CHICAGO —A new app is helping regulators find more skimming devices inside gas pumps without having to crack open the dispenser.
Bluetooth-enabled skimmers are connected to the keypad and the magnetic stripe reader inside the gas pump, which enables them to collect card, ZIP code and PIN data. The devices can cost $20 or less to manufacture but can steal more than $4,000 per day from each gas pump, depending on how frequently the pump is used.
Developed by computer scientists with University of California San Diego and the University of Illinois, the new Bluetana app uses an algorithm to distinguish Bluetooth-enabled skimmers from legitimate devices. To design the algorithm, researchers analyzed scans of Bluetooth devices taken by fuel-pump inspectors at more than 1,100 gas stations in six states.
“Bluetana extracts more meaningful data from the Bluetooth protocol, such as signal strength, than existing skimmer detection applications,” said Maxwell Bland, a doctorate student in computer science at UC San Diego and a co-author of a study on the new app. “In a few cases, our app was able to find devices missed by visual inspection.”
Bluetana takes an average of three seconds to detect a skimmer. This compares to the 30 minutes it takes to find a skimmer through a manual inspection. In one year, Bluetana has helped inspectors find and recover 42 Bluetooth-enabled skimmers in three states.
“We were surprised that there were so many skimmers in the field that had not been discovered by other detection methods such as regular manual inspections,” said Aaron Schulman, assistant professor in computer science at UC San Diego. “We even found two skimmers that were installed in gas pumps and had evaded detection for six months.”
Bluetana has also shown to be more accurate than similar apps at finding skimmers with a lower false-positive rate. “Bluetooth technology used in these skimmers are also used for legitimate products commonly seen at and near gas stations such as speed-limit signs, weather sensors and fleet tracking systems,” said Nishant Bhaskar, a doctorate student in computer science at UC San Diego and first author of the study. “These products can be mistaken for skimmers by existing detection apps.”
The researchers developed Bluetana with technical assistance from the U.S. Secret Service. Agencies in several states are using the app, which is not available to the public.