Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
Share on:

What is Credit Card Skimming and How to Protect Yourself?

credit card skimming
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

Credit card skimming is a fraudulent act where a skimmer fits a small device on a real card reader to capture your credit card information. These devices sit flush with the machine and are not easy to spot unless you proactively examine the machine. If you aren’t familiar with credit card skimming is and how to protect yourself, now is a good time to learn.

The U.S. has the highest number of credit card fraud cases of any country. In 2018, 38.6% of all card fraud cases were from the U.S., which translates to a massive $9.46 billion in illegal transactions. As recently as January 2021, Adrian Fichidiu, a Romanian individual, was sentenced to five years in prison for installing skimming devices on ATMs. Adrian’s adventure cost 1,000 bank customers about $1.5 million.

How Does Credit Card Skimming Work?

A skimming device reads your credit or debit card’s magnetic stripe (aka a “magstripe”) when you insert it into a compromised machine. The device stores the cardholder’s name, card number, and expiration date. It keeps harvesting the data from all the cards that account holders insert into the reader until the skimmer collects it.

After a while, the skimmer will stop by the compromised machine to collect the stolen data. The skimmer may use the data to clone cards or commit a card-not-present fraud. If you used a debit card, the skimmer would have an extra loose end to take care of—your PIN. The skimmer needs your PIN to access the account.

Skimmers steal PINs with a camera. The card reader itself may have a camera. Some skimmers, though, mount a camera on the machine or the ceiling. If a skimmer is particularly audacious, they may even install a fake keypad onto the machine’s pad to directly capture the PIN, eliminating the need for a camera.

atm keypad

How to Spot a Credit Card Skimming Device?

Credit card skimming devices aren’t easily identifiable and often look very similar to a regular card reader. However, you can spot one if you carefully examine the machine before use.

When you’re about to use a machine, check the area for cameras that skimmers may have installed to capture your PIN. Even if you don’t spot a camera, it never hurts to cover the pad as you enter your PIN.

A skimming device’s color scheme may differ from the rest of the machine. If it seems too odd to look at, be skeptical. A damaged panel or a broken security seal is another telltale sign of tampering. While you’re at it, wiggle the card reader and keypad to see if they are loosely fitted. A skimming device needs to be detached for collecting information and will feel loose when wiggled.

How to Protect Yourself from Credit Card Skimmers?

You can guard yourself against skimmers with a few easy steps. Whenever you’re about to use your card at a point of sale, take the following precautions to ensure your credit card’s safety.

Use NFC or supervised ATMs

Whenever you can, use NFC (i.e., tap and pay) to make a payment. The use of payment apps like Android Pay instead of using a physical card eliminates the possibility of skimming. If you must use an ATM, use one that a clerk supervises. Fraudsters are less likely to tamper with supervised ATMs compared to unsupervised gas station ATMs.

Don’t leave your card alone

card reader

Don’t let anybody take your card and walk away. Keep the card under your watch at all times. Restaurants now use pay-at-the-table technology. You don’t need to hand over your card’s custody to a stranger. The staff brings a card reader to your table so you can swipe the card yourself.

Use credit cards with a chip

A debit card could become a gateway to your savings and checking accounts. So, use a credit card instead of a debit card whenever possible. A chip adds another layer of security to the credit card and makes it difficult for skimmers to collect your data. If your card information still gets stolen, the thief will only be able to use that specific account for unauthorized transactions.

Alternatively, use a modern bank card like Revolut that offers more flexible ways to enable or disable shopping based on location, online, real-time notification, and a lot more.

Stay vigilant

Set up email and text notifications for transactions. You should receive a notification stating the amount and the name of the recipient each time you transact using your credit card. This way, if there’s an unauthorized transaction, you can be quick to act on it.

Instead of directly scanning the credit card bill for the minimum amount due, audit all transactions carefully. If you spot any unauthorized charges, inform the card’s issuer right away so they can block your card.

Shimming is the New Skimming

In an era where magnetic stripes were the norm, skimming was a fraudster’s weapon of choice. The introduction of chip-enabled cards made skimming difficult, but the thieves were quick to evolve. Shimming is more or less the same as skimming, except that instead of reading the card’s magnetic stripe, a shimming device reads the card’s chip.

Credit card shimming requires using a device called a “shim” that is fitted inside the machine’s reader. Shims are relatively smaller and tougher to detect than skimming devices. A lot of the same strategies used to protect yourself against skimming can help you stay clear of shimming, too.

The shims aren’t on the outside of the reader, though. You can’t wiggle them to see if they feel lose since they’re fitted inside the reader. When you insert your card in a shim-fitted machine, you’ll feel some resistance. If you’re unsure of the ATM’s safety at this point, use a different ATM.

The scammer can’t clone a chip-enabled card based on the data collected by the shim. However, they can create a magstripe-only card using this data. Many merchants still accept cards with a magnetic stripe, so there is a risk of theft even with a chip-enabled card.

The Price of Safety is Eternal Vigilance

Thieves will always be out to get your money. It behooves you to vigilantly protect your money against those who conspire to steal it. Granted, it requires some time and effort to go on the defensive. However, in the long run, you’ll save a lot of time, effort, and money.

Thanks to our Sponsors
More great readings on Security
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Semrush is an all-in-one digital marketing solution with more than 50 tools in SEO, social media, and content marketing.
    Try Semrush
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder