Skip to main content

Protect your credit card info with the free ‘Skimmer Scanner’ Android app

Gas pump
Dolgachov/123RF
The price we pay for convenience is sometimes vulnerability to unscrupulous people trying to steal valuable financial information. It’s not always an anonymous hacker on the internet, however — the biggest danger may be at your local convenience store. The next time you fill your tank and swipe your card, be aware that there could be a “skimmer” inside the pump, recording and storing your credit card data for later retrieval.

It turns out that it’s ridiculously easy to install a card skimmer at a point of sale terminal. Gas pumps are particularly vulnerable because they’re often unmanned and have a lot of traffic. Luckily, there’s a free Android app called Skimmer Scanner that can alert you if there are any of these devices nearby.

A gas pump skimmer can be installed in less than 30 seconds. It records your credit card data when you fill up, then when the perpetrator returns to the scene of the crime — hours or even days later — they can retrieve all the stolen credit card info remotely with a cell phone or laptop.

Nathan Seidle, CEO of the website SparkFun, has a detailed analysis of how these gas pump skimmers work at his blog. He was contacted by local law enforcement, who provided him with several of the skimmer devices they had found, and asked if he could retrieve the data that they had stored.

Most skimmers use a Bluetooth connection, which can be easily detected. Seidle was amazed at the ineptitude of the criminals who designed the skimmers. “Initially this blew my mind,” he wrote. “If I were to design a bluetooth skimmer I would program the module to NOT broadcast its ID.”

He went on to add, “The soldering of the ribbon (the gray cable that connects to the credit card reader) is horrendously bad indicating the perpetrator has very little experience with soldering and probably zero experience with electronics.” Don’t count on criminal incompetence to protect you, however. “The designers of this skimmer were smart, it’s better to make these devices easy to connect to than to add a layer of security. What’s the worst that could happen? The device is detected and removed from the pump. Meanwhile, 10 more have been deployed for a total cost of $100.”

The Skimmer Scanner app checks for nearby Bluetooth transmissions and alerts you when one is detected. “Many of these devices go undiscovered until they’re removed by the scammers,” Nathan Poole (who designed the app) told ZDNet. “I think what we’ll find as more and more people use the app is that there are more skimmers out there than anyone previously thought.”

Currently, the app is only available for Android and there are no plans for an iPhone version. The code is open-source, however, so feel free to tinker away.

Editors' Recommendations

Mark Austin
Former Digital Trends Contributor
Mark’s first encounter with high-tech was a TRS-80. He spent 20 years working for Nintendo and Xbox as a writer and…
Google is launching a powerful new AI app for your Android phone
Google Gemini app on Android.

Remember Bard, Google’s answer to ChatGPT? Well, it is now officially called Gemini. Also, all those fancy AI features that previously went by the name Duet AI have been folded under the Gemini branding. In case you haven’t been following up all the AI development flood, the name is derived from the multi-modal large language model of the same name.

To go with the renaming efforts, Google has launched a standalone Gemini app on Android. Moreover, the Gemini experience is also being made available to iPhone users within the Google app on iOS. But wait, there’s more.

Read more
If you have one of these apps on your Android phone, delete it immediately
The app drawer on the Google Pixel 8 Pro.

The NSO Group raised security alarms this week, and once again, it’s the devastatingly powerful Pegasus malware that was deployed in Jordan to spy on journalists and activists. While that’s a high-profile case that entailed Apple filing a lawsuit against NSO Group, there’s a whole world of seemingly innocuous Android apps that are harvesting sensitive data from an average person’s phone.
The security experts at ESET have spotted at least 12 Android apps, most of which are disguised as chat apps, that actually plant a Trojan on the phone and then steal details such as call logs and messages, remotely gain control of the camera, and even extract chat details from end-to-end encrypted platforms such as WhatsApp.
The apps in question are YohooTalk, TikTalk, Privee Talk, MeetMe, Nidus, GlowChat, Let’s Chat, Quick Chat, Rafaqat, Chit Chat, Hello Chat, and Wave Chat. Needless to say, if you have any of these apps installed on your devices, delete them immediately.
Notably, six of these apps were available on the Google Play Store, raising the risk stakes as users flock here, putting their faith in the security protocols put in place by Google. A remote access trojan (RAT) named Vajra Spy is at the center of these app's espionage activities.

A chat app doing serious damage

Read more
This app put iMessage on my Android phone — and it blew me away
Launch screen of the Beeper Mini app.

The impossible has happened. Beeper set out to unify chat platforms into a single bundle, but has ended up solving the iMessage-on-Android conundrum in a terrific fashion. In fact, it has even fixed the revolting green/blue bubble problem in one fell swoop.

Say hello to Beeper Mini, an app that puts iMessage on your Android phone and also kills the green bubble for good. And it doesn’t sacrifice functionality either. All that happened without a shady hack, something that Sunbird or Nothing Chats couldn’t pull off.

Read more