Analysis of Fuel Pump Skimming Devices
Charles Begian and Houssain Kettani
The Beacom College of Computer and Cyber Sciences
Dakota State University, Madison, South Dakota, USA
charles.begian@trojans.dsu.edu, houssain.kettani@dsu.edu
ABSTRACT
Payment card fraud is a growing problem in the United States.
Credit and debit card numbers are harvested from automated
devices such as fuel dispensers, Point of Sale (POS) terminals,
and Automated Teller Machines (ATMs) in a process known as
“skimming”. Skimming requires the installation of malicious
hardware on (or inside of) the targeted device. As such, it serves
as an example of a physical cyber threat. In this paper, we provide
an overview of payment card skimming in general, before
narrowing our focus to payment card skimming occurring at fuel
pumps. We then reverse engineer skimmers which law
enforcement has harvested from fuel pumps in Florida. We
consider only those skimmers which use Bluetooth to exfiltrate
the “skimmed” payment card data. The goals of our research are
to analyze the internal operation of the skimmers and determine if
they can be disabled wirelessly, without requiring the fuel pump
cabinet to be opened.
CCS Concepts
• Security and privacy → Security in hardware → Hardware
reverse engineering • Security and privacy →
Intrusion/anomaly detection and malware mitigation →
Intrusion detection systems • Networks → Network Types →
Wireless access networks → Wireless personal area networks
Keywords
Payment card skimmer; Bluetooth skimmer; fuel pump skimmer;
gas pump skimmer; credit card fraud.
1. INTRODUCTION
The Federal Trade Commission (FTC) announced over 124,000
reports of payment card fraud in 2018, with combined losses of
approximately $287 million. The US state with the highest
incidence of fraud in 2018 was Florida, with all types of identity
theft accounting for 15% of the total fraud cases in the state, and
credit card fraud comprising 42% of those cases [1]. Credit cards,
ATM debit cards and vendor gift cards are all forms of payment
cards [2]. When payment card information has been captured, it
can be used to commit fraud in multiple ways, each being a form
of identity theft. It may be used to provide fraudulent payment
information for online purchases. It may also be encoded onto the
magnetic stripe of a blank credit or debit card, effectively creating
a clone of the original payment card to be used for unauthorized
transactions. It may also be sold on the black market to other
malicious actors. One way of harvesting payment card data is to
capture the card’s data when the card is being used. Automated
Permission to make digital or hard copies of all or part of this work for
personal or classroom use is granted without fee provided that copies are
not made or distributed for profit or commercial advantage and that
copies bear this notice and the full citation on the first page. To copy
otherwise, or republish, to post on servers or to redistribute to lists,
requires prior specific permission and/or a fee.
ICISDM 2020, May 15–17, 2020, Hawaii, HI, USA
© 2020 Association for Computing Machinery.
ACM ISBN 978-1-4503-7765-2/20/05…$15.00
https://doi.org/10.1145/3404663.3406874
157
Teller Machine (ATM) and Point of Sale (POS) devices rely on
reading user identification and account information recorded on
the magnetic stripe of a payment card. For the data to be read, the
payment card must be physically “swiped” or moved across a
magnetic read head. Payment card skimming is the activity of
capturing the data read during a card swipe, storing it and
exfiltrating it. The captured card data, which includes cardholder
identities and payment account data, can be encoded on the
magnetic stripes of payment card blanks, essentially duplicating
the payment card. These duplicates may then be used to make
fraudulent purchases.
Payment card skimming is performed by physically tampering
with an ATM or POS device to install a “skimmer”. Skimmers
vary in design, with their form factor dictated by the device where
they are installed. Skimmers may take the form of a false card
reader assembly that is installed over the ATM or POS card reader
or an extremely thin “sleeve” that is inserted into the slot of the
card reader. For both of these skimmer types, whenever a payment
card is inserted into the slot, the skimmer reads the payment card
data at the same time that it is read by the magnetic card read
head. A third type of skimmer may be installed inside an ATM or
POS device, but does not read the payment card’s magnetic stripe.
Rather, it is installed in line with the wiring carrying the payment
card data from the card read head to the internals of the device.
