How to protect credit card at gas station pumps

Search
Go

Discussion Topic

Return to Forum List
Post a Reply
Messages 1 - 42 of total 42 in this topic
NutAgain!

Trad climber
South Pasadena, CA
Topic Author's Original Post - Oct 3, 2017 - 10:46pm PT
Summary warning signs:
1. Look for a broken sticker/seal on the pump that indicates it may have been tampered with.
2. If you have a smartphone, turn on Bluetooth and look for connections near the pumps with the ID "HC-05". This is a tell-tale sign (but probably not the only one) of a skimmer device designed to steal credit card numbers

Good reading here for those technically inclined.
https://learn.sparkfun.com/tutorials/gas-pump-skimmers

Note this is an easy attack a hacker can do in 30 seconds to compromise a gas pump. They basically open the pump case and put a device in-line with the credit card reader (nothing externally visible), and then later come back to harvest all the credit card numbers over a bluetooth connection.

L

climber
Tiptoeing through the chilly waters of life
Oct 4, 2017 - 02:59pm PT
Oh god...do I have to do this sort of stuff?

I have enough trouble just pumping gas.




















Norton

climber
The Wastelands
Oct 4, 2017 - 03:09pm PT
wow, good advice, NutAgain
Reilly

Mountain climber
The Other Monrovia- CA
Oct 4, 2017 - 03:16pm PT
How do you open the pump case without a key and do all that in 30 seconds?

Paying with cash is the safest but, of course, the gubmint wants to do away with cash. They've already started to in Europe.
Jim Brennan

Trad climber
Oct 4, 2017 - 03:29pm PT
No, Gubmints don't want to do away with cash. Gubmints want to do away with taxpayers with cash in the marketplace.

Oh man, I'd like a cigarette after how free I feel after this post...
clinker

Trad climber
Santa Cruz, California
Oct 4, 2017 - 03:33pm PT
How do you open the pump case without a key and do all that in 30 seconds?

Ethan Hunt





TFPU Nut
NutAgain!

Trad climber
South Pasadena, CA
Topic Author's Reply - Oct 4, 2017 - 04:09pm PT
Last month I had an unauthorized charge for over $2000 on my credit card to some vendor I never heard of. It's war out there!

https://www.google.com/search?q=gas+pump+credit+card+skimmer&source=lnms&tbm=isch

http://abc13.com/tag/skimming/

phylp

Trad climber
Upland, CA
Oct 4, 2017 - 04:23pm PT
I think one of the easiest things to do is to have one credit card with a low limit that you only use in "suspect" places - new to you internet sites, smaller restaurants, and gas stations in general.
And keep your "main" credit card for exclusive use for your reoccurring monthly charges and trusted vendors. And yes, my credit cards are stored in a RFID blocking sleeve.
T Hocking

Trad climber
Redding, Ca
Oct 4, 2017 - 04:33pm PT
^^^
Yup, both the wife and I have been bit by these crooks.
Maybe it's time to take all our $$$ outta the bank, bury it somewhere in the yard and only do cash transactions for everything.:(

Dingus Milktoast

Trad climber
Minister of Moderation, Fatcrackistan
Oct 4, 2017 - 05:36pm PT
Maybe its time we voted with our feet AND at the ballot box and elect some sonsofbitches that will secure the electronic marketplace for safe commerce. You know, instead of bullet trains, water theft, wars and petty goddamn partisan bullshit squabbles.

Now how about that? The US Congress, of either party, has done nothing to fix this. Nothing!

For starters? Double authitentication for ALL electronic payments. No exceptions. And hard jail time for the c-level execs that allow the theft of personal data. Instead of the ridiculous task of trying to recognize skimmers at the pump. You can't so forget about it. The problem lies with VISA, Mastercard , Amex, et al. Regulate them and enforce it. The EU did it years Go and your representatives in the US haven't done sh#t.

