Site New Answers Search Boards ILM ILE Answers New Question New Questions New Poll Blog View Register Login

Having all your money drained from your bank account from using a Bodega ATM = DUD [NYC]

Message Bookmarked
Bookmark Removed
(11:07:26) XXXX: last night i took out 40 bucks at an ATM
(11:07:42) XXXX: immediately afterward someone took out 3 withdrawls from the same ATM.. 500$, 300$, and 100$
(11:07:55) WIZARDISH UNGRY: i wonder if the atm was hacked
(11:08:05) WIZARDISH UNGRY: was it a bodega?
(11:08:08) XXXX: yep

Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 14:12 (twenty years ago)

holy shit!

Old School (sexyDancer), Thursday, 6 October 2005 14:13 (twenty years ago)

how the fuck does that work?

nathalie, a bum like you (stevie nixed), Thursday, 6 October 2005 14:14 (twenty years ago)

This kind of thing is quite common in the UK, however most people have a daily withdrawal limit of £200-£300. The bank should reimburse anyway under the circumstances?

Colonel Poo (Colonel Poo), Thursday, 6 October 2005 14:16 (twenty years ago)

Yea, the banks working with her. I imagine that shady ATM owners can just do this. Hopefully they'll fuck them in the ass.

This is why we need to go to a chipcard system where the physical card issues a one time transaction id that cannot be used.

Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 14:17 (twenty years ago)

RETINA SCANS PEOPLE ITS THE ONLY WAY

strng hlkngtn: what does it mean? (dubplatestyle), Thursday, 6 October 2005 14:19 (twenty years ago)

i am subliminally paranoid about this on an almost daily basis

strng hlkngtn: what does it mean? (dubplatestyle), Thursday, 6 October 2005 14:19 (twenty years ago)

Basically, I'm going to be confining myself to using ATMs at my bank and other banks in its network.

Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 14:19 (twenty years ago)

I WANT TO USE THE BLOOD VESSEL PATTERN ON MY BONER FOR AUTHENTICATION.

Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 14:20 (twenty years ago)

http://www.longdarktechtime.com/images/eyeball.jpg

Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 14:21 (twenty years ago)

Yeah, I try to never never do this.

SF has these STREET ATMs, too. Like, not attached to a bank or any kind of business, just sat out on the street! I had to use one that was on a big crack block in the Tenderloin when I had no money for drinks at a show, otherwise NEVER NEVER NEVER.

400% Nice (nordicskilla), Thursday, 6 October 2005 14:21 (twenty years ago)

Alternatively, this seems like an awesome business plan.

Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 14:22 (twenty years ago)

This usually happens at bank ATMs here, people attach devices to them that copy yr card info & a hidden camera takes down yr pin when you enter it. NOWHERE IS SAFE!!!

Colonel Poo (Colonel Poo), Thursday, 6 October 2005 14:25 (twenty years ago)

Bbbbbut I thought bank atms were safer :(

Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 14:26 (twenty years ago)

I'm confused. So who took your money, and how did they do it? You swiped your card, made the withdrawal and left? What happened after that?

Super Cub (Debito), Thursday, 6 October 2005 14:28 (twenty years ago)

They probably saved the mag stripe as described upthread and recorded the pin somehow. Then they made those transactions using a duped card.

Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 14:37 (twenty years ago)

Yikes. Though, I guess it's better than having a gun stuck in your face.

Super Cub (Debito), Thursday, 6 October 2005 14:45 (twenty years ago)

I always ALWAYS cover the keypad with my other hand when I type the PIN. This wouldn't do any good if the bad guys were recording the numbers electronically, but it'll stop a camera from taking them down. I would also guess that it was the owners because bodega ATMs usually have a lower withdrawal limit, so if you need, like, over $100 you have to do TWO TRANSACTIONS and they make an extra fee, the tight bastards. Makes me suspicious that the culprints were able to withdraw $300-500 at a time.

Laurel (Laurel), Thursday, 6 October 2005 14:54 (twenty years ago)

I always ALWAYS cover the keypad with my other hand when I type the PIN. This wouldn't do any good if the bad guys were recording the numbers electronically, but it'll stop a camera from taking them down. I would also guess that it was the owners because bodega ATMs usually have a lower withdrawal limit, so if you need, like, over $100 you have to do TWO TRANSACTIONS and they make an extra fee, the tight bastards. Makes me suspicious that the culprits were able to withdraw $300-500 at a time.

