Experts: Card skimmers growing more sophisticated, harder to detect
Credit-card skimmers like the one found at a GetGo gas pump in Ross this week are increasingly sophisticated, and might not always be revealed by a quick inspection or broken seal, security experts say.
One of the devices to lift credit- and debit-card information was discovered inside a pump at the gas station on McKnight Road on March 19, and might have been there since as early as Oct. 1, officials said Monday .
Some card-skimming devices on gas pumps, ATMs and cash registers fit over the legitimate card reader and copy a user’s card number, name and expiration date when the user swipes for a purchase. More sophisticated devices can have hidden cameras or a fake keypad that can also capture a user’s PIN as it’s entered, giving them enough information to copy and use debit cards.
A spokesman for GetGo parent company Giant Eagle said the skimmer used at the McKnight Road gas station may have gone undetected so long because the criminals installed it inside the pump, using a side door.
Det. Brian Kohlhepp of the Ross Police Department said he had no photos of the device that he could share, because it had been logged as evidence and locked up. Police had not found any additional skimmer devices in the township as of Tuesday, but there have been others discovered around the region over the last few months, he said.
“A number of agencies in our area have found skimmers throughout the year,” he said. “Every week or two, I’m getting emails from another department that’s found one.”
San Jose-based analytics company FICO reported there had been a 10 percent increase in compromised debit cards in 2017, and 8 percent more card readers at U.S. ATMs, restaurants and merchants — not including online credit card fraud.
“The number of compromises and the number of card members impacted set a new record last year,” said TJ Horan, vice president of fraud solutions at FICO, in a March 7 statement announcing the company’s findings. “While most devices are safe, fraudsters are developing new technology and methods for hacking ATMs.”
Security blogger Brian Krebs wrote in January that criminals are hiding harder-to-detect skimming devices inside legitimate card readers, especially as more banks and credit cards use more secure chip-embedded cards instead of just magnetic strips. Some devices, known as “shimmers,” fit completely inside the card reader’s slot to grab chip data, though they can only be used to clone another magnetic-stripe-only card, and would rely on banks not properly using security features in the chip, Krebs wrote.
Skeptical customers are always advised to look carefully at card readers and keypads on ATMs, gas pumps and registers to see if anything looks out of the ordinary, like a card reader or keypad that’s loose or made of a different material than the rest of the device, according to a guide at creditcards.com . Other signs could include unexpected resistance when inserting and removing one’s card, or security seals that are broken. Even just cupping a free hand over the hand entering a PIN could protect that information from hidden cameras. Kohlhepp also advised keeping a close eye on your bank records to spot fraudulent transactions if your card data has been compromised.
Gas stations have until 2020 to transition to chip-card readers , meaning they could remain more vulnerable to skimming attacks. Giant Eagle said it would accelerate efforts to improve security technology on its gas pumps in response to the Ross skimmer’s discovery.
Matthew Santoni is a Tribune-Review staff writer. Reach him at 724 836 6660, email@example.com or via Twitter @msantoni.