Hacker in convenience installs a cc skimmer in 3 seconds

Do most of you pay in the convenience store because you think its safer than at the pump? I do. Feeling that the clerks are right there watching the cc scanners.


This guy had a custom made skimmer that fit *perfectly *over that scanner model. Thats why it could be installed in 3 seconds. Who the hell is manufacturing these skimmers and why isn’t the DOJ going after them? Isn’t it a crime to make a product designed solely for this purpose? I’d love to hear a reasonable purpose for manufacturing & selling custom built cc skimmers other than stealing…

It’s time to seriously consider using cash for purchases under $50. It’s not worth exposing a debit or cc card for a $33.25 purchase of gas. I’ve always paid cash for purchases under $25 (I keep $30 in my billfold) but will start carrying $60.

Magstripe skimmer. Thar’s why everyone is switching to EMV chips: it’s more secure. (Not that it can’t be cracked; nothing is impregnable. But it requires more than fifty bucks worth of parts to do it.)

Not a hacker. Just the hardware equivalent of a script kiddie.

& the next customer uses their MasterCard from Bank A, while the customer after that uses their Visa from Bank B. It’s going to take some time to zero in on this being the common denominator / offending site, & then even longer to sift through hours (days?) of video to find when it happens. Unless the guy is a total idiot, he’s at least three states away by the time they find this needle-in-a-haystack video & even then they still haven’t identified the guy.
Still, pinching this guy is like getting the street-level drug dealer, not the kingpin in Mexico or Columbia or wherever.

I am not a criminal, but if I was, this seems like a relatively low-risk crime to me.

I don’t. It seems pointless. This is the first I’ve heard of the practice.

You can make it at home.

No, it’s not. Just don’t use a debit card; they’ve never been a good idea. Have two CCs in case there’s a problem with the first. The risk is a 1-minute phone call.

Yes, it is worth it. Cash, IMHO, is a major pain in the ass. I don’t use my debit card for anything except cash, and I don’t get my cash from anywhere except from the ATM physically located at my bank branch (once every few weeks); anyone trying to put a skimmer on one of those is going to recorded from about five different camera angles.

Compared to cash, credit cards are amazingly convenient. Cash? You’ll walk inside to pre-pay, then realize you forgot what pump number you’re on. So you walk back outside, get the number, then go back inside and get in line behind four other cash customers, three of whom take their sweet-ass time trying to figure out which scratch-off lottery tickets and cigarettes they want to buy. Then you lay down $40 and ask them to kindly activate pump #5. Then you walk back outside and pour fuel, but you find that your tank’s full up at just $33.25. So you go back inside, get in line behind another three lottery-playing putzes, and pick up your change. Then you walk back out and get on your way.

With a credit card, I can be done fueling up before you finish prepaying with cash.

Risk? What risk? For credit card, you are legally liable for only the first $50 of fraudulent transactions after you become aware that your card has been compromised.[sup]*[/sup] HOWEVER:

  1. Credit card issuers have become pretty good at spotting fraudulent activity. My wife and I have each had an AmEx card defrauded, and in both cases AmEx spotted the problem and alerted us before we were aware of anything. In both cases we weren’t liable for any of the fraudulent charges.

  2. Even though you’re legally liable for the first $50 in fraudulent charges, your continued credit card activity is worth a lot more than that to the bank. If you threaten to cancel the card, they will happily eat that $50 on your behalf in exchange for your continued patronage.

The risks associated with carrying enough cash to make a cash-based life relatively convenient are greater than the risks associated with using a credit card for as many of your purchases as possible.
[sup]*[/sup] Similar liability-limiting rules apply to debit cards if you report fraud promptly, but the risk there is that it might take precious time to get your money back; contrast this with the credit card bank, where the loss/recovery is theirs to deal with.

cc Cards are a part of daily life. Just like checks used to be. Hopefully the newer cc’s security measures will be better and more effective.

I’ve always used cash for small purchases. My parents taught me not to write small checks as a teenager. It was a money management lesson. Small purchases are often impulse purchases. Snacks, a comic book, magazine or something similar as a teenager. I learned to budget the cash I spent and used the checks for important stuff. like my first guitar. I saved enough money to buy it from mowing yards one summer.

now I use a cc the same way. Cash for purchases under $30. It’s just a general rule. I keep it real. If I need to pick up $12 of groceries then I’m getting those groceries. Preferably with cash but I’ll use my cc otherwise. I carry a cc and use it when required.