DMT
Jim Brennan

Trad climber
Oct 4, 2017 - 05:57pm PT
But Dingus, If you impose political scrutiny on legal loan sharks, it will take more than 25,000 points at $ 100.00 borrowed for every point, to earn that free toaster and celebrate as a member of the credit community.
T Hocking

Trad climber
Redding, Ca
Oct 4, 2017 - 06:03pm PT
elect some sonsofbitches that will secure the electronic marketplace for safe commerce. You know, instead of bullet trains, water theft, wars and petty goddamn partisan bullshit squabbles.

Sounds good to me,
want the gig DMT?
I'd vote for ya. :)
rottingjohnny

Sport climber
Sands Motel , Las Vegas
Oct 4, 2017 - 06:47pm PT
Senator Milktoast from California...Nice ring to it...
thebravecowboy

climber
The Good Places
Oct 4, 2017 - 06:57pm PT
pay cash. after robbing bank
clinker

Trad climber
Santa Cruz, California
Oct 4, 2017 - 07:02pm PT

Governor DMT

I'll vote.
another nickname

Social climber
Yazoo Ms
Oct 4, 2017 - 07:30pm PT
It all gets back to the conspiracy regarding Lyme disease!
kunlun_shan

Mountain climber
SF, CA
Oct 4, 2017 - 08:28pm PT
Unfortunately, Bluetooth is just one of many methods used to transmit data from skimmers. Text messaging, infrared, connections using transfer rods.....

Covering your hand when you input your PIN can protect it, as long as the keypad doesn't have an "overlay".

Brian Krebs has lots of details on these methods:

https://krebsonsecurity.com/?s=skimmer&x=6&y=12

https://krebsonsecurity.com/page/2/?s=skimmer&x=6&y=12

VVVV JIm has a great solution! Just make sure you get your cash from a teller or from a safe ATM in a bank.... and thebravecowboy is ahead of us all when it comes to personal security.
Jim Brennan

Trad climber
Oct 4, 2017 - 08:32pm PT
Pay cash money for everything.
zBrown

Ice climber
Oct 4, 2017 - 08:47pm PT
I don't even pay for gas. I just display my piece and say, politely, this is on the house right?

Or sometimes

Esto es libremente correcto
Tami

Social climber
Canada
Oct 4, 2017 - 09:33pm PT
PREZIDENTE DING DING !!!!

I can't vote fer ya but I'll help you with yer cam pain slogans.


DING DING DING VOTe VOTE VOTE !!!


GOT Milk ? Got TOAST !? YER TOAST ! MILKTOAST FER PREZ !
Dingus Milktoast

Trad climber
Minister of Moderation, Fatcrackistan
Oct 4, 2017 - 09:38pm PT
Tami you can be my White House Toastperson!

We'll start a new party, a 3rd party, a WILD party!

DMT
zBrown

Ice climber
Oct 4, 2017 - 09:52pm PT
If everybody was packin' when entering into a commercial transaction then there would be a lot more money going 'round to enable further gun purchases

crusher

climber
Santa Monica, CA
Oct 4, 2017 - 10:46pm PT
I use the charge cards for the particular gas station ( I.e. Chevron and 76 cards) - they don't have high limits and if frauded don't foul up my regular credit cards.
T Hocking

Trad climber
Redding, Ca
Oct 4, 2017 - 11:30pm PT
We'll start a new party, a 3rd party, a WILD party!

DMT IN 2020

DMT IN 2020
DMT IN 2020
Credit: T Hocking



Jon Beck

Trad climber
Oceanside
Oct 5, 2017 - 01:23am PT
You are never liable for fraudulent charges on a credit card, ever. So I fail to see what politicians and bullet trains have to do with this discussion. Debit cards do not have as much protection, although some banks do extend protection to them. I use a credit card that emails me every time I use my card, so I know what is going on real time.

For online transactions I use Paypal (tied to my credit card) when available because the seller does not get your card number.

10b4me

Mountain climber
Retired
Oct 5, 2017 - 06:53am PT
Pay cash money for everything.

I only pay cash for gasoline.
Dingus Milktoast

Trad climber
Minister of Moderation, Fatcrackistan
Oct 5, 2017 - 07:18am PT
So I fail to see what politicians and bullet trains have to do with this discussion.

