Credit: Brian Krebs – krebsonsecurity.com
In cringe worthy news it seems that high tech criminals have raised the stakes in sophisticated skimming devices that steal credit card information. Criminals hide these evil devices that anyone can buy over the Dark Web, around ATMs, gas pumps, and other places unsuspecting consumers swipe their credit and debit cards. These credit card skimming devices steal the magnetic strip information from your card. Thieves use the stolen data to make a reproduction of your card and run up huge charges. It gets worse as criminals also attach cameras to ATMs to steal pin numbers so they can withdraw cash from the cardholder’s checking account. Credit card companies and stores are switching to EMV cards (embedded chip), which unlike magnetic-stripe cards, the card chip creates a unique transaction code that cannot be used again, which thwarts the hackers.
In this deadly cat and mouse ‘game’ the crooks have been using skimming devices with an embedded Bluetooth component allowing thieves to collect stolen credit card data wirelessly with a mobile device within reach. However, law enforcement agents can apparently find these hidden skimmers by detecting the Bluetooth signal. Brian Krebs at KrebsOnSecurity.com writes that New York investigators have found GSM based credit card skimmers that send stolen data via SMS, enabling criminals to transmit the stolen data wirelessly and in real time without ever having to return to, or be near the planted devices. While GSM credit card skimmers are not new according to fraud investigators this is the first time these devices have been found installed inside gas pumps. The other frightening thing investigators found according to Krebs, was that the skimming devices were connected to the gas pump’s internal power, so essentially they could run pretty much forever or until they are discovered. Apparently, criminal skimming organizations can open up a great many pumps in use today with merely a handful of master key possibilities. Gas station owners are currently not culpable for fraud that results from skimming in their premises but have until October 1, 2020, to enable their devices for chip and PIN technology or otherwise, they do become liable.