I don’t do it every time, but when the card reader looks sketchy to me, I jiggle it to see it it’ll come off before I use it.

All of my credit cards have chips, and all of the local grocery stores have readers that accept chip cards.

But my local Vons (Safeway) and Sprouts both have the chip reader slots covered with tape. I don’t know why; i guess i should ask. It’s annoying that they have the new, more secure system right there, but aren’t using it.

The chips are annoying. It takes longer to process a sale with the chip reader and I have to leave the card in the reader for a period of time. I’d prefer no chips.

:dubious: So you’ll pay cash for $12 worth of groceries that definitely is not an impulse purchase, because of some long-standing dogma that says small purchases are probably impulse purchases and therefore you must (when possible) pay for them with cash?

Not with any great speed. Out of the five credit/debit cards I had before the “change”, exactly zero of them have been re-issued with chips. But the two times I had fraudulent activity on a card, the bank had to eat it so I guess they can eat it next time as well until they decide that a more secure card is in their best interest.

First your chain has to install the terminals on every cash register in every one of their stores across the US. Once they get all of them done, then they activate the new software to use the chip reader. Your store got its terminals early in the flow and now is just waiting for the rest of the stores to get theirs.

I’d be interested in seeing some sort of evidence that every store has to have the hardware and the software before the system can work, for two reasons:

First, both the Vons and the Sprouts locations that i’m talking about did, in fact, have their chip readers working for a while. I used them. Then they covered them up.

Second, this article about the slow rollout of chip readers suggests that it is not necessary for all stores in a chain to begin accepting them at the same time.

That story does talk about some of the overall difficulties of implementing the new system, but nowhere does it say that a particular chain (Safeway, or whatever) can only begin accepting the chip cards once every store has been updated with both the hardware and the software.

Depends entirely on how flexible each chain’s POS systems are.

Some are much more modular than others. Some companies that have grown through M&A may have several different systems in different regions or even in the same region. Other chains with more organic growth may be much more homogenous.

In any case, starting October 2015 the merchant is liable for all charges on any fake swipe cards they take. So they’re certainly incentivized to get the chip readers operating as soon as it’s technologically feasible for them.

I don’t put much thought into it. :slight_smile:

Small dollar purchases are cash and larger ones go on the cc. Done it for my entire adult life and its just automatic. I get money from the ATM every Friday and try to make it last through the week. It’s a simple way to budget my petty cash expenditures. Its always worked for me.

Other people may only use a CC and track their charges by logging into their bank online. Theres probably other ways too. Use whatever method that works best…

Actually, it’s the least-compliant party that is on the hook for fraud losses now.

Last year, the excitement in my industry was that fraud liability was shifting away from us. Historically, the card issuing banks ate almost all fraud losses as a cost of business, but the new EMV cards are letting the banks shift liability to someone else. Usually, but not always, that someone else is the merchant.

At the moment, my main ATM card is an old magstripe, which means my bank is the least-compliant party if there’s a fraudulent use of it (or the account number) at an EMV-enabled POS terminal. If there was fraudulent use of a non-EMV card at a non-EMV terminal or an EMV terminal that’s not enabled for EMV use, that would mean that the issuing bank and the merchant were non-compliant, but it would go to the old way of the bank taking the loss.

Generally, the only scenario where the merchant is liable is if a counterfeit card is used at a terminal not enabled for EMV, such as the ones at the grocery store where the EMV slot is covered.

I’m sure that’s true.

The same Vons store that i mentioned seems to run on computers from 1993.

When i was in the store the other day, the electricity went out, just for about ten seconds or so, while i was shopping. I knew, as soon as it happened, that the POS system would need to start up again. What i didn’t expect was that it would take a full twenty minutes.

I stood behind one of the cashiers and watched his screen. It took a full ten minutes to get through the OS startup, and then, once the POS touchscreen GUI began to load, it took almost ten minutes more for it to be up and running.

That page says the $50 liability limit applies only if the physical card is lost. The cardholder has zero liability if the number is compromised (skimmer, payment processor data breach, etc):