This type of skimmer obtains the payment card data by recording
it as it travels over the wiring harness from the card read head to
the internal device hardware. Since this type of skimmer is not
physically constrained by the form factor of the card read head, it
is sometimes fitted with a wireless communication module for
exfiltration of captured payment card information. The skimmers
employed to skim payment card information from fuel pumps are
primarily of this third type. The consumer’s Personal
Identification Number (PIN) may be harvested by using PIN pad
overlays or small cameras to record consumer PINs as they are
typed [3]. When combined with the data skimmed from the
payment cards, fraudulent PIN-based payment cards, such as
ATM cards, can be created.
In the next section, the reader is introduced to fuel pump
skimming devices and their use. Their detection and analysis of
their firmware as well as our findings are presented in Section 3.
Finally, Section 4 presents concluding remarks, which include
suggested countermeasures and future research directions.
2. FUEL PUMP SKIMMING (FPS)
One form of payment card skimming targets consumers who
purchase fuel using payment card readers attached to fuel pumps
in a self-service manner. This activity, known as “fuel pump
skimming”, is a nationwide problem [4]. The US Federal Trade
Commission (FTC) has warned consumers to be alert for
indications of fuel pump tampering, as that may indicate the
presence of a skimmer inside the pump [5]. Some US states, such
as Florida, track the number of fuel pump skimmers received by
law enforcement each year [6]. Fuel pump skimmers are installed
inside the pump cabinet by unlocking it using a duplicated master
key since a given pump manufacturer’s master key may open
several pumps. Persons desiring to install fuel pump skimmers use
various means to obtain master keys for duplication, with bribing
a fuel station attendant being one commonly used method. The
skimmer installer offers to pay a fuel station accomplice to
“borrow” a pump master key for a short period of time. The
installer quickly has the master key duplicated and returns the
original key to the station attendant [7]. The skimmer device is
installed by unlocking the fuel pump cabinet, unplugging the
wiring harness from the payment card reader and plugging it into
the skimmer’s wiring harness. The card reader’s wiring harness is
then plugged into the back of the skimmer’s harness. In this way,
the skimmer device is inserted in line with the card reader and its
wiring harness. The pump cabinet is then closed and locked. The
entire installation procedure can be completed in less than one
minute.
Because skimmer installation requires physically tampering with
the fuel pump itself, the skimmer deployment person risks
detection during the installation process. To minimize the chances
of being observed, skimmers are often installed during the early
hours of the morning, such as at 3:00AM, when the service station
is likely to be unattended or at least have no customers. To
prevent security cameras from recording skimmer installation, the
installers operate in teams, with one team member blocking the
security camera’s line of sight to the pump cabinet while another
team member installs the skimmer. Once installed, the skimmer
draws power from its connection to the pump wiring as shown in
Fig. 1, and thus can operate indefinitely [7]. Because these
skimmers are installed inside the fuel pump itself, they are not
detectable by visual inspection without physically unlocking and
opening the cabinet. Even when the cabinet has been opened,
visual inspections sometimes fail to detect a skimmer, due to
obscuration by wiring harnesses present inside the cabinet. When
a customer uses a payment card to purchase fuel at the pump, the
card reader reads payment account data from the card’s magnetic
stripe. This data is passed on to the pump’s internal logic over the
card reader’s wiring harness. If a skimmer has been installed
between the card reader and its wiring harness, it captures the
payment card data as it is sent from the card reader. The skimmer
records this data in flash memory for later download. To exfiltrate
the payment card data, the skimmer owner wirelessly connects to
the skimmer, downloads the stored payment card data, and
commands the skimmer to erase the flash memory, freeing it for
the storage of new data.
Bluetooth is commonly chosen as the wireless technology used to
exfiltrate captured payment card data from a skimmer. Bluetooth
technology is readily available, inexpensive, and allows common
consumer electronics such as smart phones and tablets to be used
for payment card data exfiltration. Skimmer designers have varied
the make and model of Bluetooth modules they employ. The
Bluetooth modules used by the two skimmers considered in this
study are the Guangzhou HC Information Technology Co. Ltd.
HC-05, and the Roving Networks RN-42. Both skimmers were
harvested from fuel pumps in Florida in 2019. According to the
US Secret Service, the fuel pump skimmer design most commonly
found nationwide uses the HC-05 module, but it is gradually
declining in popularity in favor of a newer design based on the
RN-42 module [7].
