At the end of last week, four individuals were arrested by French police in Essonne, reports Le Parisien. Investigators from the payment fraud squad (BFMP) of the judicial police discovered that the quartet had stolen the bank details of customers at a gas station in Val-de-Marne.
To achieve their goals, the scammers used a shimmer. This is a small device capable of intercepting information transmitted between a consumer's bank card and a payment terminal. The device was discreetly placed on the terminal, without anyone's knowledge. Very thin, the shimmer is installed insidethe card reader slot. This makes it completely invisible. The victim doesn't realize anything is amiss when paying at the pump.
Counterfeit Cards in Spain
Using this device, the criminals sucked up data from the gas station customers' cards in real time. This included the card number engraved on the chip, the expiration date, and the PIN code. The card information was then sent to other members of the criminal network located in Spain. With the stolen data, they created counterfeit bank cards. They quickly made withdrawals from ATMs in Barcelona and Madrid, directly from the victims' accounts.
Law enforcement was able to track down the four Romanian fraudsters through a series of surveillance operations. After arresting the suspects, they carried out searches that resulted in the discovery of their hacking equipment and €9,000 in cash.
Were other gas stations affected?
The public prosecutor believes it is possible that other gas stations were compromised by the gang. The criminals, "roving, installed shimming devices on bank card readers, particularly in gas pumps," the ministry said. Authorities continue toverify whether other stations or ATMswere targeted by this roving team.It is also currently unknown how many people lost money due to a shimmer installed by the four thieves. According to the Payment Methods Security Observatory, "shimming" caused a financial loss of €36,000 in France in 2023, compared to €50,000 in 2022.
To avoid falling into the trap of a pump scam, choose contactless payment. Shimming intercepts data directly on the chip of a card inserted into a reader. By paying with contactless payment, you prevent your card from interacting with the pirate device.
Also get into the habit of monitoring your accounts. In the event of an unknown transaction, contact your bank immediately. Banks are required to reimburse any victim of a fraudulent direct debit within 24 hours. The Monetary and Financial Code states that this right only applies if the fraud was reported within 12 months. If you let too much time pass, the bank will therefore not be obliged to reimburse you. It is therefore crucial to regularly monitor your accounts and promptly report any anomalies.
Source: Le Parisien
0 Comments