Leave it to california (1)

sneakyimp (1161443) | more than 4 years ago | (#31254132)

Or Joseph Smith, Jr.

Re:Leave it to california (0)

Anonymous Coward | more than 4 years ago | (#31254304)

How does that differ from the nanny conservatives watching everything you want to do?

I guess I wouldn't be that hard... (1)

adosch (1397357) | more than 4 years ago | (#31254062)

Any gas station you go into now (unless its in podunk la-la land) has a crazy amount of security cameras all over out there monitoring pumps and to catch fuel pumping thieves. I would suppose the reason the high number of pumps that do get hi-jacked are places that aren't open 24-hours or have a douchebag clerk who "pushes the blinky light" to authorize fuel and doesn't notice someone taking apart the pump next to it.

I remember when skimming waiters or waitresses with hand-held swipe devices was "the scam of the year". Someone is always going to 1-up the next I guess. However, it still is very surprising that this type of theft is still happening to begin with, though, and especially to credit card scanning card devices on gas pumps. That's like the bank leaving the door open on an ATM machine.

Re:I guess I wouldn't be that hard... (2, Insightful)

MichaelSmith (789609) | more than 4 years ago | (#31254140)

Buy a commercial van, outfit it with signage "Bobs fuel pump repair services" or some such. Carry the right tools. Make the attendant sign a receipt for the work. Turn up, install your stuff and go. Fake plates obviously.

Not new (1)

teknosapien (1012209) | more than 4 years ago | (#31254088)

this took place in the Delaware county PA about 10 to 12 months ago. One of the tests they gave locals was to give the card swipe area a good tug before scanning Guess the front fascia would pull off easily and it wasn't the banks hat caught it, it was the local police & Wawa

fud? maybe, but it does happen (1)

sneakyimp (1161443) | more than 4 years ago | (#31254116)

It happened to me in Malibu. Bastards made some kind of copy of my debit card and spent $250 before my bank shut them down. Fortunately, my bank (wells fargo) restored the $250 to my bank account. I bet the gas stations where the fake card was used got stuck with the bill. Serves them right for not guaranteeing the financial security of their customers. They should keep an eye on their pumps.

Re:fud? maybe, but it does happen (1)

buss_error (142273) | more than 4 years ago | (#31254414)

I have to say, despite not being very pleased in other ways with Wells Fargo, that they are on top of the game with fraud as far as I can see. I've had five separate issues with my WF credit card in the last year, all of which were handled swiftly (once before I even reported it).

What I really want is a card that I can use for on-line purchases where I either transfer the money for the transaction in advance, or authorize it up to two hours later or it's canceled. I've looked (not very seriously) for two years, but I must be missing it. This seems an obvious evolution to CC use that benefits everyone. AmEx used to have a program like this, but I don't see it now. (NB: Gift cards - read the terms of service. These are NOT an option with those sorts of fees!)

Another thing that needs to stop is revolving charges without cardholder approval. I once used a card to buy a 1 year subscription to a magazine for a friend, then after the year, spent the next 12 months, every month, contesting the charge. I finally closed that card to stop it at it was taking 3 hours a month to file all the paperwork.

Last, there needs to be more enforcement done vis-a-vi credit card fraud. I administer a mail server farm - I see literally THOUSANDS of frauds sent every day. A swift, sure way to stop the merchant account is needed.

hit twice... (4, Interesting)

PhantomHarlock (189617) | more than 4 years ago | (#31254148)

I've been the victim of skimming twice. I love paying at the pump but it's getting out of hand. Even with a credit card it's the inconvenience of filing a dispute, canceling the card, etc. This time they laundered the money by buying five $200 wal mart gift cards with a cloned card.

Here locally they say it's been the Fast Trip and AM PM stations that have been hit. The two with the lowest prices of course.

Kinda fun to see this on Slashdot... (1)

MpVpRb (1423381) | more than 4 years ago | (#31254342)

Off and on, over the last year, I have been employed as a contractor to the ATM industry, to develop anti-skimming hardware and software.

When I started, I was amazed that skimmers worked at all.

Now, I am truly impressed by the ingenuity of skimmer makers.

BUT...in the end, our technology will defeat them...

Isn't this already solved? (0)

Anonymous Coward | more than 4 years ago | (#31254416)

With chip cards, it's my understanding that even having the PIN, it is not possible to perform a transaction without the actual card. They should just swap out all the magstripes for chip cards for everybody. Surely that costs less than what they lose every year with magstripes?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>