Data Doctors: Do card skimmer detection apps work?

Q: Do apps that scan for card skimmers at gas stations work?

A: Credit card skimmers are a growing problem, especially at gas stations because gas pumps still aren’t setup to read chipped cards.

In the past, thieves would have to sneak the skimmers on to the gas pumps and then come back later to remove them in order to collect the stolen information.

Thieves can now sit in their car close to where the skimmers are installed and grab stolen card numbers via Bluetooth.

What skimmer apps do

There are a couple of apps that attempt to detect Bluetooth enabled skimmers.

An iPhone app called Card Skimmer Locator scans for any Bluetooth Low Energy (BLE) devices and alerts users if one is detected — BLE devices won’t necessarily show up in the regular Bluetooth settings on your phone.

The problem with this approach is that it can easily generate false positives if you happen to be near wireless headphones, wireless beacons or other BLE devices that have nothing to do with skimmers.

If you use this app, it’s important to pay attention to the device name that the app detects so you can search the internet for information to help you determine if it’s a skimmer or not.

A slightly better approach to detecting skimmers is taken by the Android app called Skimmer Scanner because it looks for a specific type of device.

Many of the Bluetooth skimmers use cheap, off-the-shelf radios that have the same device ID of HC-05 and the default pairing pass code of 1234. When the app sees a device with the HC-05 ID, it attempts to connect and send a command to see if the device responds as a skimmer typically would.

The problem with depending on this app is that it’s just a matter of time before thieves start using devices or device names that are different. Unless the app developer can keep up with the changes quickly, there will be a lot of false negatives which could give users a false sense of security.

It’s also possible that a completely legitimate device is using the same transmitter because they’re readily available and so cheap.

Additional protection tips

Not all skimmers, especially older ones, have a Bluetooth transmitter, so no app will help you detect them. Always take a look at the card reader to see if it looks different from the rest of the equipment in either color or age. Grasping the card reader and giving it a tug can also detect when a skimmer has been slipped over the gas pump card reader.

Get in the habit of using the pumps that are in plain view of the clerk in the store, as thieves tend to target the pumps that are the farthest away and hardest to see from inside the store.

Consider getting a gas card from one or two companies with lots of stations, so you can avoid exposing your credit or debit card to skimmers. If you have to use a debit card, use it as a credit card to avoid having to type your PIN number, which skimmers can also capture.

If you’re ever concerned, opt to pay inside instead of at the pump or move on to another gas station.

Ken Colburn is founder and CEO of Data Doctors Computer Services. Ask any tech question on Facebook or Twitter.

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up