GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Tapping into portfolio power players

News

Industry Update

Debit surcharges targeted by California lawmakers

Have NFC payments reached tipping point?

Skimmers shifting from ATMs to gas pumps

Trade Association News

Selling Prepaid

Prepaid in brief

Legislative fallout for gift card providers

Thom Aldredge
World Gift Card

Views

ISOs, MLSs and financial services re-regulation

Patti Murphy
The Takoma Group

Fraud trends in 2010

Nicholas Cucci
Network Merchants Inc.

Education

Street SmartsSM:
Variations on valuations

Ken Musante
Eureka Payments LLC

Going global in Europe

Caroline Hometh
Payvision

Succeeding at PCI compliance - Part 4: Maintaining the program

Dawn M. Martinez
First Data Corp.

Technical details: What to share and what to spare

Dale S. Laszig
Castles Technology Co. Ltd.

Are your online contracts enforceable?

Sarah Weston
Jaffe, Raitt, Heuer & Weiss PC

The proper care and feeding of LinkedIn

Marc W. Halpert
Connect2Collaborate

Company Profile

Federated Payment Systems LLC

New Products

iPhone terminal with gateways galore

iPay POS
Rapadev LLC

Inspiration

Shuffling the deck on negative people

Departments

10 Years ago in
The Green Sheet

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

August 23, 2010  •  Issue 10:08:02

previous next

Skimmers shifting from ATMs to gas pumps

A rash of recent incidents in Florida involving card skimmers at gas stations may indicate a shift away from the use of skimmers at ATM sites and toward their use at other automated payment kiosks, analysts have said. Gas stations appear to be particularly vulnerable.

Two skimming devices were found July 23, 2010, at a Gainesville, Fla. gas station. Gainesville is in Alachua County, where several other skimmers had been found earlier in the month. The first one was found at an Aluchua County Shell station on July 6; two more were then discovered at a nearby Sunoco station on July 8.

According to Michael Tyler, Director of Marketing, Integrated Systems for VeriFone Inc., the Florida incidents are part of a growing problem in the United States.

"We've seen an increase in the focus of the data criminals on fuel dispensers targeting areas where you'd typically see crime - New York, Florida, California, Las Vegas," he said. "Candidly, the economic downturn of 2008 and 2009 coupled with $4 a gallon gas prices really hurt this industry."

Security holes

There appear to be several reasons behind the rise in the use of skimmers at gas stations. One is that banks and ATM providers have ramped up the security around ATMs, prompting criminals to seek other unguarded targets.

Another reason is the relatively lax security at many gas stations and the ease with which criminals can perpetrate large-scale thefts using skimmers at service pumps, according to Tyler, who added that pumps open using a universal key that yields access to the mainframe and circuitry used to route electronic transactions.

"There's a common set of keys that will open almost any fuel dispenser out there, and you can buy them on eBay," Tyler said.

"Bad guys drive up to the fuel stations, pose as a pump technician and open up the terminal, usually from the side of a pump that's opposite the cashier so they can't be seen without a camera," he added. "They'll unplug one cable that connects the key pad to the display and fit in a connector device. It takes two minutes."

Also, many pumps do not use encryption at the immediate POS, instead routing transactions to the station's central terminal (located in the attended kiosk or service station) before they're encrypted. Tyler said criminals thus get readable data; they usually install a Bluetooth or other transmitter with the skimming piece to relay card data to a nearby computer.

Many stations behind the curve on PCI

According to Tyler, the newest Payment Card Industry (PCI) Data Security Standard (DSS) addresses these and other problems - by mandating, among other things, that service pumps contain encryption measures, unique access controls and tamper resistant modules that deactivate upon detection of a foreign presence.

But he added that, although the July 1, 2010, deadline for implementing the new measures has passed, many gas stations lag behind.

That is true of merchants generally, but Tyler said gas station owners are having special difficulty mustering both the initiative and the funding to achieve PCI DSS compliance. He said upgrades that run as high as $3,000 per fuel dispenser combined with the sheer number of dispensers out there can total more money than many franchises are willing to spend.

"The problem with fuel stations is that credit card fees are the biggest cost component of their business," Tyler said. "The margin they make on fuel is all gone with the costs from card transactions, which make up the bulk of their transactions."

However, Dee Karawadra, founder, President and Chief Executive Officer at Impact PaySystem, a merchant service provider that specializes in gas stations and convenience stores, said skimming at service stations has yet to mushroom into a major problem. He said the biggest security concern has long been the practice of using service pumps as a testing ground for stolen cards; gas pumps are favored targets because they are unattended and ubiquitous.

He added that the volume of consumer traffic at gas stations can be its own security check against skimmers.

"An average gas station sees something like 200 or 300 people a day," Karawadra said. "People are constantly coming in and out, where at ATMs it can be easier [to plant a skimmer] because often nobody's around to see you.

"I've heard some stories of skimming going on here and there, but it's not as big a problem as you might think. Criminals are always one step ahead of us but, as of yet, I haven't heard of any major issues."

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Electronic Merchant Systems | Board Studios