May/June 2021 Issue
Gasoline pumps are prime targets for card skimmers, illegal devices thieves attach to payment terminals and ATMs to collect enough information to clone a credit or debit card. That’s because pumps see high card volumes and are sometimes hard for station attendants to monitor. Bolder crooks will pull a big vehicle in front of a gas station pump, and one person will go in to ask for directions while another installs the skimmer, says Jeff Lenard, spokesperson for the National Association of Convenience Stores.
Most gas-pump skimmers originally were attached externally, over the card slot. Thanks to 3D printers and other new technologies, fake ones can be almost indistinguishable from the real ones. Today, however, most are installed inside the pump, making it more important to choose the most secure payment method.
How Skimmers Work
Skimmers swipe information stored on a card’s magnetic stripe: your name, your card number, and the expiration date, but not the three- or four-digit code known as a CVV. Thieves transfer this data to the magstripe of a counterfeit card, which they can use “ in a store that has not upgraded to chip-based technology,” notes Steve Scarince, associate managing director for Kroll, which specializes in cyber risk security. Or skimmers can use collected data for online purchases that don’t require a CVV.
Although cards with a chip have greater security, they are still vulnerable to skimming because they have the same information encoded on a magstripe.
Some thieves pair a skimmer with a keypad overlay that captures your Personal Identification Number (PIN). If you use a debit card to buy gas and punch in your PIN, crooks may be able to withdraw money from your bank account at an ATM.
Originally, thieves had to physically retrieve the skimmer to access the data it stole. Now, with bluetooth, a wireless technology for exchanging electronic information between devices over short distances, they can sit in a car nearby, “and the data comes to them,” Lenard says.
How to Know You’ve Been Skimmed
If you see surprise charges or withdrawals on your credit or debit card statement, your card may have been skimmed. Some crooks use counterfeited cards at the same place they installed the skimmer, so consumers may not notice fraudulent charges at a station they frequent.
Report any unauthorized activity to your bank or card issuer immediately. Credit card issuers will most likely reimburse you for fraudulent charges up to a certain amount, but recouping money stolen from your bank account can be much more complicated.
Fortunately, thieves don’t get enough information from skimmers to open credit accounts, file a tax return, or apply for unemployment benefits in your name. That kind of identity theft can happen when cybercriminals hack into databases and steal information such as your name, address, birth date, and Social Security number.