158
Figure 1: Skimmer installed in line with pump wiring
Detection and neutralization of fuel pump skimmers is
challenging. Installed skimmers are not visible from outside the
pump cabinet. Their data collection and download are invisible to
customers, fuel station owners and law enforcement. Researchers
at the University of California San Diego (UCSD) have developed
a mobile application for Bluetooth skimmer detection [8].
However, it depends upon the receipt of signals from skimmers
who respond to Bluetooth inquiry messages. Skimmer designers
have adapted to this by disabling inquiry responses from the
skimmers. Detecting individuals downloading payment card data
from a skimmer is also difficult. Most current fuel pump
skimmers use Bluetooth technology to download the skimmed
card data to a tablet or smartphone app. To perform the download,
the recipient places themselves anywhere within communications
range of the compromised fuel pump, connects via Bluetooth to
the skimmer, and exfiltrates the data wirelessly. Even if a security
camera or a human observer are present at the fuel station during
the download, that activity is likely to go undetected.
Research resulting in technical solutions to assist in the
neutralization of skimmers and of the users downloading their
data is beneficial to fuel station owners, and to multiple law
enforcement and governmental organizations. In the event that
payment card information is being skimmed for criminal
purposes, then the community of interest spans local, state and
federal levels. For example, in Florida local county sheriffs are
responsible for skimmer detection. The Florida Department of
Agriculture is responsible for regulating the fuel dispensers
themselves. The US Secret Service Economic Crimes unit
investigates the individuals who manufacture, sell and employ the
skimmers. After downloading the skimmed payment card data, the
recipient either sells the data on the dark web to individuals who
create counterfeit payment cards or uses it to create their own
counterfeit cards. These cards may be used by organized groups to
make fraudulent fuel purchases. The purchased fuel is then resold
to unscrupulous fuel station owners at a price below market value.
These fuel resale transactions are performed entirely in cash,
without receipts or other documentation. These practices have
become lucrative enough to attract the interest of even persons
outside the US who want to commit payment card fraud [7].
Solicitations for gas pump skimmers may be found on non-US
websites, such as [18].
3. ANALYSIS of FPS
In 2018, an application was developed to detect the presence of
skimmer devices that respond to Bluetooth inquiry messages [8].
In 2019, another study analyzed publicly available skimmer
detection apps, and their effectiveness in detecting six models of
skimmers [9]. Both studies were limited to apps which detected
skimmers that responded to Bluetooth inquiry messages [9].
 Table 1: Skimmer Types
Skimmer # MCU Bluetooth Module
1 PIC18F4550 Guangzhou HC-05
2 PIC18F4550 Roving Networks RN-42
Skimmer designers have countered these apps by creating
skimmers which do not respond to Bluetooth inquiry messages.
Although this allows the skimmer to avoid detection by the
skimmer scanner apps, it may still be detected by algorithms
which do not depend on responses to such messages. A brute-
force method was presented in 2007 to detect such devices, but
the time required to complete this type of scan makes their
method impractical for law enforcement use [10]. A side effect of
disabling Bluetooth inquiry responses is that the skimmer user is
forced to perform Bluetooth pairing to another device such as a
Bluetooth-capable mobile phone or laptop computer, prior to
installing the skimmer. The fact that another device has been
paired to the skimmer provides important forensic evidence when
skimmers and their paired devices are located [7].
The two skimmers that form the subject of this research were
provided by the US Secret Service and are representative of those
skimmer designs commonly encountered by law enforcement in
Florida as pictured in Fig. 2 [11]. Both use the PIC18F4550 MCU
for capturing skimmed payment card data and Bluetooth
technology for exfiltration of that data but differ in the type of
Bluetooth module employed as shown in Table 1. For each
skimmer, the Micro-Controller Unit (MCU) circuit board, control
firmware, and Bluetooth module were examined. Both were
manufactured using a combination of approximately twenty
components from Chinese and US suppliers. While the skimmers
differed in their choice of Bluetooth module, they employed the
same Printed Circuit Board (PCB) to mount the PIC18F4550
MCU and supporting components. The skimmers were designed
to be inexpensive to manufacture, with the PSLH-v5 PCB costing
approximately $5. The most expensive component was the RN-42
module, costing $18.95. Hand soldering these components, a
skimmer could be assembled in under an hour, at a cost of less
than $30.
