What is Credit Card Skimming and How Does it Work?
Table of Contents
- By David Lukic
- Nov 09, 2020
You may or may not know what credit card skimming is and how it works, but you should. Credit card skimming is when thieves install skimming devices on ATMs or gas pumps that grab your credit or debit card information as you swipe. More than $1 billion is lost to credit card skimmers each year.
How Does Card Skimming Work?
Card skimming devices can be very sophisticated, so you don’t even notice, but they can grab your full debit/credit card number along with PINs and take over your bank account before you know what hit you. First, thieves install card skimmer over the real ones that harvest and save your information. Then they use cameras, or 3-D printed keyboards (overlaying the real keyboard) to record your PINs, and that’s all they need to start spending.
Most U.S. credit card skimming devices target the magnetic strip on the back of the card. Even cards with a chip also have the magnetic strip as a backup. In Europe, however, they have made the full transition, but criminals have kept up and focused on EMV cards and chips. Thankfully, most American criminals haven’t stepped up their technology game just yet. However, another version of card skimmers is called shimmers, and they can steal credit card data from chip readers. These are far less common than traditional skimmers, though.
In some cases, malware or other software is installed onto the card reader or gas pump. Malware on card readers is how the Target and Home Depot data breaches occurred, capturing millions of users’ credit cards.
How to Avoid Credit Card Skimmer
When approaching an ATM before using it, look for loose parts or signs of tampering. Pay close attention to the card reader area. Does it look too big, out-of-place or discolored? Is the keyboard too thick? Look for tiny cameras or anything that seems odd near the ATM. If anything seems out of place or doesn’t match, don’t use the machine. Report it to the bank and walk away.
When entering your PIN either at the gas pump or an ATM, assume someone is watching even if you don’t see anyone around. Always cover your hand when entering your code.
Be extra cautious of using ATMs that are in isolated areas that might be perfect spots for the criminals to set up shop. They are less likely to be able to install skimming device on ATMs and gas pumps in highly trafficked areas. Non-bank ATMs are the most vulnerable to card skimmers. Stay away from ATMs at grocery or convenience stores that are way back in a corner.
At the gas pump, make sure the dispenser door hasn’t been opened. Bandits need to insert the reader inside there. If it won’t close properly or looks like it has been opened, use another pump. Always wiggle the card reader, if it jiggles and isn’t secure, it may have been fooled with. Pay inside just to be safe.
Android introduced an app that turns your phone into a Skimmer Scanner. It tests using a Bluetooth connection before you insert your card to ensure there is not a skimmer within range.
Some more sophisticated skimming gadgets allow the bad guys to sit in their car (up to 100 feet away) and hack your credit card number from there. This crime is called bluesnarfing because it uses Bluetooth technology.
Statistics show that credit card skimming occurs more often on the weekends, and criminals install the devices on Saturday and Sunday and then remove them full of credit card data on Monday. If possible, avoid using ATMs and gas pump payment stations on the weekends
If possible, try never to use your magnetic strip and always insert the card into the chip slot instead. Even better, if the merchant allows NSC transactions use Apple Pay, Samsung Pay, or Android Pay instead. These are much more secure payment methods that use virtual credit card numbers that cannot be reused.
What to Do if You Are Victim of Credit Card Skimming
If you used your credit card at an ATM or gas pump, and suddenly you notice fraudulent charges on your account, you may have been a victim of credit card skimming. Take the following steps as soon as possible.
- Cancel the credit or debit card and report the fraud to your bank.
- Contact the location you used (gas pump or bank where the ATM is located).
- Review your monthly statement carefully watching for any unauthorized charges.
- Sign up for credit fraud monitoring with a company like IDStrong.com
- Consider a credit freeze so no one can open up accounts in your name.
- Watch your inbox for any phishing or scam emails.
- Sign up for cards that mask your actual credit card number like Apple Card, or another phone-based payment method.
It is getting more difficult to spot credit card skimmers, so always be on the lookout for anything that looks suspicious and use common sense when snagging money from an unfamiliar ATM or using a gas pump.