All Top Banking

Pumping Gas Just Got Much Riskier - MSNBC

Posted by John B. Frank Thursday, October 9, 2008

I've been blogging about the dangers of paying at the pump for a long time.  The security of the card readers leave much to be desired.  Frankly, a decent hacker wouldn't even need a skimming device,..that's for the amateurs.  Even  when you're not being skimmed by hackers, the banks are putting a hold on your account for up to $100, many times resulting in overdraft charges.  ALWAYS pay inside using your PIN, it's a real-time transaction, eliminating overdraft charges and significantly reducing the likelihood of falling victim to a skimscam.  For more on the subject of skimming, take a look at "related articles" located at the bottom of this post: 

Beware of debit card skimmers - ConsumerMan - MSNBC.com

Secret Service, police warn of 'well-organized' debit card skimmers
By Herb Weisbaum
MSNBC
updated 9:37 a.m. MT, Wed., Oct. 8, 2008


Becki Turner got the call from her bank’s fraud department on Labor Day. The investigator wanted to know if she had withdrawn $500 from an ATM in California over the holiday weekend. She hadn’t. She couldn’t. Turner was home in Puyallup, Wash.

“I was just flabbergasted,” she says. “I had the card with me, the ATM was in another state, and the person using the machine had to have my security code.” Turner worried crooks had gotten into the banking system and stolen her password.

It wasn’t anything that complicated. Puyallup police say thieves snagged her account information — along with the debit card numbers and PIN codes of hundreds of other people — at two gas stations in the area.

They did it by installing their own hard-to-spot card reader, called a skimmer, on top of the card reader built into the pump. The skimmer is able to grab the account information from the card without interfering with the legitimate payment transaction.

The crooks used the stolen data to create (or clone) fake debit cards that were used at ATMs in Washington State over the Fourth of July weekend and in Northern California on Labor Day weekend. The bad guys like three-day holidays because it gives them more time to use the cards before the unauthorized withdrawals are spotted.

“We are looking at a sophisticated, very well-organized group of individuals,” says Detective Jason Visnaw with the Puyallup Police Department. When all the victims from these two incidents are identified, the total loss could reach half a million dollars.

Why steal debit card numbers? “With a credit card you have to go and buy merchandise and then you have to fence it or pawn it,” Det. Visnaw explains. “With a debit card, you’re getting cash money.”

This is not an isolated case. Gas pumps are being compromised in cities across the country. “We don’t view it as an epidemic, but there are cases open in at least a half dozen states right now,” says Ed Donovan, spokesman for the U.S. Secret Service. These investigations are underway in California, Nevada, Pennsylvania, Delaware and Washington.

Donovan tells me the Secret Service believes some of these crimes are inside jobs, involving someone at the service station.

Gas pumps are just the latest target
Skimming credit cards and debit cards is not new. Portable card readers make it possible for anyone to copy the information stored on a card’s magnetic stripe. This information is not encrypted so it’s easy to steal.

“You just run it through the skimmer and it has all the information right there in plain text,” says former White House cyber security advisor Howard Schmidt. “It’s very easy to imprint that data on another magnetic strip and use it somewhere else.”

The first skimming cases were reported at restaurants and stores where dishonest employees ran cards through their reader before ringing up the sale. As technology improved, the bad guys developed skimmers for ATMs. Now they’ve added gas pumps.

The skimmers are designed to slip over the real card reader. They can be hard to spot. And quite frankly, most of us would never look for something like this anyway. We want to pay and go.

So how do they get your PIN number? They can hide a little camera in the skimmer or on the pump. It shows your fingers as you type in the number.

There are also fake keypads that slip over the real keypad that can transmit the PIN code as you enter it.

In Las Vegas, police have discovered even more sophisticated technology – wireless transmitters installed inside the pump. “They can actually sit in the parking lot with a laptop and get real-time information as victims use their card,” explains Lt. Robert Sebby of the Las Vegas Metropolitan Police Department. Because there’s nothing on the outside of the pump, there’s no way you can tell the pump is compromised.

Not a safe way to pay
Nancy and Jim Tew no longer use their debit cards to pay at the pump — and for good reason. They both had their debit card numbers stolen at one of those gas stations in Puyallup, Wash.

Nancy Tew found out about the theft when her card was rejected at the grocery store. “To my astonishment, I had no money in the bank,” she said.

The thieves used her account number at ATMs in Hollywood, Calif., to steal $600. They got $900 from her husband’s checking account. She tells me it was “totally bizarre and really scary” to be targeted like that and not even know it.

The Tews now pay for their gas — with cash or debit card — at the register. That may sound paranoid, but other victims of this skimming attack tell me they now do the same thing.

Police in Puyallup and Las Vegas now advise residents not to use their debit card at a gas pump because there’s no way to be sure it hasn’t been tampered with.

That’s smart advice and here’s why. Debit cards do not offer the same fraud protection as credit cards. If crook armed with a skimmer snags your credit card number and uses it to buy things, you can dispute the charges with the credit card company. You won’t owe a thing while they investigate.

If the crook grabs your debit card number, he can go to a cash machine and pull money out of your checking account. It could take days for the bank to investigate and put that money back into your account. During that time checks could bounce or you might not be able to pay your bills. That’s why the only way I pay at the pump is with a credit card.

© 2008 MSNBC Interactive

URL: http://www.msnbc.msn.com/id/27085818/




Reblog this post [with Zemanta]

0 comments

Post a Comment

Powered by Blogger.

Blog Archive

Search This Blog

Our Manufacturing Facility

Learn More About Us

Find out how our patented technology can empower your financial institution.

Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)

There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.

Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."

Total Pageviews

SLIM for PC or SmartPhone

SLIM for PC or SmartPhone
Click to Inquire

Chip and PIN eCommerce and Mobile

Chip and PIN eCommerce and Mobile
Click to Inquire

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers

Translate This Blog

BobCaps

Search ePayment News (example: NFC)

About Me

My photo
Named one of the best Payment Industry News Blogs 4 Years Running

Feedjit

My Zimbio