Figure 2: Fuel Pump Skimmers. HC-05 (left) and RN-42
(center). Both built from PSLH-v5 PCB (right)
To examine skimmer operation, it was necessary to devise a
means of supplying it with DC power and ground connections.
Each skimmer was analyzed independently by mounting it on a
breadboard, using the 7-pin male header provided by the PSLH-v5
PCB. The intended purpose of this header is to allow the skimmer
159
to be connected in line with the fuel pump wiring, between the
Magnetic Stripe Reader (MSR) and the internal pump circuitry.
Connected in this way, the skimmer is able to sniff and record
payment card data as it is transmitted from the MSR to the pump.
This wiring harness also connects the skimmer to +12VDC power
and ground from the fuel pump. Visual inspection of the PSLH-v5
PCB revealed that it contained the necessary circuitry to regulate
the +12VDC supply voltage down to the +3.3VDC needed by the
MCU and Bluetooth module. Therefore, the skimmer was
connected to a +12VDC power supply and ground, using pins one
and seven of the 7-pin male header, respectively. Although the
skimmers evaluated under this study used disparate Bluetooth
modules, they both employed the same PCB and MCU, which
were Shenzhen Senyan Circuit Co., Ltd. PSLH-v5 and Microchip
Technology PIC18F4550, respectively. The MCU is an 8-bit
device, with 32KB of flash ROM, 2KB of SRAM, and 256 bytes
of EEPROM [13]. The PSLH-v5 has an ICSP programming port,
which provides a means of connecting to the MCU and reading its
firmware. Unfortunately, the PSLH-v5 does not have a header to
connect a device to the ICSP. Rather than alter the skimmer by
soldering a female header to the ICSP, we chose to press fit a 5-
pin wire-to-board connector to the ICSP. The connector provided
screw terminals to which we connected five wire jumpers. The
jumpers were then connected to a Microchip Technology PICKIT
4 chip programmer.
Once connected to the +12VDC power supply and the PICKIT 4,
the skimmer’s firmware could be downloaded to a laptop PC
using Microchip Technology’s MPLAB IPE X, v5.30 for analysis.
The PICKIT 4 was also used to upload the MCU’s firmware to a
DM163025-1 PIC demonstration board from Microchip
Technology. The DM163025-1 and the MPLAB X IDE, v5.30
were used as a test environment for dynamic firmware analysis.
Each skimmer’s firmware was also subjected to static analysis by
using NSA’s Ghidra v9.0.4 for decompilation. The 010 Hex
Editor, v9.0.2 was used for byte-level inspection. The skimmed
data is downloaded to the skimmer user’s device over a paired
Bluetooth connection. Once powered on the breadboard, skimmer
communications were captured and analyzed with Wireshark.
Both skimmer models used a common MCU, the PIC18F4550.
This device captures payment card data transmitted by the MSR
and records it on an external flash ROM chip. When the skimmer
user opens a Bluetooth connection to the skimmer, they can
command the MCU to send the stored payment card data to the
Bluetooth module for wireless exfiltration. The user can also
command the MCU to erase the contents of the external flash. The
skimmers we analyzed used a Micron Technology M25P16, a 16-
megabit flash ROM [14]. The skimmer allocates 256 bytes to
store each captured payment card record, giving it the capacity to
store approximately 8192 records before the device becomes full.
The skimmers differed in how they advertised their presence over
Bluetooth. The HC-05 skimmer responded to Bluetooth inquiry
messages with “HC-05”. It was detectable using common
consumer electronics such as a Bluetooth-enable smart phone.
This skimmer could be paired using a default password of “1234”,
and we were able to download payment card records from it as
illustrated in Fig. 3. The RN-42 skimmer did not respond to
Bluetooth inquiry messages and could not be paired.
We began analysis by attempting to access the MCU and
download its firmware. The PIC18F4550 contains flash ROM for
storage of program code and fixed data, SRAM for volatile data
storage, and EEPROM for non-volatile data storage. The
PIC18F4550 organizes its 32KB of flash ROM into five blocks.
