Analysis of Fuel Pump Skimming Devices

Analysis of Fuel Pump Skimming Devices

연구 분야: Strategies

학회: ICISDM '20: Proceedings of the 2020 the 4th International Conference on Information System and Data Mining

Payment card fraud is a growing problem in the United States. Credit and debit card numbers are harvested from automated devices such as fuel dispensers, Point of Sale (POS) terminals, and Automated Teller Machines (ATMs) in a process known as "skimming". Skimming requires the installation of malicious hardware on (or inside of) the targeted device. As such, it serves as an example of a physical cyber threat. In this paper, we provide an overview of payment card skimming in general, before narrowing our focus to payment card skimming occurring at fuel pumps. We then reverse engineer skimmers which law enforcement has harvested from fuel pumps in Florida. We consider only those skimmers which use Bluetooth to exfiltrate the "skimmed" payment card data. The goals of our research are to analyze the internal operation of the skimmers and determine if they can be disabled wirelessly, without requiring the fuel pump cabinet to be opened.