Laurel (Laurel), Thursday, 6 October 2005 14:54 (twenty years ago)

Oh, to have a $1000 daily limit on one's bank card! Mine's gotta be closer to $500 or so -- for ATM and debit both.

nabisco (nabisco), Thursday, 6 October 2005 14:56 (twenty years ago)

So, umm, don't bother robbing me and shit, the only nice thing I own is a pair of pants (and they wouldn't fit you).

nabisco (nabisco), Thursday, 6 October 2005 14:57 (twenty years ago)

Hmmph, sorry about that -- I thought I'd stopped the post in time to catch a typo but no such luck.

Laurel (Laurel), Thursday, 6 October 2005 15:01 (twenty years ago)

Replay attacks are LAME!

David R. (popshots75`), Thursday, 6 October 2005 15:15 (twenty years ago)

Yeah theres been scams like this on actual bank ATMs in Sydney recently. Cameras recording the PIN dial in, card reader covers etc.

So yeah Ive started covering the PIN typing with my other hand too.

Trayce (trayce), Thursday, 6 October 2005 15:18 (twenty years ago)

The banking industry has the dumbest security ever. Static account numbers = BS. We need transactional one time account numbers.

Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 15:24 (twenty years ago)

How long before TOMBOT posts here?

Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 15:26 (twenty years ago)

when I key in the pin, I use any combination of my five fingers to press the buttons, while the other fingers touch other keys, making tricky spy camera work a little more difficult.

when something smacks of something (dave225.3), Thursday, 6 October 2005 16:04 (twenty years ago)

oh, meant to say,.. I started doing that after someone watched me enter my calling card number (in the 90's) and racked up over $700 in calls to somewhere in Asia within an hour.

when something smacks of something (dave225.3), Thursday, 6 October 2005 16:05 (twenty years ago)

which bodega?

phil-two (phil-two), Thursday, 6 October 2005 16:19 (twenty years ago)

static account numbers and transit routing numbers are BETTER for the banking industry because they make it easier to report and track fraud.

Snopes on the typical scam:
http://www.snopes.com/crime/warnings/atmcamera.asp

And bankrate.com on "skimmers:"
http://www.bankrate.com/brm/news/atm/20021004a.asp

ATM keypads can't be recorded "electronically" so covering with yr other hand is actually extremely effective at preventing fraud on yr money. Modern CCTV cams can pick up your PIN entry from behind mirrored glass on the other side of the street.

http://www.securityfocus.com/news/9161 = fun to read about VISA keypad sec

Be very glad you don't live in the UK or Italy, though. Scroll down through here:
http://www.cl.cam.ac.uk/users/rja14/wcf.html
CRAAAAAZY!

TOMBOT, Thursday, 6 October 2005 16:34 (twenty years ago)

TB, thought I remembered seeing a news program once about an ATM that had been modified/bugged to record the PINs as people typed them in, although of course it was probably some crappy broadast news and I was only half paying attention. You're saying this isn't possible?

Laurel (Laurel), Thursday, 6 October 2005 16:38 (twenty years ago)

from that link:

A teenage girl in Ashton under Lyme was convicted in 1985 of stealing £40 from her father. She pleaded guilty on the advice of her lawyers that she had no defence, and then disappeared; it later turned out that there had been never been a theft, but merely a clerical error by the bank

WHAT A DICKHEAD FATHER

kyle (akmonday), Thursday, 6 October 2005 16:42 (twenty years ago)

Actually criticizing banking security on the basis of "static account numbers" is kind of like criticizing casino security on the basis of "static dice" just FYI

xpost It's not impossible, but read the securityfocus article. If you want I can go find the Common Criteria Protection Profile that has the exact functional spec for the PED security requirements. Institutions be loving painfully detailed documentation.

TOMBOT, Thursday, 6 October 2005 16:45 (twenty years ago)

Tombot, I'm talking about making crypto cards with nonreplayable one time use signed transaction thingees. Can you give me a reason why this is a bad idea?

Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 17:12 (twenty years ago)

which bodega?

phil-two (phil-two), Thursday, 6 October 2005 17:21 (twenty years ago)

It makes me stupidly proud to know that British criminals lead their American counterparts in this endeavour.

