App allows inspectors to find gas pump skimmers faster

August 14, 2019

A team of computer scientists at UC San Diego and the University of Illinois has developed an app that allows state and federal inspectors to detect devices that steal consumer credit and debit card data at gas pumps. The devices, known as skimmers, use Bluetooth to transmit the data they steal.

"All criminals have to do is download the data from the comfort of their vehicle," said Nishant Bhaskar, a Ph.D. student in computer science at the University of California San Diego and the study's first author.

The app, called Bluetana, detects the Bluetooth signature of the skimmers, and allows inspectors to find the devices without needing to open up the gas pumps.

Bluetana was developed with technical input from the United States Secret Service and is only available to law enforcement officials and gas pump inspectors. It will not be available to the general public. It is now used by agencies in several states.

"Our goal is to give field agents the best tools for the job available today," said Kirill Levchenko, a computer science professor at the University of Illinois who earned his Ph.D. at the Jacobs School of Engineering at UC San Diego. "We've found that Bluetana helps agents find more gas stations with skimmers--and to find more skimmers at those gas stations."

The researchers found that, compared to similar apps currently available for smartphones, Bluetana is likely to discover more skimmers and results in a much lower false positive rate. "Bluetooth technology used in these skimmers are also used for legitimate products commonly seen at and near gas stations such as speed-limit signs, weather sensors and fleet tracking systems," said Bhaskar. "These products can be mistaken for skimmers by existing detection apps."

Bluetana uses an algorithm developed by the researchers to distinguish skimmers from legitimate Bluetooth devices. The researchers designed the algorithm based on the results of a field study during which the researchers analyzed scans of Bluetooth devices taken by officials at 1,185 gas stations in six U.S. states.

"Bluetana extracts more meaningful data from the Bluetooth protocol, such as signal strength, than existing skimmer detection applications. In a few cases, our app was able to find devices missed by visual inspection," said Maxwell Bland, a Ph.D. student in computer science at UC San Diego and study coauthor.

In one year of operation, Bluetana has led to the discovery of 42 Bluetooth-based skimmers across three U.S. states, all of which were recovered by law enforcement agents. "We were surprised that there were so many skimmers in the field that had not been discovered by other detection methods such as regular manual inspections," said Aaron Schulman, a UC San Diego assistant professor in computer science. "We even found two skimmers that were installed in gas pumps and had evaded detection for six months."

Researchers will present their work on Bluetana at the USENIX Security 2019 conference Aug. 14, 2019 in the San Francisco Bay Area.

What do skimmers do and how much are they worth to criminals?

Skimmers have a high return on investment for criminals: skimmed debit card numbers can be used to withdraw cash and skimmed credit card numbers to make expensive purchases. A skimming device costs $20 or less to manufacture and can bring in more than $4,000 per day, depending on how many people use the gas pump and how the criminal converts the stolen numbers to cash.

Criminals break into the pumps, many of which can be opened using a universal master key, to install the skimmers. Skimmers are connected to both the keypad and the magnetic stripe reader inside the gas pump. This allows the devices to collect not only customers' card numbers, but also their billing ZIP code and PIN, in the case of a debit card transaction.

It takes Bluetana, on average, three seconds to detect a skimmer. By contrast, law enforcement officials can take 30 minutes on average to find skimmers during manual inspections.

"UC San Diego is an important and active partner on our Southern California Electronic Crimes Task Force, and has been able to provide technological solutions to current investigative needs," said Special Agent in Charge James Anderson of the Secret Service. "Our office looks forward to presenting them with other investigative challenges."

Next steps

As more gas stations adopt payment systems exclusively for credit and debit cards with chips, criminals will use technologies to capture information from these types of cards. Researchers will have to follow suit. Visa and MasterCard are mandating that all gas stations in the United States use the chip-based systems by October 2020.

"Bluetana is not the last word," Levchenko said. "As criminals evolve, our techniques will need to evolve also."
-end-


University of California - San Diego

Related Science Articles from Brightsurf:

75 science societies urge the education department to base Title IX sexual harassment regulations on evidence and science
The American Educational Research Association (AERA) and the American Association for the Advancement of Science (AAAS) today led 75 scientific societies in submitting comments on the US Department of Education's proposed changes to Title IX regulations.

Science/Science Careers' survey ranks top biotech, biopharma, and pharma employers
The Science and Science Careers' 2018 annual Top Employers Survey polled employees in the biotechnology, biopharmaceutical, pharmaceutical, and related industries to determine the 20 best employers in these industries as well as their driving characteristics.

Science in the palm of your hand: How citizen science transforms passive learners
Citizen science projects can engage even children who previously were not interested in science.

Applied science may yield more translational research publications than basic science
While translational research can happen at any stage of the research process, a recent investigation of behavioral and social science research awards granted by the NIH between 2008 and 2014 revealed that applied science yielded a higher volume of translational research publications than basic science, according to a study published May 9, 2018 in the open-access journal PLOS ONE by Xueying Han from the Science and Technology Policy Institute, USA, and colleagues.

Prominent academics, including Salk's Thomas Albright, call for more science in forensic science
Six scientists who recently served on the National Commission on Forensic Science are calling on the scientific community at large to advocate for increased research and financial support of forensic science as well as the introduction of empirical testing requirements to ensure the validity of outcomes.

World Science Forum 2017 Jordan issues Science for Peace Declaration
On behalf of the coordinating organizations responsible for delivering the World Science Forum Jordan, the concluding Science for Peace Declaration issued at the Dead Sea represents a global call for action to science and society to build a future that promises greater equality, security and opportunity for all, and in which science plays an increasingly prominent role as an enabler of fair and sustainable development.

PETA science group promotes animal-free science at society of toxicology conference
The PETA International Science Consortium Ltd. is presenting two posters on animal-free methods for testing inhalation toxicity at the 56th annual Society of Toxicology (SOT) meeting March 12 to 16, 2017, in Baltimore, Maryland.

Citizen Science in the Digital Age: Rhetoric, Science and Public Engagement
James Wynn's timely investigation highlights scientific studies grounded in publicly gathered data and probes the rhetoric these studies employ.

Science/Science Careers' survey ranks top biotech, pharma, and biopharma employers
The Science and Science Careers' 2016 annual Top Employers Survey polled employees in the biotechnology, biopharmaceutical, pharmaceutical, and related industries to determine the 20 best employers in these industries as well as their driving characteristics.

Three natural science professors win TJ Park Science Fellowship
Professor Jung-Min Kee (Department of Chemistry, UNIST), Professor Kyudong Choi (Department of Mathematical Sciences, UNIST), and Professor Kwanpyo Kim (Department of Physics, UNIST) are the recipients of the Cheong-Am (TJ Park) Science Fellowship of the year 2016.

Read More: Science News and Science Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.