Starting at address 0000H, the boot block of 2KB followed by
block 1 of 6KB and blocks 2, 3, and 4, 8KB each. We were able
to download the firmware stored in the boot block. The MCU
processes power-on reset as an interrupt, and loads the instruction
stored at address 00000H. That address is traditionally a GOTO
instruction transferring control to the beginning of the application
program. Both skimmers followed this paradigm as shown in Fig
4. The HC-05 skimmer branches to a location in flash block 0,
while the RN-42 skimmer branches to a location in flash block 1.
The remaining code in each skimmer’s boot blocks consisted of
high and low priority Interrupt Service Routines (ISRs). The
skimmer idles until an event occurs such as a card swipe at the
MSR, or the Bluetooth module reporting the receipt of a
command. The event generates an interrupt, and the MCU
branches to the appropriate ISR to process the interrupt.
Figure 3: Tracks 1 and 2 (T1, T2) card data from skimmer
Figure 4: RN-42 skimmer firmware in Ghidra
For both skimmers, attempts to download the contents of flash
blocks 0-3 were unsuccessful. The PIC18F4550 contains a “code
protect” feature which allows the developer to set certain
configuration bits on the device to make blocks of the flash ROM
and EEPROM unreadable from locations outside of that block.
Attempts to read a code-protected block from a different block, or
from an external device such as the PICKIT 4, always return 00H.
Although code-protected locations cannot be read, code stored
there may still be executed. Both skimmers stored their firmware
160
other than the ISRs, in code-protected blocks, to prevent analysis
of the main application. For the skimmers examined in this study,
we found that addresses above 0x007FF could not be read, due to
code protection. This indicates that the boot block was not code
protected. Although a configuration bit exists for code protection
of the boot block, it was not enabled on either skimmer. Likewise,
neither skimmer was found to have the EEPROM code protection
configuration bit enabled. We successfully read the EEPROM, but
it contained only 12 bytes of data FF008000010F313233343536H
with the remainder being uninitialized storage. To overcome the
MCU’s code protection, we attempted to use the technique
described in section III.C of [12] but were unable to access that
part of the firmware stored above 007FFH, which is the last
address of the boot block. We also contacted Microchip
Technology for technical support, but they declined to advise us
as to how code protection could be circumvented and would
neither confirm nor deny that sidestepping it was possible.
4. COUNTERMEASURES
Visa and Mastercard have directed that the fuel dispenser industry
converts the payment card readers on all fuel pumps from
Magnetic Stripe Reader (MSR) to Europay, Mastercard, and Visa
(EMV) by October 1, 2020 [15]. The EMV readers read a
microchip built into the physical payment card to produce a
unique transaction code for each payment. The card issuer uses
that transaction code to verify the validity of the payment card.
This change would make the data collected by the current
generation of fuel pump skimmers obsolete. While they could still
be used to skim payment card data, fraudulent cards created with
that data would be unusable, as there is currently no method of
counterfeiting the transaction code generated by the real card’s
microchip. Despite this improvement in payment security, it will
not eliminate the need for the development of pump skimmer
countermeasures. We anticipate that skimmer designers will adapt
to the introduction of EMV technology and deploy new skimmer
designs which can overcome that security control. One way this
could be accomplished would be by physically tampering with the
card reader to prevent it from successfully reading microchips.
After a preset number of failed attempts to read a payment card’s
microchip, certain card readers will fall back to reading the card’s
magnetic stripe.
Our research suggests certain countermeasures which could be
used to prevent fuel pump skimmer deployment, improve the
chances of successfully detecting installed skimmers, and provide
real-time alerts to law enforcement and fuel station owners of
skimmer data exfiltration. The first of these would be to increase
the physical security of the pump cabinet. Fuel pump skimmers
rely on the ability to be installed inside the cabinet. If access to the
interior of the cabinet can be controlled, skimmer deployment can
be prevented. One way to do this would be to simply add a
padlock to each pump cabinet. Skimmer deployers are most
vulnerable to detection during the installation of the skimmer.
