Electronic skimming by thieves at grocery store check-outs probed
Police in several Connecticut towns are investigating a type of veiled thievery that has surged across the nation.
Most recently, electronic skimming devices used to filch credit and debit card information were planted on self cash-out stations at Big Y supermarkets in Plainville and Naugatuck. Police in both towns said they were investigating and sharing information.
“Generally, these are not one-time incidents,” Plainville police Captain Nicholas Mullins said. “I would say (the Plainville skimmer) is likely related to others in the state and maybe even outside the state.”
FICO, the credit score and data analytics company, reported a 96 percent increase in compromised debit cards due to skimming from 2022-23, with 315,000 cards and 3,500 unique financial institutions affected. Most targeted devices were non-bank ATMS, including free-standing machines at convenience stores, but the number of affected bank ATMs was up 90 percent from the previous year, FICO Vice President Debbie Cobb wrote in March.
“This growth trend is a continuation from what we saw in 2022 and represents a significant threat for both banks and consumers,” Cobb wrote. “Unfortunately, the trend shows no sign of slowing down.”
With a 39 percent increase in the average number of cards compromised for each event (nearly 200 per event in 2023), card users, Cobb wrote, “should carefully assess the situation when using any ATM, point of sale terminal or other location where a card skimmer could be lurking.”
Skimming costs banks and consumers about $1 billion each year, according to the FBI. Thieves plant small electronic devices that read card information, often along with tiny cameras that capture a customer’s key strokes while entering a PIN. Crooks use the data, which can be wirelessly transferred, to create cloned cards and make unauthorized purchases and to pilfer victims’ accounts.
At the Plainville Big Y, Mullins said the skimmer was disguised with a plastic device that fit over the card slot. Store personnel inspected the machine the morning of June 29, but only found the device after re-inspecting the station at about 7 p.m., he said. Naugatuck police were notified the same day after personnel at the Big Y there found a device on a self check-out register, police spokesperson Det. Shelby Johnson said. Both Johnson and Mullins said police had not received any victims’ complaints.
In May, a skimming device was found at at a Wilton grocery store self check-out terminal. A cashier at Village Market was purposely distracted while a thief planted a keypad cover veiling the skimming device, police said. That same month, Berlin police reported a skimmer found at a Dollar General store.
Skimming crooks frequently travel to several states, and gas stations are a popular target. Fuel pump skimmers typically are attached to internal wiring and are not visible.
Last year, a Florida man was sentenced to five years in prison for his role in stealing thousands of credit and debit account numbers from devices planted at gas stations across New England, including one in Willington. Federal authorities say Luis Angel Naranjo Rodriguez, who was 32 when he was sentenced in May, had pleaded guilty to wire and bank fraud, identity theft and possession of equipment used to make skimmers.
The planted electronics were programmed to send Naranjo Rodriguez’s mobile phone a text message with stolen account information, authorities said. Card skimming devices linked to his phone were traced to at least 11 different gas stations. From April to November, 2019, Naranjo Rodriguez traveled frequently from Florida to Massachusetts to maintain the network of card skimmers, receiving at least 4,878 text messages containing stolen debit and credit card account numbers, along with card-holders’ names and PINs, federal officials said.
Naranjo Rodriguez transferred account information onto gift cards and other prepaid cards, using the clone cards to make ATM withdrawals, purchase expensive items for resale and to request cash back on debit card transactions, federal authorities said. On Nov. 16, 2019, security cameras in Framingham captured Naranjo Rodriguez using four cloned cards to withdraw money from victims’ bank accounts at ATMs, authorities said.
He was arrested the same night at another Massachusetts gas station while tampering with a fuel pump after the business closed, officials said. In his car, authorities said they found four cloned cards, fuel pump keys, black latex gloves, four card skimming devices and the mobile phone used to gather texts with the stolen credit and debit card account numbers.
From mid-November to January, more than a dozen instances of skimming devices were uncovered at supermarkets in Massachusetts and New Hampshire. In many cases, the devices were found on self-service checkouts. Last April, North Haven police arrested a pair of New York State men on charges of planting skimming devices on ATMs at several local banks. In 2022, a Romanian citizen pleaded guilty to conspiracy to commit bank fraud for his role in nearly three dozen skimming incidents at banks around Connecticut and was sentenced to 21 months in prison.
Municipal police, the FBI and other experts on skimming thefts offer advice to consumers on protecting their bank and credit card information:
— If possible, use tap-to-pay with enabled cards and checkout terminals. This so-called “contact-less” method, which uses a one-time code, is much more secure than swiping a card’s magnetic strip or inserting a card into a chip-reader. Swiping is the least secure method, experts say.
— Examine keypads for inconsistencies in color, material or shape. Skimming thieves sometimes use keypad overlays to record PIN numbers. Also, tug on the card reading slot. Sometimes thieves attach skimming device covers with double-sided tape and they will come off with a pull.
— Cover the keypad with one hand while entering a PIN to thwart hidden cameras.
— When pumping gas, choose a pump that is closer to the store and in direct view of the attendant, as these are less likely targets for skimmers. Also, check pump cabinets for broken tape seals, which could mean a skimming device was planted.
— Monitor accounts to promptly identify unauthorized transactions. If possible, set email or text-message alerts for card or account transactions.
A Big Y spokesperson has said the store will notify any customers whose information was compromised, but also advised customers to check their bank and credit card statements for any fraudulent activity. Any customers with questions for Big Y may call 800-828-2688 between 8 a.m. and 4:30 p.m.
Comment threads are monitored for 48 hours after publication and then closed.