Cybersecurity expert and BVS, Inc. CEO, Scott Schober, bags another hidden skimmer into evidence
Massive Ponzi schemes created by the likes of a Bernie Madoff or Sam Bankman Fried get all the attention. They rake in greedy or gullible investors and depending upon their positioning within the pyramid, stand to make a lot of money or lose their shirts. It’s certainly a grift predicated on betting big in order to win big. But there’s another, smaller ongoing grift that affects all of us. Some of us in small ways and some in big ways.
According to FICO, debit card skimming increased by 700+% in the first half of 2022 and 70% of fraud cases in the U.S. are tied to skimmers in CA, NY, PA, FL, and WA. Skimming is a multi-billion dollar crime and these large numbers don’t even take into account all of the collateral damage that stems from the ensuing identity theft and credit fraud down the line. Card skimming is essentially an extra card reader secretly inserted into any normal looking ATM, gas pump or vending machine. It allows the customer to make their transaction seamlessly while also stealing their card and personal data.
If you’ve ever gotten alerts from your bank detailing possible fraudulent charges, there’s a good chance that your card has been recently skimmed. And even if you’re lucky enough to not have had your accounts drained, you still face the major inconvenience of waiting for a new card to be issued to you only after a series of unnerving questions surrounding your recent purchases. Of course, you also face the distinct possibility of identity and monetary theft if you fail to freeze your credit in time. So am I just trying to scare you into a defensive posture right now or do I have a point to this lecture?
One point I would like to make is that the good guys are on the case. The public is regularly reminded to check for suspicious alterations made to gas pump and ATM card slots and keypad overlays. Skimmer alerts are regularly issued to service stations or banks that fall into an epicenter of fraudulent activity, particularly when an actual skimmer is discovered. Skimmer fraud task forces are also on the case, but is this enough? We don’t think so which is why my company has entered into the card skimmer detection game. We sold hundreds of Skim Scan™ skimmer detectors to retail centers, credit unions and fuel stations across the country and we’re just getting started. Unlike other anti-skimming solutions, our skimmer detectors require no hardware modifications, can be operated by anyone, and only takes a few seconds to detect a hidden skimmer without the need to open up every machine for thorough inspections.
My company is really a wireless security company at its heart, so we have also introduced BT (Bluetooth) skimmer detection products which have become a growing concern. A BT skimmer can be hidden deep inside a payment terminal. It behaves like any other card skimmer but transmits all stolen card credentials wirelessly to a nearby cyber thief. The risk of getting caught while trying to retrieve stolen data wirelessly is next to none. This quick turnaround allows thieves to steal credentials and create an army of cloned cards all in the same day. These cards are then dispersed around the area to withdraw large but controlled sums of cash from victims’ accounts so as not to arouse too much suspicion among account holders, banks or law enforcement. According to studies, the average card skimming event captures 185 cards and the average skimmed card will generate $2,000 in fraudulent charges before being detected. Some simple math tells us that a single skimmer can generate around $370,000 of stolen cash. But the thieves aren’t finished yet. They go on to sell all of those stolen card credentials on the Dark Web. They package thousands of stolen cards into bundles and sell them to an assortment of criminals and Dark Web bottom-dwellers.
But haven’t modernized chip and pin cards put an end to card skimming? Not really. Old fashioned magnetic stripe cards have always been easy to skim and clone. And most modern chip card readers in the U.S. continue to support mag stripe cards so we are left with a self-perpetuating system of fraud that exists so long as consumers aren’t incentivized to update their card technology and retailers and banks aren’t incentivized to update their card reader technology. And on top of all of that, card shimmers have emerged.
A shimmer is simply a duplicate chip reader hidden inside a card reader that can capture data stored on the microchips stored in any EMV-compliant credit or debit cards. So the old guard of pitifully secured mag stripe card readers are slowly being replaced by the new guard of advanced EMV chip cards and readers that have already been hacked by advanced shimmers. There’s not too much good news to go around except that companies like ours are working with law enforcement on a detection solution and should have something to bring to market in 2024. In the meantime, keep a watchful eye on both your surroundings and the ATM or fuel pump right in front of you next time you are getting cash or paying at the pump. It could save you a major headache and lots of money.
This blog originally appeared in The Beverly Hills Times Magazine.