Useless train-to-no-where idiot bullshit instead of mnadatory, national infrastructure, critical to commerce, instead of stroking one aging politicians massive ego.

Now how about that Beck. Wouldn't that be something, a government, for f*#ks sake that secures safe commerce. I think that is in the constitution somewhere innit? Dun see no goddamn bullet trains in there.

Commerce Clause coupled with the Necessary and Proper Clause. Read up on them and get back to me on that bullet train to no where.

DMT
Jon Beck

Trad climber
Oceanside
Oct 5, 2017 - 07:46am PT
Dingus, are you suggesting the bullet train is unconstitutional, I am confused. I did survive Con Law and other than tossing around some phrases, your comments are impossible to understand.

We all know you hate the bullet train, and like to raise it but it is irrelevant to this issue. The state's should not be the regulator of credit reporting and security, the Federal government does have the authority under the Commerce clause to mandate better security. As it is credit card companies make so much money off CC transactions that they absorb the losses. The market is working without regulation.
Dingus Milktoast

Trad climber
Minister of Moderation, Fatcrackistan
Oct 5, 2017 - 07:49am PT
The market is working eh?

Target breach.
Neiman Macrus.
etc etc etc etc etc
Equifax.
Anthem.

The list goes on and on.

Fuel companies not installing chip readers because they are too expensive.

Man that's some working!

Meanwhile its time the Fed stepped in and seized control of digital commerce standards away from the credit card companies. We don't allow airlines to regulate themselves anymore, why should we continue to allow these lenders to run amok?

We should not. And the market is definitely not working. Wake up.

DMT
zBrown

Ice climber
Oct 5, 2017 - 08:08am PT
You are never liable for fraudulent charges on a credit card, ever.

This raises the interesting question of what happens when charges are made on your credit card (by you) due to fraudulent misreprentation.

Don't forget that charges must be disputed timely.

When does the clock start tolling?

Do you have to "sue the bastards"? Probably so.

And what about all the clauses in those tiny little prints that accompany every statement which you may or not read or even receive that say you waive your right to sue an must accept (loaded in favor of the industry) arbitration; that mere continued utilization of the card implies your acceptance.

Is the consumer screwed in all this?

Why yes.
Dingus Milktoast

Trad climber
Minister of Moderation, Fatcrackistan
Oct 5, 2017 - 08:13am PT
More Winning over here Beck!

Research Results: Exploring the Financial Impact of Fraud in a Digital World
Evaluating all the financial impacts of fraud can be complex, but one overall trend emerges: fraud threats are on the rise despite increased spending by merchants.
“Exploring the Financial Impact of Fraud in a Digital World,” an annual survey from Javelin, commissioned by Vesta, breaks down many measures of how fraud affects merchants—particularly when card-not-present and digital goods transactions are involved. A few key findings from the 2017 report paint a quick picture of the challenges merchants face in mitigating fraud risks:
• Merchants are losing, on average, 8% of their annual revenue to fraud.
• Unauthorized transactions are up 33%—representing nearly half of merchants’ average fraud losses.
• Merchants are spending over 20% of their operating budgets on fighting fraud.

If you knew the truth you'd never use credit cards again.

DMT
i'm gumby dammit

Sport climber
da ow
Oct 5, 2017 - 08:18am PT
^^Got a link for that. Without context it means nothing
k-man

Gym climber
SCruz
Oct 5, 2017 - 08:22am PT
Merchants are spending over 20% of their operating budgets on fighting fraud.

Usually we don't think about the merchant getting dinged. There's the concept of 'card in hand.' If you buy groceries and use a CC, and the cashier can verify the card holder, then any fraud is pushed back to the CC company. However, if you purchase something where the merchant can't verify the card holder, such as an online txn, then the merchant must pay if it's fraud.
Jon Beck

Trad climber
Oceanside
Oct 5, 2017 - 08:48am PT
This thread started out as how to protect yourself at the gas pump. Now that we have extended it to merchants (since consumers are not at risk) we will look at merchant protections.

For face to face transactions the merchant can protect themselves:

For the brick-and-mortar merchant, this is a card present (CP) transaction, meaning the cardholder, John Smith, is physically present with the card at the point of purchase. When a consumer makes an in-person transaction with a physical card, the merchant has the ability to not only inspect the card but to ask for identification (such as a driver’s licence) and obtain a signature from the consumer. In addition, merchants require a secure form of payment such as paying with a chip-enabled card. Chip-enabled cards generate unique transaction codes for each purchase, making the payment information much more secure. If the merchant follows proper procedure such as requiring a chip-enabled card for purchase and getting a signature, the merchant does not hold the liability on the transaction. Liability rests with the bank that issued the cardholder’s card, and if the purchase is later deemed to be fraudulent, the merchant is not responsible for refunding the customer. (However, if a merchant does not have a chip-enabled card reader, and accepts the transaction, they are held liable for that purchase, as they did not undertake the proper updated security procedures.)

For online orders (Card Not Present, CNP) it is much riskier for merchants. If a merchant blindly accepts CC orders without some verification then there is great risk of chargebacks. A common way to reduce risk is to only ship to the credit card address. I sell on Ebay and use Paypal, total protection if I can prove I shipped to the address provided through Paypal, I have never lost a dime. You do not have to sell through Ebay to use the Paypal system.

There is definitely room for improvement in digital transactions. With the proliferation of smart phones it would be easy to have a system that uses biometrics or passwords through the cell phone to confirm transactions real time. No additional hardware required at the merchant end, just an internet connection.

Card companies eat a lot of fraud
Ed Hartouni

Trad climber
Livermore, CA
Oct 5, 2017 - 09:00am PT
Useless train-to-no-where idiot bullshit instead of mnadatory, national infrastructure, critical to commerce, instead of stroking one aging politicians massive ego.



I guess it's easy to see the future...

"A vast program thrown together, imperfectly conceived and grossly mismanaged, and in due course becoming a veritable playground for extravagance, waste and corruption..."

WSJ 1958
Dingus Milktoast

Trad climber
Minister of Moderation, Fatcrackistan
Oct 5, 2017 - 11:18am PT
Ed that bridge to no where in the hinterlands north east of Fresno really cemented my opinion on that gerrymandered bullet train. Idiotic. Borrowing billions to pay for a train that will never show a return on investment, even if carbon credits are used. There is no ROI on idiocy and an easily duped public.

For trains to be useful they have to be useful to the people that ride them in mass numbers, not for the re-election purposes of rural bring-home-the-bacon-to-the-district yahoo politicians.

DMT
Dingus Milktoast

Trad climber
Minister of Moderation, Fatcrackistan
Oct 5, 2017 - 11:19am PT
Hey gumby damnit here's the only link I got with the newsletter

http://info.trustvesta.com/research2017?

Have at it :)

DMT
Jon Beck

Trad climber
Oceanside
Oct 5, 2017 - 11:36am PT
Idiotic. Borrowing billions to pay for a train that will never show a return on investment

There are no transit systems in the states that show a return on investment. The NYC subway, generally packed to the gills, only returns 50 cents on every operational dollar, but it supports an economy worth billions.

Air and car travel have massive subsidies that are hidden. Rail subsidies are more visible.

Here is a chart of subsidies for Boston transit.

Boston Transit Subsidies
Boston Transit Subsidies
Credit: Jon Beck
Splater

climber
Grey Matter
Oct 5, 2017 - 11:54am PT
It's not that hard to see that a strong case can be made for urban transit subsidies, used mostly by commuters, and estimates can be made of how much impact is made on time lost due to traffic, lower pollution, land used, smart growth, etc.

No one can make a good case for the bullet train to nowhere.
Dingus Milktoast

Trad climber
Minister of Moderation, Fatcrackistan
Oct 5, 2017 - 01:28pm PT
There are no transit systems in the states that show a return on investment. The NYC subway, generally packed to the gills, only returns 50 cents on every operational dollar, but it supports an economy worth billions.

