Blog article
See all stories »

Pay-at-the-Pump Skimming Using Bluetooth

Skimming data off of debit and credit cards has been happening at ATMs, gas pumps and electronic funds transfer point of sale terminals for quite some time.

When criminals plant skimming devices, they have to physically attach a skimming device that fits over the face of the ATM’s card slot. Then they install a small camera that shoots video of your pinpad which extracts user PIN codes. The camera is often housed inside of a brochure holder or little box that may have a mirror glued to its face. The mirror is made to loom like a security feature preventing shoulder surfing.

Once the criminals attach the devices they have to wait it out for someone to then use the ATM or gas pump before they can remove the device and download the data. It is in the best interest of the criminal to leave the skimmer on the machine for as long as possible to skim as many cards as possible. Because every time the skimmer is removed and replaced it becomes another opportunity for the thief to get caught or for something to go wrong.

In Utah a group of criminals one-upped other ATM scammers by installing Bluetooth enabled skimming devices that broadcast the skimmed data to a nearby storage devise, probably a laptop. Bluetooth’s range can be just a few feet to as much as a city block. So the criminals had to be in a car nearby.

What made these devices even more sophisticated is they skim the card data and grab the PIN code via the all-in-one combo skimmer and PIN pad device affixed to the face of the pump that allowed the financial transaction to occur.

This entire process allows the criminal to steal “data-on-demand” and immediately turn it into cash. Further, it provides the criminal with the freedom to decide whether or not they want to retrieve the skimming device thereby lessening their chances of being caught.

You can’t protect yourself from this kind of skimmer by covering your pin due to the fact that the device is the pinpad. So if you use a device like this you are screwed. Ultimately, you must pay close attention to your statements. Also, pay close attention to details, and look for anything that seems out of place. Refute unauthorized transactions within 60 days. Check with your bank to determine what their timeframe is to refute unauthorized withdrawals. In some cases it can be as early as a week.

Protect your identity.


Comments: (0)

Now hiring