USA Today has a revealing story on thieves who target gas pumps to surreptitiously gather or "skim" data from credit and debit cards.
The skimmed data are used to create cards used at the victims’ expense, says James Van Dyke, president and founder of Javelin Strategy and Research, a financial consulting firm that focuses on fraud and identity theft. […]
The skimming devices can be installed outside or inside the pump. Thieves glue a plastic sleeve, equipped with covered wires that capture data, over the pump’s card reader or connect the device directly to the reader inside.
The devices are molded and painted to match the machine and are small, making them hard to detect, Van Dyke says.
USA Today lists cases of suspected gas-pump payment skimming in California, Pennsylvania and other states. But this type of theft has been occurring for years.
In 2000, Time magazine reported on a new type of credit-card scam: skimming. The head of the Secret Service financial-crimes division told the magazine, "Skimming is the biggest problem in bank fraud today." Skimming has occurred at ATMs in the US and abroad.
And just last year, New York prosecutors charged 13 people with harvesting data from credit cards using skimmers. “[Waiters and waitresses] used small hand-held devices, about the size of a cigarette package that could be kept in a pocket, to record information encoded in the magnetic strips of credit cards.”
It isn’t hard to find the technology for credit- or debit-card skimming. Card readers are readily available from stores for a few hundred dollars. In fact, bars and clubs have used off-the-shelf card readers to gather data from customers’ driver’s licenses or ID cards. (The security and privacy problems behind that practice are numerous. For example, most of the time, customers have no idea that their data may be downloaded, retained, and later used for marketing or other purposes.)