ATM Card Skimmer Crimes Rampant in South East

We reported on ATM Card Skimmers in the past. It was amazing to most readers (me too!) how “normal” the addition of a card skimmer on your average ATM looks. Of course they are manufactured to slip onto the equipment unnoticed, but there is always that hope that you are attentive enough to catch such a thing.

Unfortunately it looks like a rash of ATM card skimmer crime is going on across the country right now (Florida and 180 stations in Utah) and has become much more advanced than the previous “slip on” remote cameras that are easier to spot and detach.

As it turns out the surprisingly near-sighted companies that manufacture the gas pumps and ATM card reading equipment use a single key approach; where 1 key opens all the god-forsaken machines. How, in 2010, where we bank online, identity theft is rampant and we’ve seen theft performed in every way possible, there is still a highly technical industry out there, that services the countries infrastructure, that isn’t smart enough to figure out that a single key opening the gas pumps isn’t a good idea.

Even though this design exhibits severe negligence on the part of the gas pump producer and the implied promise they make to us as consumers to at least make an attempt at keeping our electronic banking information safe, they will never be held accountable. If your information is stolen and used, well, that’s your problem. You shoulder the burden of proof, the time and costs associated with that.

There is something wrong with this picture.

So what these scammers have been doing, is rolling into gas stations late at night, opening the machines with the single manufacturer’s key, and then wiring up an additional card reader and Bluetooth transmitter inside the machine; so you have no hope of noticing if you are using a compromised machine or not.

The case of card skimmers installed inside the pumps isn’t just a few concealed cases, it’s a rampant issue with most of the 180 compromised machines found in Utah using that technique. I would expect at some point in time I’ve likely used a few compromised pumps at this point and have no idea if at some point in the future I’ll get surprise charges on my card from Uzbekistan.

It looks like being vigilant and checking the device you are using isn’t enough if the weakest link in the security-chain is the company that produces the device you are using in the first place. Here are a few ways you can make sure to avoid getting your card stolen by a card skimmer:

  • Pay inside, there is a very low likelyhood that anyone came inside the gas station and hacked the credit card machine sitting at the counter (thanks Nick!)
  • Sign up for and use gas-station-specific “Fast Pass” or “Fast Pay” dongles that you can add to your keychain. This helps you avoid your ATM or credit card all together.

Regardless of the strategy you employ, being vigilant and watching your ATM charges and credit card charges closely is always important. Also try and avoid using pumps, ATMs and other electronic payment devices that are in disrepair or poorly monitored areas — like at the back dark corner of a store — where it would be easy for someone to slip a device out of their backpack and fit it onto a machine when not being watched.

Try and use devices that are sitting front and center by an attendant and would be high risk for someone to come in and try and modify.

At least we can lessen our chances.

Update #1: As Nick correctly points out in the comments, walking inside and paying there instead of at the pump is a way to avoid getting caught by a card skimmer.

Update #2: In addition to Nick’s suggestion, I would say that those gas-station-specific “Fast Pay” dongles you can get are always a way to avoid getting your credit card snagged.

Update #3: I have gotten into the habit of grabbing the card slot on the machines and jiggling or pulling on it to see if it comes off:

It is far from sure-fire, but in the off chance that the adhesive has started to degrade, the whole panel might come off, revealing a card-skimming machine and keep you safe.

This does not protect you against the more advanced cases where the machine itself has been compromised as described in this article though, and that is unfortunate.

, , , , , ,

6 Responses to ATM Card Skimmer Crimes Rampant in South East

  1. nick July 15, 2010 at 7:06 pm #

    or… you can stop being lazy and just walk inside to pay for your gas…

    • Riyad Kalla July 15, 2010 at 11:28 pm #

      I don’t know if paying at the pump is a function of laziness… but yea, that is absolutely a valid solution as well. Thanks Nick.

  2. Soendoro Soetanto July 21, 2010 at 4:54 am #

    That happened at my place one time. I changed my ATM password and my bank added extra security at their ATM booth. I tried as much as possible to use the ATM inside the bank or ATM with security guard.

    Soendoro Soetanto

    • Riyad Kalla July 21, 2010 at 5:54 am #

      Soendoro, very good idea. The ATM’s inside the bank are almost always a magnitude or more safer than the ones outside.

      I noticed I’ve gotten into the habit of grabbing the card-slot on ATM card readers now and shaking them or pulling them to see if they pop off or if they are part of the original housing on the device. It gives me a BIT more confidence, but that doesn’t help the unbelievably stupid design of using a single master-key to get inside all the machines.

      That is still horrifying to me.

      Out of curiosity, are you located in Florida?

  3. Jeff July 22, 2010 at 8:33 pm #

    I know it is not IF but WHEN I will fall victim to one of these things! Just makes me mad that our banking industry (as well as many more yes OIL i am talking to you too) would rather save money in the manufacturing process for the machines than to make them much more secure!! It would be like an apartment complex having all the doors keyed alike!!!

    • Riyad Kalla July 23, 2010 at 5:59 am #

      Jeff, that’s exactly what it’s like, and the only “security” you have is just relying on most people staying in or near your apartment building *not* wanting to break into it.

      Of course, it only takes 1 or 2 people to decide they want to, then everyone is screwed… very similar situation here.

      I don’t even know if it’s an issue of saving money as much as it’s an issue of absolute apathy towards the end-user. They have never been pushed to require greater security on these devices so they never bothered to put the time in to add it.

      It’s so damn frustrating because these machines (ATM machines, gas pumps, etc.) are our only option in some cases — we are required to use them — and they aren’t even made safely.

Leave a Reply