I would also agree that if this elaborate of a setup was created, I find it highly unlikely there would not be some type of localized storage on the device. It seems foolish for there not to be one.

It seems interesting that the police investigating this have not used an opportunity to go “fishing for the theives” by taking out one of these devices and setting up one that is still transmitting, just bogus data. I’m not a bluetooth expert, but there is a pairing process that happens, I would think that they could at least see if the device was paired (and when) and glean some information that way.

This sounds like too much effort, expense and project management skills for a common criminal, this is likely a small group, probably with someone inside one of the companies that make, deliver or service the pumps.

What is scarey is that this technology can translate to other card readers and if the perpetrators add local storage, the problem is even harder to uncover as they could drive up once a week purchase gas and download the data. If they managed to get access to other POS terminals this could be a bigger problem, just walk through with a smart phone and collect the data…

The publicly known better surveillance will likely keep this technology from ATM’s and cash drawer termnals, but who knows with criminals?

The technological answer is to put a specrum analyser at the locations to monitor all wireless signals to see if there is a device translating the data an pushing it to another network.

If I had a C-store, I would have my pumps checked out by a third party to protect my customers, this could be a much bigger problem if it came from the pump distribution chain.