Gas Pump Credit Card Skimmers – How to Protect Yourself Against Them
The FTC issued an advisory about credit card skimmers today. Summertime is a peak time for traveling by automobile and buses. More driving means drivers are filling up at the pumps more frequently. This also means that hackers have a greater number of opportunities to skim your credit cards and debit cards at the gasoline pumps. Hackers use the credit card skimmers to steal credit and debit card data from unsuspecting travelers.
A credit card skimmer is physical hardware that is attached to a credit card reader. The credit card skimmer is a device that is placed on top where you swipe your credit or debit card at a gas pump. They can also be attached to ATM machines or anywhere you would swipe a magnetic strip payment card. Skimmer can be attached to any POS terminal, but hackers tend to target unattended terminals like self-service gas pumps and ATMs. Since credit card skimmers are visible (if you know what to look for) they are not typically used on attended POS terminals where a cashier handles the transaction.
Credit card skimmers record payment card data, including the card number and expiration, by reading the data from the card’s magnetic strip. Card skimmers can also record your PIN number if another device is attached to the keypad. The card number can then be used to make purchases online. Hackers also sell lists of stolen credit card numbers to people who then use the cards to steal money from account holders.
Credit card skimmers work on PIN and Chip cards as well. Since vendors in the United States still use Chip and signature processing, the credit card data can be used to make online purchases.
How to Protect Yourself Against Credit Card Skimmers
- Look for damage or anything unusual on the payment card reader attached to the fuel pump or ATM. Does it look like it has been tampered with? [Figure 1] Does it look different from the other credit card readers on the other pumps at the gas station? A credit card skimmer may render the legitimate equipment loose. Try to wiggle the card reader. If it does not seem like it is solidly attached, then don’t use it.
- Use gas pumps and ATMS in well lit locations. Hackers tend to place credit card skimmers on dark or less traveled machines. This makes is more difficult to see that there is something amiss with the credit card reader.
- If you have a debit card, don’t use your PIN. Process the transaction as a credit card. That way you won’t give a hacker direct access your money in your bank account. The card number can be used to produce another physical card with your account number on it. With the PIN< a hacker can go and make a withdrawal from your account at an ATM cash machine.
Figure 1 Photo credit: Royal Canadian Mounted Police in Kamloops, Canada
If a gas pump credit card reader looks like it has been tampered with, then make your purchase elsewhere. You can also pay inside to the cashier and use that credit card reader or pay with cash. Set up SMS messaging so you receive a notification every time your card processes a purchase. Monitor your credit card and bank accounts to spot fraudulent purchases.
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers