by Ann Fowler
As we head into the shopping frenzy leading up to Christmas, authorities warn shoppers to be wary of credit card skimming at retail stores, restaurants and especially at gas stations.
Thieves have been adding devices to ATMs and gas pumps to “skim” the data from credit card magnetic strips to create and use counterfeit cards. Miniature cameras can also be used to view the keypad information.
As credit card fraud has spiraled out of control, banks are fighting back by making “smart” credit cards with data stored on integrated circuits rather than magnetic strips. These EMV cards (which stands for Europay, MasterCard and Visa) are designed to make purchases more secure. (Many of these new cards also have the magnetic strips to make them backward compatible.)
A chip card is inserted at the front of a terminal; customers need to wait a few seconds before removing the card.
A “liability shift” occurred on October 1 that requires most businesses to have the new EMV readers. Businesses without these new readers—often smaller businesses —will be liable for any fraud that occurs, despite a customer’s use of the new chip card. Before October 1 that liability belonged to the card issuer.
An exception currently exists for gas stations, which have until 2017 to switch to the new technology, because their upgrades are more complicated. The cost of fuel-related fraud is not insignificant—in 2013, gas stations lost $250 million while card issuers lost $500 million.
According to the 2015 NACS Consumer Fuels Survey, 78 percent of consumers pay at the pump—which translates to as many as 30 million transactions every day. That provides a lot of opportunities for thieves.
Oak Hill resident Deb Erlanson was one of those victims. She said a recent letter from Valero, advising her that she was nearing her limit, alerted her to the fraud. Her son Jake’s card had been used in California—even though neither he nor his gas card ever left central Texas.
Skimmers used on ATM machines are put over the card and keypad mechanisms. While these devices can be used at gas pumps, the skimmer of choice at gas stations is often one that is put inside the pump itself—out of view of the consumer.
Erlanson lives outside the city limits, so law enforcement from Travis County was involved. She said, “The Sheriff said the special theft machine stays put for an entire day to collect hundreds (maybe more) of people’s credit cards in that machine, then they go somewhere else and start using the people’s credit data until it maxes out. The Sheriff said it’s possible Jake’s card data was stolen way back at the beginning of the year for all we know, and the thieves were just now getting to it.”
It took Erlanson about a month to get her account straightened out. She filed an affidavit with Valero and spoke with law enforcement in California and Texas. Ultimately Valero credited her account for the fraudulent charges made in California.
Erlanson said, “It’s unfortunate the innocent and unsuspecting cardholder ends up bearing the burden of fixing a theft problem.” She advises people in this predicament to be patient and take notes as you talk to each person.
Police officials told Erlanson the only way to avoid credit card skimming is to pay cash. But that may not be practical for those who don’t have the time to go inside the gas station and stand in line to pay for gas.
Erlanson said her family is more cautious now when they pay at the pump. She said, “We look at the card slider now; I even hold it and push side to side to see if anything moves. The deputy sheriff said it is hard to detect thieves’ skimmer equipment as it has gotten more sophisticated.”
Some tips to avoid being skimmed at a gas station include:
Look for anti-tamper stickers on the edges of the gas pump mechanism. Many stations use them now to alert employees if a gas pump has been opened. If the seal says ‘void,’ someone has tampered with it.
- Look for external skimmers—devices placed over the credit card slot. Usually one pump is targeted and would look slightly different than the others. Skimmers are designed to pull off easily, so push on the mechanism to see if it is secure.
- Cover the keypad as you enter secure information. Cameras or thieves may be watching to steal your information. And with sophisticated heat sensitive devices, run your fingers over all of the keys after your transaction is concluded. That way these devices cannot determine which numbers you used.
JPMorgan Chase has tips for holiday shopping security
Rebecca Acevedo of JPMorgan Chase Bank told the Gazette the holiday season is a particularly vulnerable time for consumers in terms of credit card fraud. She offers these tips to consumers:
- Just say no—as in zero. With ‘zero liability’ protection, if your credit or debit cards are physically stolen or used without your authorization, you may not be liable for any charges.
- Stay alert. Sign up for account alerts. Chase uses specialized fraud monitoring tools and will text or email cardholders to alert them to unusual card activity.
- Fast action. If fraud is suspected or your card is stolen, a good provider will ship a new card to you immediately—even if you’re traveling abroad.
“By working hand-in-hand with your bank or credit card company, you can reduce the chance of being victimized during the holiday shopping frenzy—and less impacted should a breach occur,” said Pam Codispoti, president of Chase Consumer Branded Cards. “Using the right technologies and techniques can keep your cards—and your reputation—‘secure.”
Codispoti offers some tips, whether shopping in-store or online.
- Shop at well-respected and trusted retailers online. Only shop sites that are secure and begin with https as opposed to http—and don’t click on any links you don’t recognize.
- Be careful making purchases with public Wi-Fi, as many public networking technologies are not protected with encryption.
- Print out the confirmation page and/or retain the confirmation email after making an online purchase.
- Use your chip-enabled EMV card wherever available.
- Make sure your contact information is up to date with your credit card company. This will ensure your card provider is able to reach you in the case of suspected fraud or other emergency.
- Strengthen your password using numbers, letters and symbols. If you choose something simple or personal—like birth dates or your kids’ names—savvy hackers may be able to break the code by reading your profile on social media.
- Sign up for account alerts—your bank will notify you of any suspicious activity with your account.
- Don’t give your credit card information away via email or phone, as phishing activity is rampant during the holidays.
- Switch to secure online or mobile payments to help protect your account information. Online payments add layers of security to your transaction and can help ensure you never miss a payment. Check your bank’s mobile app for real-time updates on your purchases.