Attack Computer Wiz

A Security & Technology Weblog

A card skimmer is a device that can be installed on a legitimate credit card processing device that will record the information that is stored on the magnetic stripe. Many of these devices can be installed in minutes and are designed to be completely invisible to the casual user.

AM/PM convenience stores in Northern California seem to be popular targets for criminals using these devices. I feel that the simple reason for this is that AM/PM is about the only pay at the pump gas stations around that require the use of ATM cards and in most cases disallow the use of credit cards.

Why would that matter? Basically your ATM or debit card is tied directly to your savings or checking accounts. This means that when you, or a criminal, uses that card it makes a draw against your account taking your money. This is in contrast to a credit card which is credit, or money borrowed. It is much easier to file a claim of fraud and not be held liable for transactions on a credit card than it is to try to plead with your bank to return money stolen.

Card skimming is a practice that has been around for quite a long time. You can find plenty of examples on YouTube. Often they will not only employ the skimming device but a small well hidden camera that records your keystrokes as you type in your PIN number. Another way to capture the keystrokes is to install a false keypad over the actual keypad.

What can you do to protect yourself? Use the same pump, ATM, or other device every single time, even if it means waiting in a longer line. If you are familiar with the design, color, look, feel of the keypad and card slot you may be able to detect any changes to those parts and those changes should be your ‘red flag’.

If you have to use a machine that you are not familiar with: shake it, jerk it, push it, pull it, tap it, move it. If there is some device covering the slot or keypad you may be able to jar it loose and expose the fraudulent device.

If you find one, contact the local law enforcement agency and advise them of what you had found. If it is during business hours contact the store/bank too. And be sure to review your statement for unauthorized purchases.

Of course the example in the link below says that the device was actually installed inside the gas pump. Might be an inside job?

Sacramento Bee

user Posted by Mike Wright

| More


Post a Comment