In our ongoing efforts to educate and inform, our partners at Patriot Capital have asked us to share the following article written by Fredrick Kunkle that appeared in the Washington Post on June 16, 2017. Read the original article here.
When you’re filling your car at the gas pump this summer, you could be also be giving a thief access to your bank account or credit card.
Gas stations are a chief target of criminals who use data-grabbing skimmers to siphon data from drivers’ credit and ATM cards, according to law enforcement officials and gas retailers. Almost daily, the secretive and illegal devices are discovered at gas stations across the country, such as here, here and here. Earlier this month, Fairfax County police reported finding 21 skimmers at 15 different locations in the past year.
Skimmers work like legitimate banking card readers, but they are secretly installed in or on the pumps by criminals to steal people’s financial data. Gas stations are particularly vulnerable, but banks and other businesses have also been hit.
“The people who are doing skimming — it’s amazing, some of the things they do,” said Lyle Beckwith, senior vice president for government relations at the National Association of Convenience Stores (NACS).
Gas stations are targeted because of their physical layout and the volume of their business. Thieves find it relatively easy to use gas station islands as cover while they tamper with the machines, Beckwith said. The devices are placed either inside the pumps by thieves who jimmy them open or outside the pumps using overlays on the pump’s card reader. Usually, thieves put one skimmer in a single gas station, but that one device can capture a lot of card data.
NACS, which represents more than 2,100 retailers, says nearly 80 percent of the fuel in the United States is retailed through them. Although only a small fraction of those fill-ups get skimmed, a small fraction of 29 million daily fuel customers can mean a lot. A single skimmer can collect data from 30 to 100 cards a day, NACS says.
To counter them, retailers have been sealing the pumps with special tape. If you see that the seal is broken, you should not use the machine and should alert the operator, he said.
Retailers think the problem will diminish once consumers and retailers fully adopt chip technology, according to Rob Underwood, president of the Petroleum Marketers Association of America.
“As of now, there is a wait time for retailers to have access to the new equipment, which costs around $20,000 per pump,” Underwood said in an email. He said consumers and retailers will still remain vulnerable to fraud until credit card companies allow retailers to require consumers to use PINs on transactions.
NACS has produced a video for its retailers that’s also helpful for consumers, which you can view here:
Here are some tips from law enforcement officials and retailers to protect you at the pump:
- Use cards with PIN numbers
You’re better off using a card with a PIN if you buy gas, according to NACS and PMAA. NACS, citing a 2013 Federal Reserve study, says you’re four times more likely to be ripped off if your transaction is made without a PIN.
“Signature-based transactions are processed on the antiquated Visa and MasterCard systems that do not process in real-time, versus the instant operation of PIN debit. Not using PIN also increases the cost of the transactions, which is passed back to the consumer,” NACS says. It also says that even old dispensers have technology to encrypt PIN numbers, and that gas pumps have been equipped with them since the early 1990s. “PINs provide a higher level of security. That is why banks require them for transactions at ATMs,” it says.
However, it should be noted that Fairfax County police say that if you’re ripped off via a credit card, you have more protection as a consumer than if the thieves do somehow get your PIN and access to your bank account.
“When the money comes out of that bank account, it’s a lot more difficult to get reimbursed,” Fairfax County Police Officer Tawny Wright said.
That said, the retailers — who bear the cost for fraud — still say they think customers are better off using the PIN.
- Avoid older gas pumps if you can
These pumps are easier to break into and tamper with. Newer pumps have technology to prevent being ripped off.
- Check to see whether the pump has been tampered with
Thieves install internal devices by opening the pumps and putting them inside. But gas stations have fought back by using serial-numbered security tape that track the reasons why the dispenser door was opened. If the tape is cut, damaged or broken, it should “bleed” to alert people that it’s been tampered with, NACS says.
For external skimmers, which are installed over an existing keypad, look to see if the keypad is raised. You can do this by running your fingernail along the edge, NACS says. The skimmer may also be loose or wiggle when you touch it.
Police said newer Bluetooth skimmers are particularly tricky to detect because they can be hidden entirely inside the pumps.
- There’s an app for that
Retailers can use the SkimDefend app, along with special NACS tamper-alert decals, to track attempts to mess with the pumps.
- What should you do if you suspect a pump has been tampered with?
Customers should alert the gas station operator, who should shut the pump down immediately and have it inspected by a technician.
NACS also advises that no one, including the technician, should touch or remove the device. Let the police handle it. In large cases, the FBI and Secret Service sometimes get involved, NACS says.
- Check your banking and credit card statements frequently for suspicious charges
If you see anything out of order, call your bank or credit company to report it right away.
If you are a petroleum retailer unsure as to whether now is the time to upgrade your equipment with EMV technology, have questions about equipment and/or financing, we invite you to contact us at 1.800.451.4021 and along with our partners at Patriot Capital, we can explore your equipment and financing options to ensure your location(s) have the latest and greatest data security and your customers’ bank accounts and credit cards are safe from such data skimming technology and practices.
We appreciate your continued business and support!