Alba (Alba), Thursday, 6 October 2005 17:29 (twenty years ago)

I've got no expertise on the technical aspects of randomized account numbers, but I imagine if shifting away from static numbers increased banks' costs, such a change would be a long time in coming.

rasheed wallace (rasheed wallace), Thursday, 6 October 2005 17:35 (twenty years ago)

yea, and it would require a HUGE change in banking infrastructure.

Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 17:37 (twenty years ago)

http://en.wikipedia.org/wiki/Smart_card

Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 17:39 (twenty years ago)

One problem I could think of right away is, how would you present account numbers on checks? Any paper-based elements of banking would automatically become way more complicated, it seems.

Maybe instead of account numbers, randomized PINs that are transmitted to the consumer via some sort of SecurID-type system would be more viable?

rasheed wallace (rasheed wallace), Thursday, 6 October 2005 17:41 (twenty years ago)

Yea, that would be more reliable and easily implementable. RSA makes cards like that IIRC.

You could prevent check fraud with a preprinted digitally signed unique watermark on each check I suppose... Maybe an rfid tag that you use against a cryptocheckcard that returns back a number that you handwrite on a check to "sign" it (in addition to the usual MP)

Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 17:46 (twenty years ago)

UK banks have had chip/PIN debit cards for at least a couple of years now, where I guess the idea is that you can't clone the card -- you need the physical card (with a chip on it) and the PIN.

i thought this was going to be about superfluous $1.75 "fees" for cash withdrawal at bodegas draining your bank account; i know they do mine. i went to a bachelor party last weekend and the strip club wanted to charge us $15 to use their ATM.

Tracer Hand (tracerhand), Thursday, 6 October 2005 17:48 (twenty years ago)

this is it:

http://img.photobucket.com/albums/v134/tracerhand/atm.jpg

Tracer Hand (tracerhand), Thursday, 6 October 2005 17:52 (twenty years ago)

we did not continue.

Tracer Hand (tracerhand), Thursday, 6 October 2005 18:01 (twenty years ago)

I'm not surprised. That font and colour scheme – meh.

Alba (Alba), Thursday, 6 October 2005 18:03 (twenty years ago)

!

n/a (Nick A.), Thursday, 6 October 2005 18:03 (twenty years ago)

Someone needs to take that strip club to one side and give them a good, solid lecture on ethics.

400% Nice (nordicskilla), Thursday, 6 October 2005 18:07 (twenty years ago)

happened to me last week

anthony, Thursday, 6 October 2005 18:07 (twenty years ago)

"i have narrowed it down to the washington mutual by nyu actually"

We slandered BODEGAS

Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 18:12 (twenty years ago)

i like reading anthony's post as non-crossed.

Tracer Hand (tracerhand), Thursday, 6 October 2005 18:15 (twenty years ago)

Skipping 7 messages at this point... Click here if you want to load them all.
DON'T BLAME THE MESSENGER -- BLAME HSTENCIL

Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 19:02 (twenty years ago)

Having all your money drained from your bank account from using a Bodega ATM = DUMB [NYC]

lol

lol, Thursday, 6 October 2005 19:04 (twenty years ago)

The acursed lol@lol.com troll strikes again!

Jonothong Williamsmang (ex machina), Thursday, 6 October 2005 19:05 (twenty years ago)

oh snap pwned!!!

Allyzay knows a little German (allyzay), Thursday, 6 October 2005 19:05 (twenty years ago)

hey lol@lol.com troll dude, it wasn't a bodega atm after all!

hstencil (hstencil), Thursday, 6 October 2005 19:06 (twenty years ago)

lol

lol, Thursday, 6 October 2005 19:07 (twenty years ago)

why didnt jon make this thread lol proof?

lol, Thursday, 6 October 2005 19:42 (twenty years ago)

The roffles would still get us

Jonothong Williamsmang (ex machina), Friday, 7 October 2005 12:55 (twenty years ago)

Of course in the UK now you are more covered than most places in the world as the law on fraud here places the onus on the bank to actively prove that you have defrauded them. Carelessness, or being caught by a scam is not your responsibility. So as long as you report it as a crime, and there are cameras showing you actually took the money out, you will always get the money back here.

Pete (Pete), Friday, 7 October 2005 13:01 (twenty years ago)

I've had simple magstripe cards fail on me way too often in the past five years, to the point where two or three months back I had at least 3 broken ones in my wallet (broken = wouldn't read). These are cards you're supposed to be able to keep for 3-5 years at a time and I've only had a couple that ever lasted me that long. The ICs in Smartcards are worse, by a long shot. My last building had smartcards for the laundry room - you put cash in a central depository machine that then coded that cash onto your card. I lost $15 plus the cost of the replacement card (like another $10 or so!) within 6 months of living there.

