Gas Thieves foiling station's sat dishes

[turbosat]

In Birmingham, new way for the thieves to steal gas from automated pumps:
Video - NBC13.com

Click on aluminum foil thieves, requires flashplayer. Who'd have thought these pumps work this way?

 

[qwert1515]

That's a bad system, when the credit card machine can't communicate with the satellite system it should save the data for later....

What would happen during a solar outage?

 

[lumpkin666]

What kind of idiot would design a system that allows a person to get free gas just because the satellite feed goes down?

The pump shouldn't authorize until the card has been pre-approved. Any charges that don't get applied after the pumping is complete, due to system outages/etc, should be queued up to complete next time the system is functioning. Any cards that are declined (over limit?) would be subject to the traditional fraud scenario. I can't imagine how/why the software would authorize pumps without having the credit card information saved and pre-approved.

 

[turbosat]

You got that right. I suppose they want to keep the info secret of how these card-reading computer systems actually operate, but it looks like this one has some really big security holes lol.
Maybe the thing just activates if a card is inserted, as long as it isn't a card that is reported stolen/lost. I know the cash register charges usually get run in a batch later, very little of it actually is real-time. You'd think these gas pumps would work that way too. I have read that they just put a "hold" on your bank account for 50=75bucks until the actual charge is run thru.
Question I have is, how did these idiots know? (that it worked that way)

 

[digiblur]

It is probably setup as an "honor" type system. If the satellite link is down it queue's the card number and charges up for later since it can't authorize the card. Once the satellite link is restored it tries to send up the queue and the cards the thieves used were probably refillable type credit cards that were empty. Normal cards would be charged with no issues.

You'd think they'd design the system to use satellite then if the satellite link was down then it would use the phone line.

If you think about you could use the same scenario as mentioned above with the solar outage if you could determine the position of the satellite dish.

 

[lumpkin666]

You'd think if there are no timinig issues involved, it'd be tons easier just to cut the wire coming down the back of the building instead of climing up and covering the dish with foil. Oh well... thieves are not always known to be the brightest of the bunch

 

[KE4EST]

Yeah a lot sure are dumb.

 

[mastermesh]

I hate to post this, but will since it's public info...

I sometimes read 2600 Hacker Mag. You can find it at most Barnes and Nobles and similar places. They publish quarterly. Anyways, there was either a letter or article in the mag several issues back where someone explained how they stole gas for almost a full year. They did it by swiping at the pump and then hitting cancel. Somehow the pump still authorized the gas even though the transaction canceled. I think that article raised a lot of awareness about the issue and most pumps with that problem are now fixed, but I doubt every single one everywhere is. Also, I've read that you should always pay via "credit" not "debit" when you do pay inside since some of the major identity hacks a year or two ago were done by hackers actually hacking the machine in the stores and either wirelessly or via some other means, were able to yank the cc data out of the computers, along with names of the cc owners, etc. Some articles I've read indicate that if you pay via credit instead of debit, your chances of that are less since the computer isn't storing your pin in addition to the cc number, just the cc number...also have read that by paying via credit, you are more insured, but I think that only applies if it's really a cc card and not a visa debit, etc. since debit is really from a bank, not a cc company.