As co-director of the Florida Institute for Cybersecurity, Patrick Traynor has a mission to help businesses, industries and consumers protect their assets and privacy, and to provide security for unauthorized use of data.
Even as an expert in cybersecurity, Traynor has been a victim of credit card fraud. That is what drew him to this area of research and why he has been so relentless in developing real world solutions like the appropriately named the “Skim Reaper.” The Skim Reaper is a device that slides into card reader slots and can easily determine if an ATM or gas pump has credit card skimming gadget installed.
“While we have lots of new digital ways to make payments, nothing is as ubiquitous as credit cards. Unsurprisingly, it’s also not uncommon to have your credit card numbers stolen,” said Traynor, the John and Mary Lou Dasburg Preeminent Chair in Engineering. “Even as an information technology expert, this has happened to me repeatedly. I could not think of a more challenging problem, and one that impacts just about every consumer and business than this one.”
Credit card skimming is a type of theft where criminals use a small device to steal credit card information when a credit or debit card is swiped, typically unbeknownst to the merchant or retailer. The information is used to make fraudulent charges or to make a counterfeit card.
According to creditcard.com, approximately 37 percent of all credit card fraud is due to skimming. Experts have also noted an increase in gas pump skimmers. In 2018, it is projected that skimmers in Florida will be found in 1,000 gas pumps, up from more than 650 pumps last year.
The credit card industry’s change from old magnetic stripes to new computer chip technology was developed to further secure cards from fraud and theft. However, gas pumps received a three-year extension on this transition, meaning fuel pumps will be susceptible to credit card skimming. The Identity Theft Resource Center projects that gas station will be one of the last fertile grounds for credit card skimming theft.
To develop the Skim Reaper technology, Traynor and team studied several types of the fraudulent device and even built their own.
“We spent a lot of time learning about the fundamentals of magnetic stripe readers. We wanted to know everything about them—every form they come in and, most importantly, what physical properties were fundamental to their operation. We purchased many kinds of card readers and even made a few of our own,” Traynor said.
“Our hope is that we can make the Skim Reaper available to businesses, regulators and consumers in the next six months,” Traynor said. “There’s nothing better than having impact from your research.”
The Skim Reaper team is currently in the process of identifying a partner to assist with manufacturing and distribution. Their hope is that they can make the Skim Reaper available to businesses, regulators and consumers in the next six months.
Beyond Skim Reaper, Traynor’s team is also working on a new technology to combat ransomware in computers and other forms of technology. Ransomware are malicious programs that encrypt consumer data and then demand thousands of dollars before returning it back.
“CryptoDrop comes from the same line of thinking as the Skim Reaper. We are trying to understand how ransomware fundamentally locks up your data,” Traynor said. “If we can understand that, we can make solutions that are effective and efficient.”
CryptoDrop is different than traditional anti-virus programs because it monitors business or consumer data instead of trying to guess which programs contain ransomware. The program watches a computer’s data. When a program regularly changes files into an unreadable mess, CryptoDrop locks it out of the system, Traynor said.
“Many of the biggest targets of ransomware (police departments, large corporations, major metropolitan areas) were running traditional anti-virus tools and still had their files encrypted. Something has to change,” Traynor said. “Because our approach is so different, it means that we are not only extremely effective, but we also do not slow down your computer like so many other anti-malware programs.”
The CryptoDrop software was independently validated by AV-Test, “the gold standard for independent software testing” and presented at a top national academic conference. Their approach has been publicly vetted, has never failed to detect ransomware, and is used by customers on almost every continent.
“Technology has the power to transform the world, enabling everything from financial inclusion to improved medical outcomes. Losing trust in increasingly powerful systems will delay real progress,” Traynor said. “That’s why security and privacy are so central. In our rush to invent a better world, it is critical that we ensure that bad actors cannot use those same tools to force people to regress.”
By Tracy Wright