Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!

Evidence Grows: Credit Card Skimmers May Be Part of International Scam

August 23, 2010

The rash of credit card fraud cases connected to skimmers on area gas pumps appears to be part of an international scam, according to the National Association of Convenience Stores (NACS) and the Alachua County Sheriff’s Office (ACSO). Federal investigators said the scam is widespread in Florida — primarily along interstates — and has been found in other states. Florida has become a prime target for credit card skimmers at gas stations this summer in large part because of its ranking as third behind California and Texas in the number of convenience stores, according to the nation’s largest convenience store trade organization. The Sunshine State is home to 9,223 convenience stores, and 7,280 of those stores — or almost 79 percent — have gas pumps, according to NACS, which represents 49 of the 50 top convenience store chains in the nation. An ACSO spokesman said one pattern investigators have noticed is that the card numbers are not used in the same area where they were stolen. Investigators in St. Johns County had documented about 200 victims so far this year, with most reporting card thefts during the summer months. The spokesman said he expects at least 200 victims to be identified in Alachua County this year.

NACS payments consultant Gray Taylor separates fact from fiction, and provide tips for what retailers and consumers can do to minimize the likelihood they are a target.

What is skimming?

Skimming is any attempt to acquire the data from a credit or debit card transaction. At its simplest, it is stealing credit card receipts. Today, it often involves placing a small electronic device over a terminal that the criminal later takes back to download card data. In all cases, the thieves need to open your dispenser to place the skimming device(s).

Is skimming a particular problem at convenience stores/gas stations?

The incidence of skimming at the fuel island is over-exaggerated, as industry data points to retail environments where the consumer gives up possession of the card as the biggest source of skimming. In fact, according to the 2009 Verizon Business Data Breach Investigations Report, the real risk to consumers isn’t retail at all; 93 percent of compromised accounts occurred at breaches within financial institutions. The simple fact is that criminals go “where the money is,” and complicated, site-based hacks of retailers is a high-risk, low-yield proposition.

Consumer Reports magazine and other publications have suggested that customers use signature debit, instead of PIN, to minimize the risk. Is this good advice?

The recommendation that consumers not use their PINs when paying is erroneous at best, and could increase consumer risk of compromise, overdrafts and increases retail prices.

Industry data shows that card transactions without PINs have a six times greater chance of being compromised – which is why PIN usage is the de facto standard for world payments. Consumers who choose not to use a PIN are also at risk for overdraft fees that occur when their bank does not remove debit holds from their account in a timely fashion. Signature-based transactions are processed on the antiquated Visa and MasterCard systems that do not process in real-time, versus the instant operation of PIN debit. Not using PIN also increases the cost of the transactions, which is passed back to the consumer. The Federal Reserve Bank of Kansas City documented that a $50 transaction processed with a PIN cost the retailer 49 cents, while the same transaction processed without a PIN cost the retailer 68 cents – a cost difference of 19 cents.

The assertion that “a lot of gas pumps use older technologies, so PIN codes are not encrypted” is totally unsupported by the facts. With the introduction of master session encryption technology in the early 1990s, fuel dispensers have been required by Visa and electronic funds transfer networks to encrypt PINS or not accept PIN debit. In fact, every one of the estimated 6 million fuel dispenser terminals installed today accepting PIN debit encrypts PIN numbers – as has been the case for the past 15 years. The convenience and petroleum retail segment has invested more than $5 billion in payment systems and technology to provide a safe, fast and accurate card payment experience for consumers.

How can a retailer check if terminals are being skimmed?

Unless you are a trained dispenser technician, you probably can’t tell. We recommend serial-numbered security strips and periodic inspections of them. The idea is to know if the dispenser has been accessed – if a strip is broken, then shut down the dispenser and call in a tech to inspect the pump.

How can retailers minimize the risk of being skimmed?

Here are three simple steps:

Use serialized security strips over all access doors you wish to protect.

Re-key the locks on dispenser doors that have access to electronic payment data.

Consider investing in anti-breach kits for dispensers. Manufacturers now offer anti-breach kits, which generally notify and shut down dispensers that are accessed without proper security code entry. This can be expensive, but is the ultimate line of defense.

What should a retailer do if there is an incident?

Stop the bleeding. Take the dispenser offline to discontinue any more transactions.

Have a tech identify the device, but do not remove or touch it. If there is no device, get it in writing from the tech and restart the dispenser.

Call the police to inspect. Remember, this is a crime scene and the perpetrators are probably doing the same thing to other retailers in the general area. Also, the Secret Service and FBI are frequently involved in large cases; let the police handle this. After the investigation, ask for a dated police report.

You don’t know if any of the cards used at the dispenser have been compromised, so don’t assume that they have been.

Do you have advice for consumers?

Use payment terminals and ATMs at established retail or banking locations, where access to the device is controlled by on-site personnel.

Use a PIN whenever you can; it reduces your risk of compromise six-fold and leads to lower retail prices.

Place reasonable limits on the daily or weekly withdrawals from ATMs.

Even the latest chip and PIN technology currently being installed outside of the United States has proven to be vulnerable to attack. The latest reports of skimming and the recent news of hundreds of company systems being hacked is irrefutable evidence that the United States needs to have a national conversation about payment, identity and access security, and how this country can lead the world to the next generation of data security, instead of following it.

Security Magazine on the Web has more on organized retail crime at www.securitymagazine.com

Share This Story

Blog Topics

Security Blog

On the Track of OSAC

Blog Roll

Security Industry Association

Security Magazine's Daily News

SIA FREE Email News

SDM Blog

Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing