Most people are used to using a credit card to get gas at the pump, but some gadgets found inside card readers in the Twin Cities were linked to a nationwide fraud scheme to swipe millions from swipers.
"Basically, what they did was take a little more than $3,000 out of my account," said victim Dave Gruenberg.
The cunning scheme affected many clueless consumers -- and may have gone undetected if the thieves had gone the speed limit in Plymouth, Minn. What started out as an ordinary traffic stop for an SUV that sped past a cop car quickly morphed into a massive, cross-country fraud investigation.
Californians Sarkis Mkhsyan and his wife, Gohar Yes-Sayan, told the officer who stopped them that they came to Minnesota to visit the Mall of America, but investigators say they were actually shopping around for places to pilfer other peoples' money.
Police found credit cards stashed away and handwritten notes containing the names and addresses of 100 gas stations in the Twin Cities. Detectives also found a computer with a list of names and 16-digit numbers next to them on the hard drive.
Detective Dareen McGann, with the Plymouth Police Department, told the FOX 9 Investigators about 900 accounts were compromised. One of those accounts belonged to Carole Cranbrook.
"Here's my bill," Cranbrook recalled. "Suddenly, it was almost $1,000 more."
As McGann started connecting the dots, a clear pattern began to emerge. All the cards in question had been used at gas stations. Then, McGann found what he was looking for locked inside a pump.
"The device pretty much uses the same components as what is in a gas pump," McGann explained.
The skimmer gadget is used to surreptitiously swipe and store bank card data, and don't leave any signs behind.
"You have no way of detecting these devices unless you physically open up the pumps and look," McGann said.
Plymouth police discovered six skimmer devices hidden inside the pumps at one gas station alone. One of the gadgets also contained DNA that matched Mkhsyan.
McGann admits that pump security is a problem, partially because there are only two companies that make gas pumps -- and both have one universal key that can unlock any of them. Investigators say Mkhsyan and his wife got their hands on one and started breaking in under the cover of darkness.
The couple is accused of installing skimmers that had Bluetooth capabilities so they could download the credit and debit card data from the pumps remotely.
Both Mkhsyan and his wife are now in prison, but investigators say there are still others out there who are running the same scheme. Roseville police recently discovered a couple of pump skimmers there and extracted about 2,000 credit card numbers and names.
Dave Johnson owns one of the gas stations that got stung by skimmers.
"It is like having your home burglarized," he said. "It is not a good feeling."
Since he found out, he has re-keyed the pumps and put these security seals on them. If one's been tampered with, both he and his customers will know by looking at the tape. As word gets out, more stations are changing their pump locks -- but it doesn't come cheap. It costs about $450 to re-key 8 pumps.
On pumps that don't offer the same sort of security, detectives say consumers can try to protect themselves by avoiding the farthest pump from the station, since those are most commonly hit.
The discovery also makes one wonder if other machines that accept plastic are being compromised too.
"It happened within almost 10 or 11 days within me using the card at the meter," said Tom Childs.
After Childs paid to park, someone was able to steal his check card number and ring up charges worldwide.
"I so seldom use the card that I don't know where else they could have gotten that information," he said.
Childs told the FOX 9 Investigators he had only used the card twice this year -- first at a gun store and then two weeks later at a Minneapolis parking meter. He suspects the meter.
Yet, officials with the city of Minneapolis say that over 4 million transactions have been conducted at parking meters in the last two and a half years, and they haven't had anyone else call with a concern about skimmers at the meters.
Minneapolis officials say their machines need a special key to open, so it would be tricky to plant a skimmer inside. Also, the transaction data is encrypted before it sent through a wireless network.