The Secret Service issued a warning to convenience stores earlier this week that a new wave of contactless payment skimmers are appearing at gas pump payment terminals.
Credit card fraud at the gas pumps is not a new concept, of course. Thieves have previously tried everything from placing fake mag-stripe readers over the legitimate payment system, to installing card data collection systems inside the gas pump, the thief later returning to the pump to collect their device and the stolen credit card numbers on it.
However, the latest black-hat card skimming trick the Secret Service warns about involves taking advantage of contactless payment methods, including RFID chip-enabled cards and various smart phone payment apps. Gas pumps with a contactless payment terminal use near-field communication (NFC) to communicate with the user's payment device (contactless card or smartphone app). During this process, the user's credit card information is transmitted wirelessly, through short-ranged radio frequencies, to the pump's payment terminal. What thieves are doing now is breaking into the gas pump and hiding their own NFC device inside. While your information is being wirelessly transferred to the pump's terminal, the thief's NFC device also picks up the transmission and collects your credit card information. Unfortunately, this type of skimming device is inherently easier for the thief to install and harder for a gas station customer or employee to detect. You can read the full NACS report here.
Reports like this just go to show the increasing volume and complexity of fraud surrounding RFID chipped cards and other contactless payment methods.