Police Warn of Credit Card Skimming and Other Tech-Based Crimes
By Richard Kaufman
While traditional crimes like burglaries, robberies and drug-dealing have typically remained the same over the past two decades, financial and cyber crimes have evolved dramatically.
“There hasn’t been any other crime that has developed as rapidly or branched out, in my opinion,” said Greenwich Police Det. Mark Solomon. “Financial and cyber [crimes] have just exploded.”
Solomon has been a part of the Connecticut Financial Crimes Task Force for the past eight years, which focuses on combating large-scale financial and cyber criminal activity. The task force is run by the Secret Service and is based out of New Haven.
As technology increases, criminals are always looking to stay one step ahead of law enforcement. “It’s a cat and mouse game,” Solomon said.
Solomon pointed out some everyday locations and methods criminals are using that could affect your finances and bank account, and the precautionary steps people can take in order to keep their finances safe.
Gas pump skimming, a West Coast fad which was big four or five years ago, has now moved East as security measures have tightened up.
On the dark net, criminals are able to purchase the generic keys some gas stations use to open up their pumps, and they insert a three-inch device—an “internal skimming device”—into the pump to extract information. According to Solomon, the installation process takes just 45 seconds.
Most of these devices are bluetooth enabled. Those who install them can simply drive by the gas station and connect their laptop to the device to extract magnetic stripe card data from customers who have used the compromised pump.
“We’ve had multiple incidents in Greenwich. Since 2016 we’ve had over 30 incidents that we’re aware of in the state of Connecticut,” Solomon said.
There are a few preventative measures gas stations can take in order to safeguard against pump skimming. Along with more pump inspections and the elimination of generic key usage, Solomon said every gas station should use security seals in order to show whether or not a pump has been broken into.
While this isn’t a rampant problem, Solomon said it’s important to be aware that it does happen. “If you have a good procedure in place, if you go to the gas pump and you look for an intact seal, you can feel very confident that gas pump is ok,” he said.
Point-of-sale-skimming occurs at stores or businesses where cards are swiped on a machine. Solomon noted this form of fraud is rarer, and that retailers are aware of how to combat it.
Criminals use replica machine overlays, often made on 3D printers, which are placed over the real machines and secured by tape. Customers unknowingly swipe their cards and punch their pin numbers into counterfeit pin pads, which retain mag-stripe and pin data the criminals can use to create counterfeit cards.
There have also been counterfeit overlays for cards that use the new chip technology.
The counterfeit machine forces the chip-card deeper in order to capture mag-stripe data. “As long as that mag-stripe stays on the back of your chip card, the bad guys are going to focus on the mag-stripe and then they’ll just have to use it at a non-chip location,” Solomon said, pointing out that the chip is encrypted and secure.
ATM skimming is another form of fraud that Solomon said exists. A skimming device that can match the make and model of the ATM is placed over the card slot using tape. A micro video camera is also sometimes installed on or near the ATM, trained on the pin pad.
“Anywhere you can stick a card and put your pin number in, they’ll put these devices up,” Solomon said, noting that there’s been an increase in criminal activity on privately owned ATM’s at convenience stores because there is less security and little inspection.
These devices are usually in place only between one and 36 hours, because banks inspect their ATM’s often. In bank-lobby ATM’s, criminals can sometimes capture mag-stripe data from the door-entry device. A camera is then placed on something like a smoke detector, which looks down at the pin pad.
As banks grow more aware of ATM skimming on the card slot, criminals have come up with internal skimmers that are not visible from the outside. “In the past year, we’re starting to see them here in Connecticut, New England, throughout the U.S.,” said Solomon.
People are urged to cover the pin pad while punching in their pin number in order to keep it secure. Solomon also said that people should jiggle the card slot to see if it moves. Sometimes the tape on the skimmer has lost its stickiness, which has even caused the skimmer to fall off into the customer’s hands. A different card should also be used to gain entry into lobby ATM’s.
“If you go to an ATM machine and you pull on the card slot and you cover your pin and inspect the machine first, there’s a 99 percent chance there’s probably not a skimmer on it,” Solomon said. “I use an ATM almost every single day. I think it’s just having an awareness.”
Solomon said police are able to catch these criminals during the cash-out phase. The criminals usually like to withdraw money in the late evening to early morning hours, since the maximum withdrawing limit usually resets after midnight. They’ll withdraw money just before midnight, and then withdraw the same amount after midnight from the same account.
Solomon also said that if you see someone using multiple cards at an ATM without leaving the lobby, to call authorities or alert the bank.
In Europe, criminals are injecting malware through thumb drives into ATM’s, which are computers in their simplest form. The malware can cause the machine to dispense cash during certain time periods before it resets. Criminals can just stand by, collect the cash, and move on to another ATM.
As the U.S. becomes more and more chip compliant, Solomon said the task force is looking at Europe and Canada, which are more advanced than the U.S. in these matters, to prepare for the next generation of fraud tactics. The U.S. mostly relies on the mag-stripe, which Solomon said is outdated 1970’s technology.
“We have a crystal ball. We know exactly what’s going to happen. It’s not a guess. Certain countries are 10 years [ahead]. A lot of them are chip-only countries now, so they’ve eliminated the mag-stripe. I suspect it’s going to be five to eight years here for us to convert and be almost chip compliant.”
Solomon said that because of the chip, there’s going to be a huge transition from card-present to card-not-present fraud. While the chip is one of the best technologies out there, it’s still not perfect.
“Once the chip is fully here in the United States and we’re mostly converted, it will be much more difficult to do card-present fraud, so they’re going to go to telephone and internet purchases, where the chip does not solve any problems of that type of fraud.”
While fraud isn’t a debilitating problem in the state or around the country, it does happen and will continue to happen as technology advances. Solomon said people should be aware of the machines they use, and take note if anything stands out.
“Be observant, be cautious. If there’s a machine that you use, look at it, inspect it so you actually become familiar with it, so you know if something’s added to it you pick it up.”
People should also be cognizant of online phishing, malware and ransom-ware scams, which have been prevalent lately. Solomon urges people to backup their files in multiple places.