Skimmers Using Bluetooth To Cover Tracks

The good news for potential fraud victims in Southern California is that three men were arrested for skimming credit and debit card information at gas pumps.

The bad news is that thieves elsewhere are getting savvier, and they’re using wireless technology to avoid the physical problems that often trip up skim-scammers.

A skimmer is a device placed over the card-reader at point-of-service locations like gas stations and ATM machines. Sometimes there’s a tiny camera nearby that watches you type in your PIN, and other times there’s a fake “PIN pad” that records the digits you type in on the real pad. So if the thieves know what they’re doing, they can obtain magnetic strip and PIN information, and use this to create a fake card that can be used to make purchases.

The drawback for more traditional skimming schemes is that the skimmer has to be picked up now and then and the account information retrieved. Each pickup raises the chances that a thief will be detected and caught.

A special Los Angeles County law enforcement group called the Southern California High Tech Task Force spent four years investigating this kind of crime, and this week it announced the arrests of three men who had bilked 15,000 people out of about $3 million, the L.A. Daily News reported.

During “Operation Big Skim,” police searched the men’s homes and found more than $40,000 in cash, hundreds of counterfeit cards, cell phones, computers and Bluetooth-equipped skimming devices, according to the paper.

Yes, you read that right: Bluetooths (or is it teeth?). The technology that allows an earpiece to communicate with a cell phone a few inches away can be used to beam card information pilfered by a skimmer to someone waiting with a nearby laptop.

That’s just what some Utah thieves have done: They’ve hit 200 gas stations and haven’t been caught yet. The Bluetooth-aided skimmer beams the data in any direction, but at short distances, so there’s usually little sign of a theft in progress. And even if the device is discovered, there’s no data stored on it to implicate anyone. Evan Schuman’s recent piece on StoreFrontBackTalk is a fascinating exploration of how this technology is being used by scammers.

What to do? You can always pay cash at the pump. Avoid using a card at a drive-up window, where you can’t see what the clerk is doing with the card once you’ve handed it over.

Next, encourage gas stations and other businesses to be aware of threats to customer data at point-of-service locations.