At a staggering estimation of $1.5 trillion per year, criminals can make more through cybercrime, including credential theft, trade secret theft, data trading, crimeware-as-a-service and ransomware, than all other crime methods combined. One considerable area of these disturbing statistics is the theft and sale of payment and bank card data.
The outdoor location and unattended nature of fuel pump payment terminals make them a particularly attractive target for financial data thieves. Stealing data from gas stations is relatively easy and inexpensive; and it can result in hefty payouts making it a high Return on Investment (ROI) opportunity for criminals.
Fuel Pump Payment Card Theft Tactics
One of the typical ways in which cybercriminals steal payment card data is by installing skimmer and shimmer devices on fuel pump payment terminals. These tiny, hard-to-detect devices only cost a few dollars in crimeware markets and take only moments to install on a pump.
Yet this isn’t the only ways criminals target gas stations. Another forecourt theft method is hacking into the routers that manage payment card data transmissions between gas pumps, point-of-sale systems and financial institutions. Similar to theft devices, malware that collects data is cheap to obtain on Darknets with prices typically between $12 and $15. Infiltrating routers, particularly those that are older with well-known vulnerabilities, can usually take less than an hour of a hacker’s time.
An additional characteristic that makes this type of crime attractive is it can take months or even more than a year before a theft device is detected either through a customer complaint or in many states during the Agriculture Commission’s Weights and Measures inspection that occurs every year or every other year. Plus, Weights and Measures is not able to investigate the presence of malware on routers. As a result, it’s possible for criminals to reap the benefits of compromising a single location for a long time before the devices are discovered and the perpetrator must invest time and effort into compromising a different location.
Why It’s Hard to Stop Gas Pump Skimmers and Shimmers
Fuel pump payment card data theft is a prime example of a cybercrime that can be difficult to discover and stop. Weights and Measures and law enforcement will often use scanners that check fuel pumps for the presence of shimmers and skimmers, but these offer limited capabilities. The scanners can only detect theft devices if they are used in close proximity to the gas station. Consequently, shimmer and skimmer detection is a highly manual process that requires physically visiting each fueling station. Even though the theft devices are operated over the Internet, cybersecurity techniques are limited in finding and stopping theft devices because the devices typically communicate data using radio frequencies instead of network connections that can be monitored and scanned.
In a single day, one theft device can collect data from as many as 100 payment cards and cybercriminals can steal tens of thousands of dollars. In addition to hitting consumer finances hard, fuel pump payment card data theft usually results in negative press for gas stations that translates into lost revenue. Plus the cost of investigating theft complaints and removing devices drains community resources. It’s a costly problem for the state and local government entities tasked with ensuring fuel pump integrity.
Using Proven Cyber Intelligence Methods In a New Way
Recognizing the limitations that scanner and manual inspections pose, CyberDefenses recognized a scenario in which cyber intelligence could provide a solution. By combining insight into criminal activity with investigation methodologies proven to be effective in intense military scenarios, the team is able to narrow in on gas stations with payment card data theft indicators.
The result is CyberDefenses’ CyberTheft Locator service; it has significant positive implications for state and local governments as well as businesses wanting to put an end to the payment card data theft problem. Using cyber intelligence tactics, many of which the team has developed over decades of experience tracking and defusing cyberthreats, CyberDefenses can use stolen credential information and Darknet marketplace activity to identify areas with high theft activity. Then the team is able to apply pattern matching techniques using a wide range of data from other relevant sources to pinpoint gas stations with a high probability of having a skimmer, shimmer or malware issue. This breakthrough process expands what was previously possible in three key ways:
- Remote Detection Reduces the Financial Impact of Payment Card Data Theft
CyberTheft Locator can pinpoint potential criminal activity at fuel pumps anywhere in the United States remotely from the CyberDefenses Security Operations Center (SOC). Consequently, states save money, staff time and the travel expenses involved in physically visiting sites to search for theft devices.
Once evidence of payment card data theft is discovered, the cyber intelligence team determines if the theft is occurring through malware or another method involving a network connection that can be stopped from the SOC.
If the theft is not online, it is highly probably that a skimmer or shimmer device or devices are present in the area and it is worth sending inspectors or law enforcement to the stations implicated as possible victims to remove the devices.
2. Rapid Discovery Shortens the Duration of the Theft Minimizing the Number of Victims
CyberTheft Locator also offers the ability to quickly discover theft shortly after criminals install theft devices or malware. Rapid discovery dramatically shortens the amount of time a thief is able to steal data which in turn reduces the number of victims and the amount of money consumers lose to fuel pump payment terminal theft.
Additionally, rapid detection is a deterrent. It diminishes the potential for criminals to collect lucrative payouts at a single location. It forces attackers to expend more cost and effort moving to a different target. Since most thieves are opportunistically looking for easy targets that offer a high ROI, fuel pump payment card data theft becomes a less attractive endeavor.
- More Insight Facilitates Finding the Perpetrator and Successful Prosecution
The investigative nature of CyberTheft Locator means the intelligence team is able to gather a substantial amount of data which offers clues that can be used to identify the suspect. It also provides data that can be used as evidence to prosecute the criminal. Physical shimmer and skimmer searches aren’t able to provide the crucial information and data needed to shut down the source of the criminal activity.
It’s an advantage that can go a long way in helping state agriculture commissioners, other regulatory authorities and law enforcement end payment card theft in their area.
Contact us to learn more about how cyber intelligence can be used to address complex cybersecurity issues.