Shopping Cart 0 items
log in register
Today's Deals Forum Desktop Site
All Categories
Featured
Brands
Development
Sensors
Tools
Miscellaneous
Components
E-Textiles
Robotics
Wireless & IoT
Audio

Gas Pump Skimmers

Pages
Contributors: Nate
Favorited Favorite 20

How a Gas Pump Skimmer Works

External gas pump

Front of a US Fuel Pump complete with extremely difficult to source security seal

Essentially, the perpetrator opens a pump using one of a few master keys, unplugs the credit card reader from the main pump controller, plugs the card reader into the skimmer and plugs the skimmer back into the pump controller. This reportedly takes less than 30 seconds.

A skimmer is basically a man in the middle attack. The skimmer listens for all the serial traffic from the credit card reader (clear text at 9600bps) records it to an external piece of memory (flash in this case) and then passes that same serial traffic onto the pump controller. When you use one of these modified pumps the pump controller charges your card and you’re none the wiser, but your credit card details are stored in memory.

alt text

Hours or days later, the perpetrator returns to the gas station and connects over Bluetooth to the compromised pump. Once connected the skimmer sends the contents of the EEPROM (all the recent credit card numbers) over the air to the perpetrators cell phone or laptop where it’s logged.

View as a single page Next Page →
Skimmer Design
← Previous Page
Introduction