Skimmer deployment could be discouraged by increasing the risk
of detection. There are several physical security controls which
could be employed, such as security cameras. Another physical
security control would be a system where each fuel pump cabinet
is fitted with a switch which detects when the cabinet door has
been opened and sends an alarm to the station attendant. Reliance
on Bluetooth for wireless data exfiltration requires that the data
recipient be within Bluetooth transmission range to download the
skimmed payment data. The Bluetooth modules used by the
skimmers examined during this study were both Bluetooth Class 2
devices [16,17]. The theoretical maximum range of these devices
is ten meters, but shorter usable transmission ranges are likely to
be observed in the field, given that the skimmer is installed inside
a metal fuel pump cabinet with abundant electronics, motors, and
other RF interference-causing devices in close proximity. This
reduced range means that the data recipient must be physically
close to the skimmer device when downloading data. A
countermeasure intended to increase the risk of detecting skimmer
usage could be implemented as an array of Bluetooth receivers
installed near the fuel pumps. The receivers constantly scan
nearby wireless traffic for Bluetooth transmissions. When a
transmission is detected, it is compared to the signature of known
skimmer downloads such as T1 and T2 data being sent. If the
transmission matches the signature, an alert is sent to the station
attendant and possibly also to law enforcement, that a potential
skimmer download is in progress.
Once fuel pump skimmers have been found, station owners and
law enforcement switch their focus to identifying the skimmer
data recipients [7]. Assuming that the recipient is unaware that
their skimmer has been discovered, there are opportunities to
increase the likelihood of detecting the recipient when they return
to the compromised fuel pump to download payment card data.
One such option would be to reflash the captured skimmer with
new firmware which provides uniquely identifying unissued
payment card data in response to download commands from the
data recipient. Analogous to the use of marked currency to
provide evidence against a bank robber, an individual found with
these special payment card numbers on their electronic device or
on a physical payment card, can be tied back to the skimmer. The
modified skimmer’s Bluetooth module can also be examined to
determine the MAC addresses of the most recent Bluetooth
devices which have connected to it. If an individual is found to be
in possession of a Bluetooth device having one of those MAC
addresses, it is strong evidence linking them to the skimmer. As a
final measure, one of the MCU’s available output ports could be
used to connect the skimmer to another hardware device which
would send an alarm to the station attendant and/or law
enforcement whenever the skimmer receives a data download
command.
5. AREAS FOR FUTURE RESEARCH
Payment card skimming from point of sale devices is a growing
problem in the United States. This paper has discussed fuel pump
skimming at fuel pumps as a specific type of payment card
skimming. The hardware, firmware, and operation of two types of
Bluetooth-enabled skimmers were examined. One area for future
research would be the extension of this work to consider
skimmers which use wireless technologies other than Bluetooth.
For example, some skimmers have recently been found in Florida
which use cellular technology in place of Bluetooth for
exfiltration of captured payment card data [6]. While not yet in
common use, removing the electronic signature of Bluetooth
communication makes such skimmers invisible to Bluetooth-
reliant detection applications, such as UCSD’s Bluetana.
Meanwhile, the detection of skimmers using Bluetooth that do not
respond to inquiry messages, such as the RN-42 skimmer we
analyzed, remains a challenge. Future researchers could seek to
develop a means of locating such devices. Note that work in this
area forms a specialized case of the more general problem
discussed in [10]. Another potential area of study would be the
development of additional countermeasures to be employed by
fuel station owners and/or pump manufacturers to prevent
skimmer deployment, improve skimmer detection, and create an
unacceptable level of risk for individuals attempting to download
skimmer data.
161
6. ACKNOWLEDGMENTS
Special thanks to Sgt. Sam Peppenella, Cyber Investigations Unit,
Pasco County Sheriff’s Office, and Senior Special Agent Jeffrey
Katon, Tampa Bay Electronic Crimes Task Force, US Secret
Service, for their continued support of this research.
7. REFERENCES
[1] Federal Trade Commission. (2019, February). Consumer
sentinel network data book 2018. Washington, DC: FTC.
https://www.ftc.gov/system/files/documents/reports/consume
r-sentinel-network-data-book-
2018/consumer_sentinel_network_data_book_2018_0.pdf
[2] Lamberger, I., Dobovsek, B., & Slak, B. (2012). Some
dilemmas regarding payment card related crimes.