That's a return on investment, duh.

The California bullet train will have no such effect. It won't even make a dent in the daily Bay Area to LA air travel and certainly will not lead to less cars on the road. No return on investment, much less billions in economy.

DMT

NutAgain!

Trad climber
South Pasadena, CA
Topic Author's Reply - Oct 5, 2017 - 02:01pm PT
Wherever the train stops, real estate speculators will get rich first, and then maybe new economies will arise from these digital watering holes? New suburbs for LA and SF.
Lovegasoline

Trad climber
Brooklyn, NY
Oct 5, 2017 - 06:30pm PT
And what about all the clauses in those tiny little prints that accompany every statement which you may or not read or even receive that say you waive your right to sue an must accept (loaded in favor of the industry) arbitration; that mere continued utilization of the card implies your acceptance.

Is the consumer screwed in all this?

Why yes.

My understanding is that the arbitration clause had been introduced due to developments in court decisions. It's to prevent consumer class action lawsuits from being brought against the corporation/bank. In the past when some bank systematically ripped off a large segment of its customers for some unjustified fee for ex., class action lawsuits have been a method for the victimized consumers to obtain some degree of justice and reimbursement. Maybe a bank was charging an erroneous $1.50 per month fee (which with millions of customers adds up to significant revenue), or erroneously charged many customers $15 extra for this, that, or the other thing. It's not cost effective for an individual to initiate and pursue a lawsuit to the bitter end over such minimal amounts, therefor the class action suit is the favored mechanism.

Corporations and banks want an arbitration clause in their contracts so that consumer class action lawsuits cannot proceed ... to protect against potentially damaging large dollar court judgments in class action court decisions. On the other hand arbitration can benefit an individual consumer who has a dispute with a bank, for example defaulting on her credit card payments. Arbitration can be significantly more expensive than court, and many banks will not pursue an alleged consumer debt even for a balance owed of many thousand dollars, if the consumer has elected to resolve the dispute via arbitration (as is her right in many credit card contracts). The arbitration fees alone can run into the many tens of thousands of dollars and it's the bank who's responsible for those arbitration fees. It's even more cost prohibitive for 'junk debt buyers' (companies who buy a bank's defaulted accounts cheaply for pennies on the dollar intending to profit by collecting the defaulted funds) to arbitrate, and they too are constrained by the terms of the original contract. It's a sword that cuts both ways.

When I was a teenager in the late 1970s gas station credit card scams also occurred. The gas jockey would run two of the triplicate carbon paper receipt forms through the credit card slider (manual device that embossed the credit card's info from the raised lettering on the card via carbon paper onto the receipt forms... credit cards still retain the embossed lettering so as to work with these archaic transaction methods). For ex. one triplicate form would be for the actual amount of gas he pumped, say $10. The other form would be for an inflated amount, say $20. The customer signed the $10 triplicate form and got his receipt. As the customer drove out of the station, the gas jockey would place the $20 form under the $10 form and trace the customer's signature. The $10 receipts went into the trashcan, and the $20 receipts went to the gas station and the bank. The $10 of surplus gas in the pump went into the employee's vehicle. There would be no realistic way to prove the purchase was $10 and not $20. Victims of these sort of scams are often targeted based on behavior and appearances. The shabby customer that rolls up his receipt and tosses it on the floor of his car with all the other trash, could be expected to run a rather sloppy accounting system and either not review his monthly statements, or not have the necessary paperwork as proof if something looked questionable. This likely still occurs today with infinite variations on the theme. It's a good idea to never let one's credit card leave one's sight after handing it over for a purchase. Once it's out of your sight, all sorts of monkey business can happen.
Messages 1 - 42 of total 42 in this topic
Return to Forum List
Post a Reply
 
Our Guidebooks
Check 'em out!
SuperTopo Guidebooks


Try a free sample topo!

 
SuperTopo on the Web

Review Categories
Recent Route Beta
Recent Gear Reviews