Bluetana: detecting credit card skimmers with a smartphone app

Credit card skimming is a type of credit card theft performed using a small device to steal credit card information during a legitimate credit card transaction.

How skimmers works?

When a credit or debit card is swiped through a skimmer, the device captures and stores all the details stored in the card’s magnetic stripe (usually the credit card number, expiration date and the credit card holder’s full name): thieves use this stolen data to make fraudulent charges.

Thieves use the stolen data to make fraudulent charges either online or with a counterfeit credit card.

Credit card skimmers are often placed over the card swipe mechanism on ATMs and gas stations, and usually the crooks may also place a small, undetectable camera nearby to record you entering your PIN, in order to collect all the information needed to make fake cards and withdraw cash from the cardholder’s checking account.


Bluetana

Modern credit card skimmers usually communicate via Bluetooth, but now there’s an app that can detect them: computer scientists at the Jacobs School of Engineering in San Diego have developed a smartphone app that can quickly detect the presence of a card skimmer installed (in the first usecase) on a gas station pump.
With this app, the inspection time was reduced from 30 minutes to just three seconds.

Bluetana not only scans and detects Bluetooth signals, but can actually differentiate those coming from legitimate devices (like sensors, smartphones, or vehicle tracking hardware) from card skimmers that are using the wireless protocol as a way to harvest stolen data.

The full details of what criteria Bluetana uses to differentiate the two isn’t already being made public, but its algorithm takes into account metrics like signal strength and other telltale markers that were pulled from data based on scans made at 1,185 gas stations across six different states.

As more gas stations adopt payment systems exclusively for credit and debit cards with chips, criminals will use technologies to capture information from these types of cards. Researchers will have to follow suit. Visa and MasterCard are mandating that all gas stations in the United States use the chip-based systems by October 2020.

https://ucsdnews.ucsd.edu/pressrelease/bluetana

For more technical information you can refer to official page on UC San Diego News Center


References


Related posts

Comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.