Varstvoslovje, 14(2), 191-204.
http://www.ezproxy.dsu.edu:2048/login?url=https://www.ezp
roxy.dsu.edu:2085/docview/1347615860?accountid=27073
[3] South, M. (2016, May 4). Can’t hack a hacker: reverse
engineering a discovered ATM skimmer. TrustFoundry
Blog. https://trustfoundry.net/reverse-engineering-a-
discovered-atm-skimmer/
[4] National Association of Convenience Stores (NACS). (2018,
July 5). Gas pump skimming on the rise. NACS News.
https://www.convenience.org/Media/Daily/2018/Jul/5/ND07
05181_Gas-Pump-Skimming-on-the-Rise_RiskManage
[5] Federal Trade Commission (FTC). (2018, August 7). Watch
out for card skimming at the gas pump. FTC Consumer
Information Blog.
https://www.consumer.ftc.gov/blog/2018/08/watch-out-card-
skimming-gas-pump
[6] Roustan, W. (2018, April 11). Credit card skimmers at
Florida gas pumps are becoming harder to stop. South
Florida Sun-Sentinel. https://www.sun-
sentinel.com/news/transportation/fl-reg-gas-pump-skimmers-
20180411-story.html
[7] Katon, J. (2019, October 24). Personal communication of
Mr. Begian with Senior Special Agent Jeffrey Katon from
Tampa Bay Electronic Crimes Task Force at the US Secret
Service.
[8] Bhaskar, N., Bland, M., Levchenko, K., & Schulman, A.
(2019). Please pay inside: evaluating Bluetooth-based
detection of gas pump skimmers. Proceedings of the 28th
USENIX Conference on Security Symposium (SEC'19), Santa
Clara, CA, 373-388. Berkeley, CA: USENIX Association.
http://dl.acm.org/citation.cfm?id=3361365
[9] Scaife, N., Bowers, J., Peeters, C., Hernandez, G., Sherman,
I. N., Traynor, P., & Anthony, L. (2019). Kiss from a rogue:
evaluating detectability of pay-at -the-pump card skimmers.
Proceedings of the 40th IEEE Symposium on Security and
Privacy (SP’19), San Francisco, CA, 1000-1014.
https://doi.org/10.1109/SP.2019.00077
[10] Cross, D., Hoeckle, J., Lavine, M., Rubin, J., & Snow, K.
(2007). Detecting non-discoverable bluetooth devices.
Proceedings of the International Conference on Critical
Infrastructure Protection (ICCIP 2007), Hanover, NH, 281-
293. https://doi.org/10.1007/978-0-387-75462-8_20
[11] US Secret Service (2019). Skimming Device Forensics (2019
Edition). Washington, DC: US Secret Service.
[12] Meriac, M. (2010). Heart of Darkness – exploring the
uncharted backwaters of HID iCLASS™ security.
 Proceedings of the 27th Chaos Communication Congress NATSO Topics. https://www.natso.com/topics/dispenser-
(CCC), Berlin, Germany. Berlin: Chaos Computer Club. emv-liability-shift-delayed
[13] Microchip. (2006). PIC18F2455/2550/4455/4550 data sheet. [16] Guangzhou HC Information Technology (GHCIT). (2011).
Chandler, AZ: Microchip. HC-05 Product Data Sheet, Rev. 1.01. Guangzhou: GHCIT
https://ww1.microchip.com/downloads/en/devicedoc/39632c. [17] Microchip. (2015). RN42/RN42N Class 2 bluetooth module
pdf with EDR support. Chandler, AZ: Microchip
[14] Micron. (2015). Micron M25P16 serial flash embedded http://ww1.microchip.com/downloads/en/DeviceDoc/500023
memory features. Boise, ID: Micron. 28A.pdf
https://www.digikey.com/en/datasheets/microntechnologyinc [18] Tony, J. (2019, July 3) Gas pump skimmer wanted.
/micron-technology-inc-m25p16 Carding.ug Forum. http://carding.ug/index.php?/topic/9577-
[15] National Association of Truck Stop Operators (NATSO). gas-pump-skimmer-wanted
(2016, December 2). Dispenser EMV liability shift delayed.

162