It seems like one could make a bluetooth snooper that looks for people who connect to the skimmer? Then you could catch skimmer users when they download the data.
I'd guess the police don't have the resources/are not interested in this kind of crime. I also doubt it's much of an issue for the gas station itself. The card is skimmed at the gas station, but does that mean the cloned card will be used there?
I mean, sparkfun are great, but they're not pentesters. The fact that the police went to them probably means they didn't have the resources to hire a pentesting firm (or do it internally). I'd also guess they don't have the resources to police these crimes either (which would mean a lot of hanging around at gas stations).
It might be possible to make a small device (maybe using the same Bluetooth module as the skimmer) that listens for someone issuing the command to download the card numbers and then automatically calls the police, no need to have someone monitor it in person. I don't own a car, so I'm not that familiar with gas stations, but I assume most will have security cameras that can get you the perpetrators license plate. That ups the bar for successful skimming to also include fake car papers and will probably deter small-scale criminals.
If they already have security cameras, then they already have everything they need to catch someone installing the device.
This being the case, the criminals have likely either already figured out how to avoid the cameras (or park out of sight). Or the police are not acting on this information because it's not seen as a priority.
As there's only a few pump manufacturer's which means only a few master keys, it would make sense for the fuel station, to check each pump before opening up every day, if not open 24hr, and if they wanted to be more secure, to check all pump's every few hour's, then run back through any CCTV should a device be found. Yes it's more work, but unless there's penalties attached for fuel station's to keep their equipment secure, just like medical centre's need to keep their equipment secure, so repeat prescription's are not modified or other historical record's interfered with which could lead medical expert's down the wrong course of action which could be life threatening, (think removing penicillin warning's) then what hope do you have?
All consumer's can do, is use fuel station's which have good CCTV fitted, and if really unsure, to pay inside.
The companies that manufacturer these card's do so for many businesses, they are a high value target, one's like Oberthur, & Gemalto to name just a few and have global franchises with many. These guy's are under pressure to get card's out to customers for various entities as quickly as possible, so you'll find many card's are similar except in print design, and stamping. As a result hacking these card's due to being globally standard, make's life easier for hacker's as well, so I wouldnt be surprised to see similar technique's like card skimming being used in other outlets that accepted payment's especially where staff are not involved like some McDonald's outlets or vending machine's.
It seem's if you have intelligence, you can live freely or vastly reduced provided you can remain anonymous when old school CCTV and other methods are used to identify you.
Every morning just check each pump. Pretty basic stuff and that would mean easy-to-discover skimmers never sit for > 24 hours. You could then assign liability to undetected skimmers after a window of time.
Open known-clean pump. Take picture of inside. Give picture(s) to worker, tell him to look inside every day and compare to picture(s). If the inside of the machine doesn't look like the picture, call manager, and put "Out of order" sign on machine.
