If you use your credit or debit card to pay for gas, be warned: You might be at risk for identity theft. NBC Bay Area’s investigative unit found nine credit card data-skimming devices in the past two months, and puts the number of identity theft victims at more than 300. How can your data be so easily stolen, and what can you do about it?
Universal key aiding identity theft
There is reportedly a single, universal key providing access to the majority of gas station pumps nationwide, enabling thieves to install skimmers, high-tech devices that store swipe information, and resulting in hundreds of cases of credit card fraud in the South Bay. The universal key was created, again, for convenience purposes, to simplify gas pump inspections and maintenance.
Thieves are capitalizing on this low-risk, high-reward crime, acquiring the key and circulating copies. The REACT Task Force has unearthed nine skimmers at Bay Area gas stations in the past two months, and upwards of 300 fraud victims have since been reported.
Just how advanced is the skimmer technology? They’re now Bluetooth-enabled. This means, upon installation, thieves can access your information from distances of up to 100 yards, without returning to retrieve the device itself. It’s a terrifying operation still without a viable solution. What’s worse is the skimmers are virtually undetectable, so no red flags are raised to alert customers. With a key, skimmers are input without outward evidence of tampering.
Who’s responsible, and what’s being done?
According to NBC, gas station owners aren’t affected and, so, haven’t pushed particular preventative measures, raising questions of business integrity and customer service loyalty. Bay Area gas stations have been advised to change their locks, but the response from owners hasn’t been ideal. New locks reportedly cost one concerned San Jose Chevron station owner about $1,000, which the majority of owners just aren’t willing to fund. Police say that security tape, torn when tampered with, is often used in favor of more expensive and effective measures.
Chevron-owned sites mandate daily gas pump inspections and encourage independently-owned sites and franchises, where strict security policies aren’t enforced, to do the same. Shell is encouraging the implementation of multiple precautions, including changed locks, security tape and alarm systems.
What’s your liability?
Thankfully, the government’s got your back if you are a victim of fraud. If your credit card is lost or stolen and you report the loss before it’s used, you aren’t liable for anything. If it’s used before you report it, your maximum liability is $50. Also, if the thief uses your credit card number, not the card itself, you aren’t liable for anything. This means that if your card data is stolen via a skimming device, you should not be responsible for fraudulent use.
If you’re using a debit card, your liability could be higher.
If you report before it’s used, you still are not liable for any amount. If you report within two business days, your maximum liability is $50. If you report the loss within 60 days of receiving your bank statement, you could lose up to $500; if you don’t report within that time frame, you have unlimited liability. However, if your debit card number is used, you are only liable for transfers that occur after 60 days of your statement being mailed and before you report the loss.
Hold yourself accountable
If you wouldn’t feel safe with a stranger having the key to your house, you shouldn’t feel safe with a stranger theoretically having the key to your credit. If you do swipe or have swiped in the past, review your credit statements diligently. Credit card companies often insure fraud (typically at the expense of higher interest rate fees, however). For now, it’s best to rethink your next swipe. Take the few extra steps to pay inside instead. Smarter, better-equipped thieves are on the loose.