Police in at least two cities advise consumers not to use their debit
card at a gas pump because there’s no way to be sure it hasn’t been
tampered with.
By Herb Weisbaum
MSNBC
Becki Turner got the call from her bank’s fraud department on Labor
Day. The investigator wanted to know if she had withdrawn $500 from an
ATM in California over the holiday weekend. She hadn’t. She couldn’t.
Turner was home in Puyallup, Wash.
“I was just flabbergasted,” she says. “I had the card with me, the ATM
was in another state, and the person using the machine had to have my
security code.” Turner worried crooks had gotten into the banking
system and stolen her password.
It wasn’t anything that complicated. Puyallup police say thieves
snagged her account information — along with the debit card numbers
and PIN codes of hundreds of other people — at two gas stations in the
area.
They did it by installing their own hard-to-spot card reader, called a
skimmer, on top of the card reader built into the pump. The skimmer is
able to grab the account information from the card without interfering
with the legitimate payment transaction.
The crooks used the stolen data to create (or clone) fake debit cards
that were used at ATMs in Washington State over the Fourth of July
weekend and in Northern California on Labor Day weekend. The bad guys
like three-day holidays because it gives them more time to use the
cards before the unauthorized withdrawals are spotted.
“We are looking at a sophisticated, very well-organized group of
individuals,” says Detective Jason Visnaw with the Puyallup Police
Department. When all the victims from these two incidents are
identified, the total loss could reach half a million dollars.
Why steal debit card numbers? “With a credit card you have to go and
buy merchandise and then you have to fence it or pawn it,” Det. Visnaw
explains. “With a debit card, you’re getting cash money.”
This is not an isolated case. Gas pumps are being compromised in
cities across the country. “We don’t view it as an epidemic, but there
are cases open in at least a half dozen states right now,” says Ed
Donovan, spokesman for the U.S. Secret Service. These investigations
are underway in California, Nevada, Pennsylvania, Delaware and
Washington.
Donovan tells me the Secret Service believes some of these crimes are
inside jobs, involving someone at the service station.
Gas pumps are just the latest target
Skimming credit cards and debit cards is not new. Portable card
readers make it possible for anyone to copy the information stored on
a card’s magnetic stripe. This information is not encrypted so it’s
easy to steal.
“You just run it through the skimmer and it has all the information
right there in plain text,” says former White House cyber security
advisor Howard Schmidt. “It’s very easy to imprint that data on
another magnetic strip and use it somewhere else.”
The first skimming cases were reported at restaurants and stores where
dishonest employees ran cards through their reader before ringing up
the sale. As technology improved, the bad guys developed skimmers for
ATMs. Now they’ve added gas pumps.
The skimmers are designed to slip over the real card reader. They can
be hard to spot. And quite frankly, most of us would never look for
something like this anyway. We want to pay and go.
So how do they get your PIN number? They can hide a little camera in
the skimmer or on the pump. It shows your fingers as you type in the
number.
There are also fake keypads that slip over the real keypad that can
transmit the PIN code as you enter it.
In Las Vegas, police have discovered even more sophisticated
technology – wireless transmitters installed inside the pump. “They
can actually sit in the parking lot with a laptop and get real-time
information as victims use their card,” explains Lt. Robert Sebby of
the Las Vegas Metropolitan Police Department. Because there’s nothing
on the outside of the pump, there’s no way you can tell the pump is
compromised.
Not a safe way to pay
Nancy and Jim Tew no longer use their debit cards to pay at the pump —
and for good reason. They both had their debit card numbers stolen at
one of those gas stations in Puyallup, Wash.
Nancy Tew found out about the theft when her card was rejected at the
grocery store. “To my astonishment, I had no money in the bank,” she
said.
The thieves used her account number at ATMs in Hollywood, Calif., to
steal $600. They got $900 from her husband’s checking account. She
tells me it was “totally bizarre and really scary” to be targeted like
that and not even know it.
The Tews now pay for their gas — with cash or debit card — at the
register. That may sound paranoid, but other victims of this skimming
attack tell me they now do the same thing.
Police in Puyallup and Las Vegas now advise residents not to use their
debit card at a gas pump because there’s no way to be sure it hasn’t
been tampered with.
That’s smart advice and here’s why. Debit cards do not offer the same
fraud protection as credit cards. If crook armed with a skimmer snags
your credit card number and uses it to buy things, you can dispute the
charges with the credit card company. You won’t owe a thing while they
investigate.
If the crook grabs your debit card number, he can go to a cash machine
and pull money out of your checking account. It could take days for
the bank to investigate and put that money back into your account.
During that time checks could bounce or you might not be able to pay
your bills. That’s why the only way I pay at the pump is with a credit
card.
Cyber Security Tips N Tricks describes various tips and tricks about cyber security, safe surfing, ethical hacking, network security, Internet, news related to software, hacking, security breaches, vulnerabilities, phishing, google, yahoo, CERT, US CERT, security agencies, etc.
Tuesday, November 4, 2008
Beware of debit card skimmers
Labels:
atm,
bank fraud,
cyber attack,
debit card,
frauds,
hijack,
police,
skimmers,
US,
wireless
Subscribe to:
Post Comments (Atom)
This was very good content for all who want to know new information related to Debit card. I really impress to your blog and also your best work.
ReplyDelete