Do those apps that scan for card skimmers at gas stations work?
This question was answered on February 7, 2019. Much of the information contained herein may have changed since posting.
Credit card skimmers are a growing problem, especially at gas stations because gas pumps still aren’t setup to read chipped cards.
In the past, thieves would have to sneak the skimmers on to the gas pumps and then come back later to remove them in order to collect the stolen info.
Thieves can now sit in their car close to where the skimmers are installed and grab stolen card numbers via Bluetooth.
What Skimmer Apps Do
There are a couple apps that attempt to detect Bluetooth enabled skimmers.
An iPhone app called Card Skimmer Locator (https://apple.co/2MVT1GC) scans for any Bluetooth Low Energy (BLE) devices and alerts users if one is detected - BLE devices won’t necessarily show up in the regular Bluetooth settings on your phone.
The problem with this approach is that it can easily generate false positives if you happen to be near wireless headphones, wireless beacons or other BLE devices that have nothing to do with skimmers.
If you use this app, it’s important to pay attention to the device name that the app detects so you can search the Internet for info to help you determine if it’s a skimmer or not.
A slightly better approach to detecting skimmers is taken by the Android app called Skimmer Scanner (http://bit.ly/2MVgtn9) because it looks for a specific type of device.
Many of the Bluetooth skimmers use cheap off-the-shelf radios that have the same device ID of HC-05 and the default pairing passcode of 1234. When the app sees a device with the HC-05 ID, it attempt to connect and send a command to see if the device responds as a skimmer typically would.
The problem with depending on this app is that it’s just a matter of time before thieves start using devices or device names that are different. Unless the app developer can keep up with the changes quickly, there will be a lot of false negatives which will give users a false sense of security.
It’s also possible that a completely legitimate device is using the same transmitter because they’re readily available and so cheap.
Additional Protection Tips
Not all skimmers, especially older ones, have a Bluetooth transmitter, so no app will help you detect them. Always take a look at the card reader to see if it look different than the rest of the equipment in either color or age. Grasping the card reader and giving it a tug can also detect when a skimmer has been slipped over the gas pump card reader.
Get in the habit of using the pumps that are in plain view of the clerk in the store, as thieves tend to target the pumps that are the farthest away and hardest to see from inside the store.
Consider getting a gas card from one or two companies with lots of stations, so you can avoid exposing your credit or debit card to skimmers. If you have to use a debit card, use it as a credit card to avoid having to type your PIN in which skimmers can also capture.
If you’re ever concerned, opt to pay inside instead of at the pump or move on to another gas station.
About the author
Posted by Ken Colburn of Data Doctors on February 7, 2019