Usually occurring at ATMs, skimming devices that steal credit and debit card info are now discovered in gas pumps and restaurants: Internet Scambusters #423
Crooks have gas pumps in their sights in the latest wave of card skimming scams.
They install devices, invisible to staff and customers, which read details off credit and debit cards and can even secretly film the keying of PIN numbers.
This week, we explain this latest version of a multi-billion dollar scam that also steals card information from ATMs.
Gas Pumps Targeted in Latest Card Skimming Scam
Security experts say that skimming, the process of secretly reading data off your credit and debit cards, could be netting crooks as much as $3 billion a year in the US.
That's the word from the US Secret Service, via the banking community's educational website BankInfoSecurity.com, which claims ATM skimming is now the fastest-growing electronic fraud risk for financial institutions.
It's some consolation that, if your card gets skimmed, your bank or other issuer will probably make good on the loss, provided you report the incident promptly.
But if the card details are also used for identity theft, you could spend months trying to sort out the damage.
In the past, most skimming has taken place at ATMs, where crooks mask the real card slot with their own device, disguised to look like the real thing. Some of these ATM skimmers are extremely convincing.
They read your personal info off the card's magnetic strip, while a secret camera films victims punching in their PIN numbers.
You can read all about this and how to reduce the risk of getting scammed this way in one of our earlier issues, ATM Theft: 8 Tips to Protect Yourself From the 5 Most Common ATM Scams.
And to illustrate just how easy this is, you may be interested in watching a video seized from crooks and recently posted by the European ATM Security Team (EAST).
The thieves recorded their own hijacking of an ATM because the spy camera they installed was working when they set it up.
You'll be shocked at how easily they read those PIN numbers.
Gives you the chills doesn't it?
As technology evolves to make it tougher for ATM skimmers to pull off their crime, the crooks develop new ways to circumvent this -- most recently using audio devices inside their skimmers.
Pay-At-The-Pump Skimming
However, the crime has now also taken a worrying turn by targeting gas station pumps, which are far easier to tamper with than ATMs -- and more difficult to detect.
Posing as maintenance techs, the crooks actually open up the gas pump card readers and insert their skimming devices inside.
Most gas stations apparently use the same master key codes on their pumps, making them easy prey for the scammers.
So, unlike the ATM skimming version of the crime, where a sharp eye could spot that the machine has been tampered with, users, including the pump attendants, may be totally unaware of this skimming and scanning.
Severe outbreaks of pay-at-the-pump skimming have been reported across the US, notably Florida and Utah. In one recent check-up, 180 pumps had been hijacked.
Like regular ATM skimmers, the devices read the magnetic strip from the cards, while a hidden camera picks up the keypad clicks for debit card PINs.
The stolen information is then transmitted wirelessly to the crooks, who use it either for fraudulent purchases or, with debit cards, to manufacture so-called "white-cards" -- blanks onto which the data is loaded so they can be used at ATMs to drain cash from victims' accounts.
Restaurant and Store Skimming
Another alarming development is the apparent growth in use of small, pocketable skimming devices, which can be used by restaurant servers and store cashiers.
It takes just a couple of seconds for the card to be swiped on the way to the register.
The scammer may also read the three-digit security code on the back of the card on the pretext of checking your signature.
In a variation of this crime, crooks have actually been known to replace portable credit card terminals in stores and restaurants with their own "doctored" machines, which, again, store and transmit information.
What Can You Do about Skimming?
With ATM skimming, please read the 8 Tips to Protect Yourself from ATM Theft in our earlier report, ATM Theft: 8 Tips to Protect Yourself From the 5 Most Common ATM Scams.
In addition, if your bank doesn't make a charge for it (some now do), you might even consider withdrawing your cash via the teller rather than using the ATM, or having a separate account in which you keep only a small cash float with a strict "no-overdrawing" provision.
Beyond that, the banks and card companies themselves have a lot to do, certainly in the US, which lags behind Europe and Canada in the use of sophisticated microchips on cards, which are more difficult for skimmers to read.
The same goes for gas station operators who have been duped into allowing their pumps to be tampered with. They need to alter the default security codes on their machines and double-check the credentials of anyone supposedly carrying out maintenance.
As a consumer, there's not a lot you can do about this new gas pump trick beyond being extra vigilant in monitoring your bank and card accounts.
If you don't already have online access to your accounts, why not set this up and check your statement every day? It only takes a couple of minutes.
It's difficult, too, to protect your card when you pass it to a server or store clerk.
Try not to let it out of your sight. If a clerk says they have to take it to another register, follow them and watch carefully.
One encouraging trend in some restaurants is the use of handheld card terminals which are swiped at your table, within plain sight.
More of these would be a good move, though, of course, that still doesn't guarantee the integrity of the scanner -- or the user!
A fallback is to carry a modest amount of cash, maybe a couple of $50 bills, that you can use if you feel uncomfortable or suspicious at a particular venue -- keeping your cards safely out of reach.
In our recently published Top 10 Scams list for 2011 we predicted that skimming would become a "star performer." Sadly, this looks likely to come true.
That's all we have for today, but we'll be back next week with another issue. See you then!