Credit Card Skimming: What You Need to Know

With all the discussion around cybercrime and phishing attacks, we know that pesky Nigerian princes or long-lost millionaire relatives are out to steal our money. We probably don’t suspect the ATM at the convenience store down the street. Unfortunately, ATMs and points of sale aren’t always safe, as more and more thieves are using credit card skimmers to steal credit card information.

 What is a credit card skimmer?

A credit card skimmer is a fraudulent device attached to a real payment terminal that is designed to steal the data stored on your credit or debit card. These devices are made to look like the rest of the terminal, so they’re often extremely difficult to detect.
For example, take a quick look at this ATM.
Credit card fraud
See anything wrong? Me neither.
Credit card fraud
How about now? Suddenly, in the left-hand image it’s clear that thieves have installed a credit card skimmer. But would you have noticed it without a side-by-side comparison? Maybe not, and that’s what these criminals are counting on.

How does credit card skimming work?

Thieves install the skimming device overtop or within card swipe or card slot mechanisms on ATMs, gas stations and other points of purchase. When a card is swiped through the skimmer, it reads the information off the card’s magnetic stripe and typically stores it until the thief returns to retrieve the device. If the transaction requires a PIN number, the thief may also use a hidden pinhole camera or even a fake keypad to steal your PIN number.
Once the thief has your information, they can create a counterfeit card to use for physical purchases, make transactions online or sell the information. Around 37% of credit card fraud in the U.S. is related to counterfeit cards.
Chip-based cards, also known as EMV cards improve security, but they’re not a guarantee against credit card theft. Older cards simply store static data on a magnetic strip that is read when you swipe the card. EMV cards generate a unique transaction code every time you use them. That means that even if a criminal had the code, it wouldn’t work a second time.
Unfortunately, there are still ways to get around chip technology. First, even chip cards still have a magnetic strip to be back-compatible with older systems. Second, criminals are constantly developing more sophisticated technology to read the data directly off the chip. While EMV technology might stop them from cloning a chip-based card, online transactions or any points of sale without chip readers (like gas stations and many ATMs) are still fair game.

advanced skimming attacks targeting chip-based credit and debit cards
These ultra-thin “shimmers” are advanced skimming attacks targeting chip-based credit and debit cards. Shimmers are inserted into ATM card slots and read the data off the chip as the transaction occurs.   Source: Krebs on Security

What does a credit card skimmer look like?

Skimmers come in a variety of shapes, but a good one looks exactly like the terminal to which it is attached. The best skimmers are so well hidden that they don’t interfere at all with the transaction, so victims of skimming attacks aren’t ever aware that their information was stolen.

credit card scams
Notice the tiny pinhole camera on the underside of the capture device. Source: Krebs on Security
self-checkouts credit scam
Look out for sneaky skimmers like this one at self-checkouts. Source: Krebs on Security

This video shows an example of a skimmer in an ATM. The credit card still works, and the thief can remove the skimmer in just a few seconds.

But this can’t happen to me… right?

Sure, if you lose your wallet or your purse, you worry about your credit cards getting stolen, but are you really going to be the victim of a skimming attack?
There’s no doubt that credit card and debit card fraud are a huge problem, costing the world $21.84 billion as of 2015. A study of ATMS specifically suggested that 33% of all fraud incidents and 98% of all losses were linked to skimming crime.
Look around your local community, and the evidence is rampant: a group skimming ATMs in York, a Lancaster man serving time for skimming, a skimming device discovered at a gas station in Morgantown… the list goes on. The point is: yes, this could happen to you, so you need to be vigilant.

How do I protect myself from credit card skimming?

Be Alert for Tampering

Skimmers are hard to detect, but not impossible. Look for anything that is misaligned, different colors or materials, or lighting that doesn’t work. If possible, compare it to other terminals to look for differences. Be suspicious also if they keys don’t work well or your card isn’t fitting or swiping easily. If you notice anything strange, don’t use it, and report the issue immediately.

Cover the PIN pad while you use it

Again, criminals often use a hidden camera to capture your pin number. Always assume someone is watching and shield the keypad to avoid this.

Avoid isolated locations

Thieves often target standalone ATMS, gas stations or retail self-check outs, because skimmers are easier to install there without being caught. Stick to ATMs within the bank lobby, and well-lit, attended gas stations. Be especially cautious with using ATMS on the weekends too. That’s prime time for skimming attacks, because the bank is closed.

Use cash

Many people have gotten so used to paying with plastic, they don’t carry much cash. But a skimmer can’t steal that old paper currency, so consider cash if you ever come across a suspicious terminal.

Watch your bank statements

Remember that skimming attacks can often steal your credit card information without you ever knowing. So be sure to check your bank statements regularly for unauthorized charges or withdrawals and report any issues to your bank immediately.

Are you focused on security?

It seems like every day, thieves come up with a new way to go after our money, data and information. Whether the attack comes from a physical payment terminal or a cyber attack, you need to be aware and prepared.
Are you security-minded? We are! Let’s talk about how you can secure your data today!