Alain Hebert ahebert at
Fri Nov 9 14:29:09 UTC 2018


     Older Pump station installation (and maybe new ones) use RS-232/442 
to communicate in clear text with their controller into the building.

     Easy to tap to skim Track 1/Track2 of the CHD which is good to dups 

     Now to get the physical CVV you need a physical skimmer installed 
on top the pump which is where your Bluetooth come in action.

     With those you can dups and make "Card No Present" transaction (aka 

     It is a risk/reward thing.

     PS: Lazyness is pretty much the greatest threat.  EU/CAN/etc are 
all CHIP while some other economy still refuse to spend that extra $1 
per card :(

Alain Hebert                                ahebert at
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
Tel: 514-990-5911    Fax: 514-990-9443

On 11/08/18 22:50, Chris Adams wrote:
> Once upon a time, Scott Christopher <sc at> said:
>> Swipe-and-sign (and now just swipe for small amounts) is for Visa, Mastercard, Discover transactions (called credit)
> Signatures are no longer required for chip card transactions in the US,
> except I think for transactions where the auth is done on the amount
> before an added tip (restaurants).
>> Skimming and card fraud is actually uncommon in the U.S. these days, and the police are very effective at combating it. It's just cheaper for the industry to eat fraud losses than to "upgrade" systems. The transition to chip-based cards was a debacle.
> Skimming is still highly active at gas pumps, where chip support was
> pushed off (current requirement I believe is late 2020, but may be
> delayed again).
> The skimmers get more creative all the time; they're getting inside
> pumps (possibly with help of low-paid station attendants, but also
> because of poor physical security) and installing the skimmer hardware
> out of sight.  The hardware has Bluetooth, so the bad guys just pull up
> and get gas and someone in the car can retrieve the data (from multiple
> pumps even).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the NANOG mailing list