Sponsored By

The Strange Case of Gas Pumps & Bluetooth SkimmersThe Strange Case of Gas Pumps & Bluetooth Skimmers

No, we're not talking about a bird, but a tiny wireless device designed to steal your card info when you use a compromised gas pump. Happy times!

Dan Jones

September 28, 2017

2 Min Read
The Strange Case of Gas Pumps & Bluetooth Skimmers

You might not think of an IEEE Summit as the most likely place to hear an intense talk about the lack of security at America's gas pumps, but that's exactly what happened last week at the The 38th IEEE Sarnoff Symposium in Newark, N.J.

Scott Schober, president and CEO of Berkeley Varitronics Systems (BVS) , used his 20 minutes on the podium to talk about how unsuspecting customers are putting themselves at risk using a debit or credit card at a gas pump in the US.

"Security and convenience don't go in hand-in-hand," he chided the crowd.

In fact, he explained that gas pumps are one of the easiest targets around for scammers looking to clone people's cards, using data collected by bluetooth or cellular wireless "skimmers." These devices are installed in the slot where you put your card to pay and scan your data off the magnetic strip.

Typically, a bluetooth skimmer is used and the scammers sit in a car a couple of hundred feet away and collect the data. There are also, however, cellular skimmers that can text the stolen data to the scammer's phone.

"I can buy a skimmer on the dark web, and the details on how to install it, for under $100," Schober said.

So what makes the around 250,000 gas pumps in the US such an easy target for this particular brand of cyber criminal? "There are only six master keys to open up a gas pump," Schober told the crowd. That's any gas pump in the US!

These gas pumps "typically only get inspected once a year," he added. Which could give a lot of leeway to harvest card data.

Berkeley Varitronics, of course, makes several different Bluetooth skimmer scanner systems. These, however, start at nearly $1,000 and are aimed at police and other large security operations, not Joe or Jolene Public out to fill up before a ride on the weekend.

A couple of people in the crowd asked about chip and PIN systems -- where you insert the card and it reads the chip rather than a magnetic strip -- and while Schober allowed that these were moderately more secure, he reminded people: "There's no chip and pin in any gas stations in the US," and there is unlikely to be until 2020.

"We're well over a decade behind the rest of the world," Schober stated.

Checking for Bluetooth signals around you -- via your phone -- is unlikely to help either, since it is impossible to discern who is friend or foe just by looking at the signal ID tags.

So what's the average person to do?

"Cash is king," Schober said. "Use cash wherever possible."

"Use the pump closest to the attendant," he added, since this would be the one that criminals would be least likely to have messed with.

Comforting, right?

— Dan Jones, Mobile Editor, Light Reading

About the Author(s)

Dan Jones

Mobile Editor

Dan is to hats what Will.I.Am is to ridiculous eyewear. Fedora, trilby, tam-o-shanter -- all have graced the Jones pate during his career as the go-to purveyor of mobile essentials.

But hey, Dan is so much more than 4G maps and state-of-the-art headgear. Before joining the Light Reading team in 2002 he was an award-winning cult hit on Broadway (with four 'Toni' awards, two 'Emma' gongs and a 'Brian' to his name) with his one-man show, "Dan Sings the Show Tunes."

His perfectly crafted blogs, falling under the "Jonestown" banner, have been compared to the works of Chekhov. But only by Dan.

He lives in Brooklyn with cats.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like