5 Ways Skimmers Work
Published: June 2016
LOS ANGELES -- At one time, the City of Angels had more incidences of skimming at the pump than the entire nation combined, said a member of the Secret Service assigned to catch card-data thieves.
Through investigations and crackdowns, skimming in Los Angeles has decreased, said Steve Scarince, assistant to the special agent in charge, Los Angeles Field Office of the Washington, D.C.-based Secret Service. Florida is now the No. 1 state for skimmers, he told CSP Daily News.
Since skimming at the pump became a focus for his L.A.-based team in 2012, he’s tracked the evolution of the devices. Here’s what he’s discovered:
1) The Mini 123 skimmer is what Scarince called the “Model T” of skimmers. Functional and “ugly,” he said it’s commercially available for $60 to $200. With each card number fetching $100, thieves can recoup their investment after two cards. On average, the devices capture 400 to 800 card numbers before being discovered.
2)People caught skimming tend to have industry experience, such as former station owners, technicians and attendants, Scarince said. They know the vulnerabilities of the pumps. In this example, he showed a ribbon wire inside the pump that transmits credit-card information “in the clear.” Today’s dispensers have more sophisticated locks, retailers use decals to identify tampering and employees do regular pump checks, but older pump models are still in the field and open to theft.
3) Older skimmers passively record data, so thieves had to go back and pull them out to retrieve the card numbers. Authorities found that out, catching the thieves when they returned. Unfortunately, the thieves found a work-around. Now they attach Bluetooth devices and can sit in a parking lot across the street and collect data wirelessly.
4) A “clip-on” attachment pierces the ribbon and connects the skimmer to the flow of data. The clip-on pieces leave puncture marks, which is a sign the pump has been compromised.
5) A common electronic device sold under the brand name Sidekick lets users transmit music to a Bluetooth speaker. Scarince said criminals convert the devices to transmit card data and personal identification numbers (PINs) in real time, with the skimmer unit storing no data.