Picture this: You’re running late for work. In a rush, you race to your car and hop in. On the way, you notice your gas light is on. Quickly, you pull into a gas station and whip out a credit card.
Not paying attention, you slide the card in the terminal and begin pumping your gas. Within minutes you are back on the road, hoping you make it to work before your meeting starts.
Later that day, you receive a call from your bank for exuberant charges out of area on your account. How could this happen? You just used your card for gas this morning… right?
Credit Card Skimming
This is the tale security professionals hear all too often. This is the story of credit card skimming.
What is credit card skimming you may ask? To break it down, credit card skimming is the act of stealing credit card credentials from legitimate credit card transactions. This can include ATM machines and gas station pumps acting as the vessel for this scheme.
Nine times out of ten, victims have no idea that a skimmer is attached to one of these machines. Either we are in a hurry to pump gas or talking on the phone while punching your pin into the ATM, thus allowing the skimming to take place.
The untrained eye isn’t looking for the skimmer device that is sitting on top of the legitimate terminal. But, throughout this article, a closer look at how to identify skimmers will be demonstrated and how to not fall victim to such an attack.
How does a credit card skimmer work?
To begin, let’s take a look at how credit card skimmers actually function. Skimmers work and are created in a variety of ways.
First, let’s break down a gas pump skimmer. The skimmer for a gas pump is attached in a number of ways. One, attackers attach a skimmer to the card reader or the number pad located on the pump.
Once attached, anytime that a card is put through the terminal, the skimmer can pick up all the credit card data.
Within the skimmer is a chip that reads that credit card data and transmits it back to the attacker. So not only can they access your card, but store the data for further use.
This then allows criminals to use victims credit card information for fraudulent purchases now and down the line.
Second, skimmers are also popularly placed on ATMs. Attackers place a malicious keypad over the legitimate one in order to record your pin number. Skimmers are also placed over the credit card terminal to steal your banking credentials.
The following actions are the same as the gas pump skimmers. The chip within the skimmer transmits the data back to the attacker for use and storage.
Identifying a Credit Card Skimmer
Now that you know what a credit card skimmer is, here’s how to actually identify one when you are out and about.
To begin, pictured below is a legitimate credit card terminal on a gas pump. In the picture, you can see what a real, tamper free gas pump terminal looks like.
In the next picture, it shows what a gas pump terminal looks like with a skimmer attached. One can see the extension of the skimmer on the terminal from the side. But, most customers are not examining a gas pump credit card terminal.
Skimmers become easier to identify when you know what you are looking for. Taking the extra moment to examine your gas pump and or ATM could save you thousands of dollars, even if it waste a minute of your time.
The key indications of credit card skimmers are:
- Extended credit card terminals
- Raised keypads for pins
- Extra hardware in general
How to Protect Yourself Against Credit Card Skimmers
Gas stations and banks alike continue to add to their repertoire of security measures to combat skimming. Such measures include security seals to indicate tampering at the terminals and surveillance equipment. The image below shows a label that some businesses use to indicate if the systems inside the pump have been tampered with. If tampering occured, the seal is either broken or turns color and reads VOID.
And like always, customers have the option to pay inside for gas or carry out banking directly with a teller. What the criminals are preying on is that the hustle and bustle of life forces you to choose the quicker option. We have the power to take that away, but not always the time.
In The Future…
All in all, criminals are always finding new ways to steal information. But through education and reading articles like this one, the information can spread. Through this awareness is also propagated, thus created a more informed public.
By Taylor Ritchey