Assuming it’s one person with the dongle responsible for all 3-4 instances of this - it would be pretty easy for AA to figure out who’s doing it if this is the case, just check if there’s a common passenger on every flight where the issue was reported

That, or a particular employee—maintenance or grounds crew—who serviced those planes.

Seems like whoever's doing this knows those systems unusually well, given that their own personnel don't know how it's done.

Really good point there - the overlap of multiple people on all those flights would be very unlikely.

What's it jacked into, though? There are some amazingly flat card skimmers out there these days, and even cameras to place on ATMs that are disguised as panels. It could be something with a 1/8" form factor that just looks like part of the interior of the bin. For that matter, it could be a whole modified bin installed by a disgruntled employee.

That’s what I’m thinking too. If there are ports in the bins it would be easy to do some test runs just getting something out of your bag.

Or just program them to not do anything until an hour into the next flight.

But then it gets found

Or… Nevermind, I’m not here to help people with this kind of thing!