Credit Card Skimmers: Detection and Prevention

Posted on by

For the second year in a row, the percentage of American drivers who have been a victim of card skimming at the gas pump has grown significantly, according to a new report from CompareCards. Nearly a third of those who purchased gas in the last 30 days believe they’ve been a victim of either credit card or debit card skimming at the pump. That’s up from 23% in 2019 and just 15% in 2018.

What is credit card skimming? It’s the practice of adding tiny, almost undetectable devices to payment terminals in an effort to steal the magnetic card stripe data. This data typically includes the name, card number, and expiration date. In the beginning, scammers used to install the skimmers and then they’d have to return to the pump to retrieve the device and data. Thanks to updated technology, that’s not necessary anymore. Fraudsters can now incorporate bluetooth and cellular networks into their skimming devices and access the data remotely.

To combat fraud the major credit card networks — Visa, MasterCard, American Express and Discover — required retailers to upgrade their terminals by October 2015. Under the credit card companies’ rules, businesses that didn’t comply would be liable for costs associated with card-related fraud that happened because of their failure to do the upgrade. Gas stations were exempted from that deadline, however, because upgrading gas station payment terminals often means replacing gas pumps altogether, making the upgrade process far more disruptive, time-consuming and costly than for most other retailers. The original deadline for gas stations to make these improvements was October 2017, but it got pushed back to October 2020. However, in the wake of the COVID-19 outbreak, it was pushed back again earlier this year and is now April 2021. It’s possible that the deadline could move again depending on the state of the pandemic next spring.

Spotting these devices:

  1. Check the pump panel for tampering: The lockable door on the gas pump (or ATM) should be closed and securely fastened; many gas stations take the additional step of placing a tamper-resistant seal over the door. If the tamper-resistant seal is broken, do not use the gas pump and tell an employee that the pump may not be safe to use.
  2. Look for a Bluetooth signal: If you enable Bluetooth on your cellphone and one of the “devices” you can connect to is a string of letters and/or numbers, you’ve probably discovered a Bluetooth-enabled skimmer at that gas station. There are also apps that search for Bluetooth-enabled skimmers.
    BLE Scanner for Android: https://play.google.com/store/apps/details?id=com.macdom.ble.blescanner

Prevention:

  1. Pay inside and/or pay with cash
  2. Use the pumps closest to the store. The more visibility that the store clerks have to the pump, the less likely that the pump is to have been tampered with.
  3. Use a credit card instead of a debit card. In fact, a gas card is better than a credit card, because it can only be used at the gas station.
  4. If you do use a debit card at the pump, choose to run it as credit instead of putting a PIN number in. That way, the PIN number is safe.
  5. Monitor bank accounts regularly to spot any unauthorized charges.

If you suspect your credit card number has been compromised, you should report it immediately to both the authorities and your credit card company.