Card-skimming scheme can be avoided, Calgary experts say
by The Calgary Eyeopener (feat. Tom Keenan)
August 19, 2016
Jeremy Ensign was almost a victim of a card-skimming scheme at a Husky gas station in the southeast — until he saw the little device fall off when he went to pay at the pump.
But experts say there are simple ways to make sure you also don't lose your valuable card information when you pay at ATMs.
The CBC's David Gray spoke with Tom Keenan, author of Technocreep and professor at the University of Calgary.
Q: [This case was] no surprise to you?
Not at all. People buy these things, you don't have to be very smart. You just sneak in there and put it on the ATM machine at the pump.
Q: How can we protect ourselves from skimmers?
First, look at the device if it wiggles or comes off or looks like it shouldn't be there. Unfortunately, it's getting worse because they now are making them so skinny that they fit inside.
Everybody thinks chip and pin is going to solve the problem. But [hackers] found out if they open the device and put in a little gizmo that they made for $50-60 dollars ... called a "shimmer."
Q: A "shimmer" will defeat your chip card?
It's an active device that actually does this attack on the chip card and then it can send [information] off on the Internet. So now they're getting smart [by sending information] to a central location.
Q: Can I use "tap" safely?
"Tapping" is OK because there's a limit on the amount.
Typically, if it's at a gas station [the scammers] will pick the farthest pump from the attendant because they don't want to be seen when they're doing this. Try to pick one that's in plain view. Be very suspicious of anything and never enter your pin number twice. Because often that's what some of these devices do. If you see "please re-enter your pin number;" walk away.
Q: Are you surprised we are still using magnetic stripe?
It's totally hack-able. We've got to get rid of those darn stripes. I predict we will be rid of them soon.
Q: How do we protect ourselves from thieves?
If you are an innocent victim, the banks will fix it. You should be suitably paranoid. Check your credit card bills for small charges that come up every month. People should keep their cards in RFID (Radio Frequency Identification) sleeves.