In trucking there is no way around it. You will find yourself at a truck stop daily getting fuel, food, supplies and rest. Now think back to what you just did. Did you run your fuel card at the fuel pump? Did you use it to get a cash advance out of the ATM? Did you use your personal debit or credit card? If so, you could be among the millions that have experienced credit card fraud by way of skimming devices. In 2015, CFI, along with several other trucking companies, found ourselves victims of credit card fraud. We later found out that this happened because certain truck stops had skimming devices, so when our drivers used their card at that location, it was cloned. At the time, it seemed like the criminals were targeting the trucking industry and companies had to take a hard look at their processes in place to help prevent credit card fraud. Though our fuel vendors have made strides to protect their equipment and customers information, the skimming devices have gotten smarter and harder to spot.
In this three part series, we will discuss device types, how to keep your information safe and what to do if you are a victim. We teamed up with Financial Crime Officer, Detective Francis from the Joplin Police Department and a high-ranking banking professional to get a better understanding of skimming devices. We want to empower you to recognize devices, report devices, and recoup funds lost if you have been a victim.
Skimming devices are card readers attached to the real payment terminals. They come in many shapes and sizes and are used on various machines such as ATM's, gas pumps, at the register, and more. Some skimmers have Bluetooth capabilities and are transmitting the data real-time to a thief nearby. Detective Francis has seen two types of skimming devices in the Joplin area but mentioned that Springfield, MO has seen far more instances. One was at the ATM and the other was wired inside the card reader at a fuel pump. Yes, you read that right. Someone opened a card reader at the pump and put a device inside the reader. Detective Francis says that the only way to do that is for someone to have a key to the pump. There is no way for the general public to know that the device was there. It was only found by a technician working on the pump.
Fuel Pump Fraud
The most recent device Detective Francis found was at a small gas station with no visible security cameras, nor did it have protective tape that would have alerted the consumer that the box had been opened. Devices that are found inside pumps are are almost impossible to detect when just standing at the pump. This particular instance, the device was not transmitting data and required the individual to come back for the device in order to have access to the information collected. One clue that the card reader or 'point of sale' machine has been tampered with, is the tape on the pump is cut or not adhering properly like the example pictured above.
Another device is the card reader itself. In the pictures below, notice how much bigger and bulkier the devices on the right are compared with the devices on the left. An external pump skimmer is attached to the end of the card reader stealing the information off of every card being swiped.
It is common to see signs warning to cover your PIN when entering it. As a result, many people think there is a security camera somewhere above watching them. They are usually on top of the machine and out of your eye line.
These cameras are difficult to detect and often connected to the skimming device.
The device that Detective Francis found on an ATM was actually an external face that attached to the ATM and looked as if it belonged. It had a pinhole camera so that the pin number could be duplicated along with the magnetic strip. This mechanism much like the one on the fuel pump card reader is larger than the original and it records the data from the cards magnetic strip. Many times a keypad overlay is put on top of the factory installed keypad recording pin numbers. Also, a camera can be hidden near or on the skimmer to record your PIN as it is entered. That information is then used to make counterfeit cards for purchases. Skimmers can vary in size and shape and some can cover the entire machine while others are compact. Here are some examples of what the skimmers look like.
Skimming Devices at the Fuel Counte
These are called Point of Sale (POS) skimmers. These are fraud devices made to steal bank card and PIN data at the register. The card reader on the left is the fake one; the larger size is pointed out in the picture. The one on the right is correct. Seeing them side by side it is easy to see the difference, but typically at the fuel desk there is only one which would make spotting a fake more difficult.
As technology grows smarter, so does malware. In the coming series we will discuss some common ways to keep your information safe.