You’ve probably seen the headlines:

While some news reports can sound alarmist, consumer anxiety over card skimmers isn’t unfounded. Skimming devices were once large, expensive, and unreliable; today they are cheap to buy and easy for attackers to install. Moreover, modern skimming devices are efficient at gathering credit card information, and they can stay on a pump’s card reader undetected for days or weeks at a time.

As concerns over credit card skimmers rise, gas stations are looking for better ways to detect the scam and customers would like to start taking matters into their own hands.

Thankfully, a free new phone app just might help.

Skimmer Scanner App

The application is called Skimmer Scanner and it was released for Android devices beginning in September 2017. Gas station employees (or concerned customers) can download it on their smart phone for free and use it to detect whether a skimmer is present at the pump.

The way the app works is by scanning for Bluetooth-enabled HC-05 skimmers, currently the most popular skimmer used by attackers. The app scans for Bluetooth signals and will connect to a skimmer using the skimmer’s default ‘1234’ password. Once connected, the app will send the letter “P” to the device, and if the device responds with the letter “M” a warning is sent to the phone indicating that a skimmer is very likely within 5-15 foot range of the phone’s Bluetooth signal. If the application detects a skimmer, users should alert the gas station attendant and use a different pump or station.

SecureState visited several gas stations and pumps to test the Skimmer Scanner app. While no skimmers were identified, the app did indicate the presence of multiple Bluetooth devices in the area (likely surrounding cars and phones). According to SecureState’s research there have been no false positives recognized by the application so far. And while SecureState was unable to verify the application’s ability to detect skimmers, the correct functionality appears to be in place.

Additional Security Measures

The Skimmer Scanner app may be a useful tool to help gas stations and customers detect skimmers, but it should not be the only one.

Gas station employees may find the app provides an additional method of checking for skimmers without needing to open the pump. Attendants could potentially incorporate it into regular rounds, so long as this method does not replace the usual hands-on inspection.

For customers, the app is a user-friendly way to double check for skimmers before fueling up. Together with the red tamper seal sticker, the app could provide the peace of mind that comes with due diligence, even if it does not 100% guarantee a skimmer is not present.

Over time, skimmers technology will adapt to avoid this form of detection either by adjusting Bluetooth settings or changing the default 1234 password, undermining the usefulness of the app. But for now, everyone will need to remain vigilant, and this free Skimmer Scanner app is not a bad place to start.