While many aspects of retail have shifted to using chip card readers, one major segment hasn't been forced to upgrade yet. Gas stations got a reprieve because it's not easy—or cheap—to add chip readers to gas pumps.
How expensive is it? Convenience Store News reports that it can run upwards of $25,000 to convert all of the pumps at a gas station. And it's not a matter of just swapping out a swipe card terminal to a chip card terminal. The terminals are tied to the gas pumps, and their payment cables are often buried in concrete underneath the pump. This means that owners may have to rip up the concrete or even replace pumps in order to get the technology required for EMV chips.
Although you might start seeing EMV technology at the pump, as some large retailers have started converting to chip readers, most pumps are still using swipe card technology, which means they're more vulnerable to skimming attacks.
In fact, the Secret Service noted in an NBC report that the agency finds 20 to 30 skimmers a week, and each skimmer they find is packed with credit card data from around 80 people.
Now law enforcement agencies have access to a new app that can help them easily search for skimmers on gas station pumps. Called Bluetana, the app was developed by computer scientists from the University of California San Diego and the University of Illinois with technical input from the Secret Service, and it detects skimmers that contain Bluetooth technology.
As technology has developed, thieves have also upgraded their skimmers and have figured out easier ways to steal information. By adding Bluetooth technology, they can sit in a nearby car, remotely connect with the skimmer and pull the data from it. Since they don't have to manually go and get the skimmer, it helps prevent suspicion about their activity.
"All criminals have to do is download the data from the comfort of their vehicle," said Nishant Bhaskar, a Ph.D. student in computer science at the University of California San Diego, in a statement. Bhaskar was the first author on the study about the team's findings.
Bluetana looks for the "Bluetooth signature" of skimmers through an algorithm the research team developed based on a study of Bluetooth device scans. The algorithm helps ferret out other types of legitimate devices that utilize Bluetooth, like speed limit signs or other types of sensors found in gas stations. Bluetana can find a skimmer in about three seconds, versus 30 or so minutes that an inspector needs to manually find a skimmer.
"Bluetana extracts more meaningful data from the Bluetooth protocol, such as signal strength, than existing skimmer detection applications. In a few cases, our app was able to find devices missed by visual inspection," said Maxwell Bland, a Ph.D. student in computer science at UC San Diego and study coauthor, in a statement.
In the study about the app, the researchers noted that they obtained scans from 1,185 gas stations in six states. The app detected 64 skimmers in those scans.
The study noted that Bluetana cuts back on thieves' daily revenue. The researchers estimated that criminals can make anywhere from $4,253 to $63,638 per day from a skimmer on a gas pump, which isn't a bad return on a $20 to $25 investment in creating a skimming device.
Unfortunately for the average consumer, Bluetana is only available to law enforcement officials and inspection agencies, but it doesn't hurt to ask your local officials to look into the app. If you're still concerned, there are other skimming apps currently available in app stores, but the Bluetana team says those may generate false positives from things like smart watches or other customers' phones, so be warned: Your mileage may vary.