The other problem is the the ICs in smartcards are super crap at key generation. You basically have to code the whole mess into the card when you issue it and if anything happens to compromise the key pair then you have to take the card out of service and replace it.

That there would be why the only places you see trying to implement enterprise smartcard infrastructure are huge government agencies. Somebody's got to keep those companies in business. Something you have, something you know: the model isn't any different from traditional 2-factor authentication anyway (except for my laundry situation = 1-factor "e-cash" bullshit!) and the whole "biometric smart card" idea turns to snake oil in implementation.

TOMBOT, Friday, 7 October 2005 13:11 (twenty years ago)

this story:
http://money.guardian.co.uk/scamsandfraud/story/0,13802,1339318,00.html
is about the add-on reader / camera approach and was in the paper 2 days after i'd used the atm next to the one that was rigged up.

koogs (koogs), Friday, 7 October 2005 13:17 (twenty years ago)

Tombot, I can't tell you how many times I've seen people in the airport with their SecurID tokens TAPED to the lid of their laptops!

Jonothong Williamsmang (ex machina), Friday, 7 October 2005 13:21 (twenty years ago)

Oh OK and Microsoft and Sun use smartcards for authentication now.
Seriously though I doubt we'll ever see banks fully invest in smartcard infrastructure for ATMs. Fraud prevention typically has the highest ROI for the banking business, so they'd do it if they thought it would make a sense.

TOMBOT, Friday, 7 October 2005 13:29 (twenty years ago)

is your wallet made out of a magnet, tombot?

RJG (RJG), Friday, 7 October 2005 13:32 (twenty years ago)

Having done consulting for banks, I can tell you that everyone who works for a bank is an asshole. They also give you really opened ended specs for stuff and then insist on idiotic cycles of piecemeal revisions.

Jonothong Williamsmang (ex machina), Friday, 7 October 2005 13:33 (twenty years ago)

Most ATM fraud and skimming* comes internally from the bank's own ATM departments. Nothing a smart card can do about that. There's little reason for banks to invest in smart card systems here because there is so little actual examples of failure of the card in this manner as described on this thread. All debit/credit card fraud comes internally from the company or from outright identity theft or people physically stealing the card. I mean that's the bottom line. Jon your idea is fantastic and great and smart, but no bank in America is going to shell out that kind of money to prevent .005% of fraud.

* Meaning of the mystery dollar disappearance variety, not the "fucker stole my credit card" variety.

Allyzay knows a little German (allyzay), Friday, 7 October 2005 13:33 (twenty years ago)

is your wallet made out of a magnet, tombot?

No, it just resembles George's wallet on Seinfeld, so everything in it breaks or falls out unnoticed!

Allyzay knows a little German (allyzay), Friday, 7 October 2005 13:34 (twenty years ago)

http://www.markallen.com/shop/magnets/images/magnets-002.jpg

Ally, do you have a reference for that? It seems to me that most ATM fraud would come from stolen card + pins!

Jonothong Williamsmang (ex machina), Friday, 7 October 2005 13:35 (twenty years ago)

Oh, my reading comprehension sucks, but I'd still like a reference!

Jonothong Williamsmang (ex machina), Friday, 7 October 2005 13:35 (twenty years ago)

Errr I have no idea how to go about getting an online reference for that, I'm closely acquainted with C1t1's security/fraud VP. (I'm also related to the person who bilked D1me in NY/NJ/CT out of a huge amount of money during their stint as the VP of ATM operations).

Stolen card is #1 obv, I mean there's barely any such thing as a pure ATM card anymore so you don't even need people's PIN# to steal shit out of their account. Incl money, just go to a grocery, buy a carton of smokes and ask for $100 back.

Allyzay knows a little German (allyzay), Friday, 7 October 2005 13:56 (twenty years ago)

OMG WTF I JUST REALIZED THAT MY ONE AUNT IS THE VP OF SAVING TEH ATM $$$ AND MY OTHER AUNT IS THE VP OF STEALING TEH ATM $$$ OMG WHY DO THEY NOT NINJA FITE THAT WOULD BE SO COOL?????????????????/

Allyzay knows a little German (allyzay), Friday, 7 October 2005 13:57 (twenty years ago)

Most/All grocery stores only let you get cashback if you use it as an atm card (with pin) to pay instead of a credit card. My understanding was this was to encourage this as credit cards cost more for a biz to process.

