Pay-at-the-Pump Skimming: 'Epidemic'

Florida, Texas Police Report New Incidents, Arrest

By , August 12, 2011.
Pay-at-the-Pump Skimming: 'Epidemic'

F

See Also: Targeted Attacks - 6 Keys for Fighting Back

rom Florida to Texas, more reports of pay-at-the-pump card-skimming scams are pouring in to law enforcement agencies.

On Wednesday, the National Association of Convenience Stores, better known as NACS, issued a statement about skimming trends in Tampa, Fla., saying the theft of debit and credit card numbers at pay-at-the-pump gas terminals has become nearly epidemic. And on Thursday, a detective with the Euless, Texas, Police Department said a months-long investigation into skimming at gas pumps throughout northern Texas has finally come to a close, after local authorities arrested and charged a 51-year-old fraudster for his role in masterminding the scheme.

Back in Florida, police in Hillsborough County have reportedly confiscated four skimming devices from Tampa-area RaceTrac stores this year alone. Again, as has been the case in previous pay-at-the-pump attacks, the fraudsters installed skimming devices inside terminal enclosures, making them undetectable to passers-by. [See More Pay-at-the-Pump Skimming.]

RaceTrac says it has implemented changes that prevent master keys from opening all of its gas-pumps, and the chain adds that it is consistently working with financial institutions and law enforcement to update security measures and systems that can quickly detect suspected card fraud.

Gray Taylor, a security and compliance expert at NACS, says if RaceTrac, a convenience store chain known for its high level of security, could fall victim to a skimming scheme, any operator could be hit.

"RaceTrac is one of those operators that takes security pretty seriously," Taylor says. "They are one of the most forward-thinking in security. They were one of the first to be PCI compliant, and they aren't afraid to spend money on security. I guess it just goes to show: You can do everything, but if you forget to change the keylocks on your dispensers, then you can be breached. I've just got to believe this is a hole in their security approach."

Pay-at-the-pump skimming is a well-known problem in Florida, where criminals target summer travelers along interstates and hot-spot destinations. Last year, police in Florida took their awareness campaign against skimming a step further, suggesting consumers avoid using pay-at-the-pump terminals all together and pay inside, with cash. [See Pay-at-the-Pump Card Fraud Revs Up and Pay-At-The-Pump Skimming - a Growing Threat.]

NACS Anti-Skimming Campaign

While pay-at-pump skimming incidents account for a relatively low percentage of card compromises, Taylor says, public awareness and media attention have fueled concerns. And there's no doubt that the continued use of master keys for access to gas-pump enclosures remains an industry problem.

"There are 900,000 pay-at-the-pumps out there, and, literally, I have four keys in my desk that will open up every dispenser in the United States that has not been upgraded," Taylor says. "Today, you can buy new dispensers that have unique keys. The problem is doing something with the dispensers that are out there; getting these guys to upgrade."

But sometimes the considerations and barriers to ensuring pump enclosures have unique keys go beyond the convenience stores, reflecting a need for broader education initiatives.

"I've had operators come back to me to say their fire marshals are not allowing them to change the keys. The fire departments want one key that can open all of the enclosures," Gray says. "I don't know if that's been the case in Jacksonville, Fla., but it has elsewhere. NACS can try to educate some of these guys, but it is a challenge. They don't understand that you don't need to open the dispenser to turn off the gas. But getting that across to some of these fire departments is challenging."

NACS also is working to educate gas station operators about that master-key vulnerability, and through a recently launched security campaign that focuses on pay-at-the-pump skimming, Gray says NACS is making headway, albeit it slow. "We're going to keep pressing, and that's why we keep putting these skimming updates on our website," he says. "You've got to get out there and learn how to fight this."

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Top U.S. Government Data Breaches

From an intrusion at the U.S. Postal Service to the NSA leaks by former contractor Edward Snowden,...

Latest Tweets and Mentions

ARTICLE Top U.S. Government Data Breaches

From an intrusion at the U.S. Postal Service to the NSA leaks by former contractor Edward Snowden,...

The ISMG Network