VeriFone Secure Retail Payments

News

Click here to access the main News page and view a listing of all available articles.

High-Tech Thievery
www.npnweb.com - 12/02/04

Gasoline stations in Florida have been targets of high-tech fraud worthy of a Hollywood movie.

Thieves installed devices inside the pumps at some Palm Beach County gas stations, and the machinery copied and stored customers' information, reported the South Florida Sun-Sentinel.

The fraud occurred this past summer. It has happened elsewhere before, and is likely to happen more and more, Tom Randolph, an expert in electronic payment systems told NPN MarketPulse.

Randolph said the initial cases of such fraud came to his attention about four or five years ago. Thieves acquire a universal key that opens the fuel dispenser, enabling them to install the copying device, which resembles a small Personal Digital Assistant, he said.

And the advent of wireless technology can work in the thieves' favor, Rolland Trayte, a security consultant told NPN MarketPulse. Recalling a case he worked on, Trayte described how thieves used wireless connectivity to their advantage. "They pull up in a car between the fuel islands, and they have a laptop with a WiFi connection so they can download the data without getting out of the car," Trayte said.

Trayte and Randolph both recommended that operators routinely inspect dispensers to be sure that a copying device hasn't been inserted by thieves. "It's the same place where you put the receipt tape," Trayte said. Contact a locksmith to install unique locks on the dispensers, Trayte also advised. In some cases, dispenser manufacturers' newer models feature unique locks on the compartments, he added.

Factors driving expansion of such fraud, according to Randolph, are: prevailing economic conditions of the past 12 to 18 months; higher than usual gasoline prices; growing technological expertise by organized criminals; and explosive growth in consumers' use of payment cards.

"I think we're going to see more and more of it," Randolph said.

Thieves might have bought a key or possibly worked for one of the dispenser manufacturers and acquired a universal key; sometimes a person makes duplicates and offers them for sale on the Internet, Randolph said.

In some cases the thieves make a deal with the station manager or the attendant "look away" while they install the device in the dispenser, Randolph continued. Thieves also may put a laptop inside a store and capture data from those transactions, even installing a camera in the ceiling aimed at the PIN pad, Randolph said.

Randolph said that he formerly worked at Mobil, where cases of such fraud came up. The oil company worked with Employee Performance Strategies, a training company, to tackle the problem.

The training company held sessions on how to prevent the fraud from occurring. "We separated the managers from the attendants," Randolph said. "We covered this fraud scheme in a bit more detail with the managers than we did with the attendants so that we weren't training the attendants how to steal. That's about the most effective way to prevent that."

The Sun-Sentinel reported on the Palm Beach County cases in its Nov. 28 edition.

Thieves installed devices inside the pumps at several gas stations in the county, and the machinery copied and stored customers' information, the newspaper reported.

"It's such a burgeoning area of fraud," said Special Agent Victor Johnson of the Florida Department of Law Enforcement, according to the newspaper. "It's part of the new computer age, and it's only in its infancy."

The fraud involves an electronic "skimmer" that takes information from credit and debit cards while victims are filling their gas tanks.

At least a dozen victims have been identified in Palm Beach Gardens and Jupiter, police said, according to the newspaper, which described how the scheme works: Thieves put a data collection device inside the pump, near the keypad and card reader. The device has two computer ribbons, including one that takes information from the keypad, such as debit card access numbers. Another clicks into the access port where credit and debit cards are placed to capture other account information. Later, the thieves return, retrieve the device, download the information into a personal computer and then transfer the data onto fake cards with magnetic strips, such as electronic hotel keys.

Once a Visa or MasterCard logo is silk-screened onto the card, the thieves have a working replica of the credit or debit card, the paper reported.

The scam works because the skimmer can easily be put inside a gas pump. Access to the pump is relatively easy, officials told the newspaper. Many pumps use common keys that are easily duplicated.

"The same keys you'd use for your shed or garage doors," Eric Hamilton, chief of the state's Bureau of Petroleum Inspection, said of gas-pump keys. Thieves can get more individual keys from disgruntled employees or buy them on the Internet.

Click here to access the main News page and view a listing of all available articles.