Jonothong Williamsmang (ex machina), Friday, 7 October 2005 13:57 (twenty years ago)

I've gotten cash back at bodegas using my credit card!!! Maybe they're doing something illegal there, shocker.

Allyzay knows a little German (allyzay), Friday, 7 October 2005 13:59 (twenty years ago)

whoa, ally, you'd think c!t! would fire your aunt just for guilt by, like, relative association.

hstencil (hstencil), Friday, 7 October 2005 13:59 (twenty years ago)

banks don't care (much) about preventing atm fraud because it's such small potatoes compared to other types of losses resulting from forged documents or bad loans.

btw, (at least here) a lot of generic atms that will charge you that extra fee that your home bank wouldn't, are actually anonymously owned by the bigger banks - so they're kind of double charging their own customers all sneaky like.

Kim (Kim), Friday, 7 October 2005 14:26 (twenty years ago)

results are in for chip and PIN - http://www.theregister.co.uk/2005/10/10/chip_and_pin/

Tracer Hand (tracerhand), Monday, 10 October 2005 19:51 (twenty years ago)

So as long as you report it as a crime, and there are cameras showing you actually took the money out, you will always get the money back here.

I had my bank account fleeced of my entire weekend drinking money life savings (about £200) when I was down in London a few years back. It was proved by science (OK, those wee cameras inside the ATMS) that it wasn't me using the machine after the last transaction I told them I'd made and I still had to pay a £50 excess. Bastarding Clyd3sd4le B4nk.

ailsa (ailsa), Monday, 10 October 2005 20:13 (twenty years ago)

They make such lovely notes, though.

Tracer Hand (tracerhand), Monday, 10 October 2005 20:14 (twenty years ago)

I don't care, they fucking nicked fifty of mine for no fault of my own (other than being pissed and careless on Camden Parkway on a Saturday night, which is not a crime in itself).

ailsa (ailsa), Monday, 10 October 2005 20:21 (twenty years ago)

I don't think most UK banks have that excess deduction, so maybe it's time to switch accounts. I once tried to take £50 out of a Barclays machine at Heathrow airport and no money came out, but it still took the money from my account, and I got all of it back a few weeks later after complaining to the bank.

Colonel Poo (Colonel Poo), Tuesday, 11 October 2005 08:23 (twenty years ago)

Why, thanks for the advice, but surprisingly enough I switched banks about a week later, then bombarded them with tons of letters of complaint which did absolutely diddly squat for getting my money back, but made me feel better anyway.

ailsa (ailsa), Tuesday, 11 October 2005 15:50 (twenty years ago)

three years pass...

sigh

2008-12-10 - ABM Withdrawal $160.00
2008-12-10 - ABM Deposit - $1,000.00
2008-12-10 - ABM Withdrawal $200.00

shitty thing is last few purchases made by me were all christmas gifts for kids! way to kick a girl when she's having a nice week, jerks..

skeletal lexing (Finefinemusic), Thursday, 11 December 2008 03:46 (seventeen years ago)

though right now I am +$640 which is nice, I wish they'd let me keep it for emotional suffering

skeletal lexing (Finefinemusic), Thursday, 11 December 2008 03:47 (seventeen years ago)

ooh, the fakey deposit, that's tricky. sucks :(

ian, Thursday, 11 December 2008 08:20 (seventeen years ago)

three years pass...

Got a weird look from someone when I pulled on the ATM card slot on a gas pump to see if there was a skimmer in there. Explained what I was doing and got an even weirder look.

Have you seen how optimized these things are? http://krebsonsecurity.com/2012/04/skimtacular-all-in-one-atm-skimmer/

Vini Reilly Invasion (Elvis Telecom), Wednesday, 9 May 2012 01:35 (thirteen years ago)

Friend of mine got done just the other day. Her whole account cleaned out completely. The worst part of it is, the bank will sort you out but they dont do so right away, it can take days or weeks. Too bad if you have rent due!

Pureed Moods (Trayce), Wednesday, 9 May 2012 02:21 (thirteen years ago)

I pull on those ATM slots all the time now since my card was skimmed a few years ago. I'm glad i did because twice so far I've had the skimmers pop right off in my hand.

heated debate over derpy hooves (jon /via/ chi 2.0), Wednesday, 9 May 2012 02:39 (thirteen years ago)

no shit

goole, Wednesday, 9 May 2012 02:46 (thirteen years ago)

what the fuck, more things to worry about

sleeve, Wednesday, 9 May 2012 03:08 (thirteen years ago)

Never occurred to me to pull on the slot, but I do cover my hand and stuff. I also try my best nevr to use EFTPOS in taxis, as there's very little oversight going on with those guys in our city right now, and portable ATMs are even more fuck-withable than bank ones are.

Pureed Moods (Trayce), Wednesday, 9 May 2012 03:19 (thirteen years ago)

Jon: what'd you do when you found the skiummer? take it into the branch? I'd be shittin' myself that they thought I'd been messing with the machine!

Pureed Moods (Trayce), Wednesday, 9 May 2012 03:20 (thirteen years ago)

six months pass...

just got off the phone with My Bank, cuz this may have happened at a My Bank ATM.

(I almost always use My Bank ATMs on principle, fuck fees, but apparently I need to work with tellers from now on.)

saltwater incursion (Dr Morbius), Monday, 12 November 2012 23:37 (thirteen years ago)

so many delightful new experiences this year

saltwater incursion (Dr Morbius), Monday, 12 November 2012 23:42 (thirteen years ago)

Shit. how much?

the little prince of inane false binary hype (Alfred, Lord Sotosyn), Monday, 12 November 2012 23:43 (thirteen years ago)

thats kinna personal

not quite a third of what I recently inherited? (A month ago there wouldn't have been anything worth hacking)

saltwater incursion (Dr Morbius), Monday, 12 November 2012 23:46 (thirteen years ago)

Well, no, I wasn't looking for figures, just trying to understand how much it would hurt.

the little prince of inane false binary hype (Alfred, Lord Sotosyn), Monday, 12 November 2012 23:48 (thirteen years ago)

I assume I'm getting credited for it, or I'm going Full Falling Down.

saltwater incursion (Dr Morbius), Tuesday, 13 November 2012 00:06 (thirteen years ago)

eight months pass...

Another one: http://krebsonsecurity.com/2013/07/dont-get-sucker-pumped/

http://krebsonsecurity.com/wp-content/uploads/2013/07/gaspumpPADoverlay-600x192.png

Elvis Telecom, Monday, 5 August 2013 08:48 (twelve years ago)

Gas pump skimmers are getting craftier. A new scam out of Oklahoma that netted thieves $400,000 before they were caught is a reminder of why it’s usually best to pay with credit versus debit cards when filling up the tank.

The U.S. Attorney’s office in Muskogee, Okla. says two men indicted this month for skimming would rent a vehicle, check into a local hotel and place skimming devices on gas pumps at Murphy’s filling stations located in the parking lots of Wal-Mart retail stores. The fraud devices included a card skimmer and a fake PIN pad overlay designed to capture PINs from customers who paid at the pump with a debit card.

According to their indictment (PDF), defedants Kevin Konstantinov and Elvin Alisuretove would leave the skimming devices in place for between one and two months. Then they’d collect the skimmers and use the stolen data to create counterfeit cards, visiting multiple ATMs throughout the region and withdrawing large amounts of cash. Investigators say some of the card data stolen in the scheme showed up in fraudulent transactions in Eastern Europe and Russia.

As the Oklahoma case shows, gas pump skimmers have moved from analog, clunky things to the level of workmanship and attention to detail that is normally only seen in ATM skimmers. Investigators in Oklahoma told a local news station that the skimmer technology used in this case was way more sophisticated than anything they’ve seen previously.

Increasingly, pump skimmer scammers are turning to bluetooth-enabled devices that connect directly to the pump’s power source. These skimmers can run indefinitely, and allow thieves to retrieve stolen card data wirelessly while waiting in their car at the pump.

Elvis Telecom, Monday, 5 August 2013 08:49 (twelve years ago)

A lot of people where I work had their credit/debit card info stolen. At last count I heard it was 200 people.

tokyo rosemary, Monday, 5 August 2013 13:15 (twelve years ago)


You must be logged in to post. Please either login here, or if you are not registered, you may register here.
Site New Answers Search Boards ILM ILE Answers New Question New Questions New Poll Blog View Register Login