In Security Last updated:
Share on:
Jira Software is the #1 project management tool used by agile teams to plan, track, release, and support great software.

Credit card skimming is a fraudulent act where a skimmer fits a small device on a real card reader to capture your credit card information. These devices sit flush with the machine and are not easy to spot unless you proactively examine the machine. If you aren’t familiar with credit card skimming is and how to protect yourself, now is a good time to learn.

The U.S. has the highest number of credit card fraud cases of any country. In 2018, 38.6% of all card fraud cases were from the U.S., which translates to a massive $9.46 billion in illegal transactions. As recently as January 2021, Adrian Fichidiu, a Romanian individual, was sentenced to five years in prison for installing skimming devices on ATMs. Adrian’s adventure cost 1,000 bank customers about $1.5 million.

How Does Credit Card Skimming Work?

A skimming device reads your credit or debit card’s magnetic stripe (aka a “magstripe”) when you insert it into a compromised machine. The device stores the cardholder’s name, card number, and expiration date. It keeps harvesting the data from all the cards that account holders insert into the reader until the skimmer collects it.

After a while, the skimmer will stop by the compromised machine to collect the stolen data. The skimmer may use the data to clone cards or commit a card-not-present fraud. If you used a debit card, the skimmer would have an extra loose end to take care of—your PIN. The skimmer needs your PIN to access the account.

Skimmers steal PINs with a camera. The card reader itself may have a camera. Some skimmers, though, mount a camera on the machine or the ceiling. If a skimmer is particularly audacious, they may even install a fake keypad onto the machine’s pad to directly capture the PIN, eliminating the need for a camera.

atm keypad

How to Spot a Credit Card Skimming Device?

Credit card skimming devices aren’t easily identifiable and often look very similar to a regular card reader. However, you can spot one if you carefully examine the machine before use.

When you’re about to use a machine, check the area for cameras that skimmers may have installed to capture your PIN. Even if you don’t spot a camera, it never hurts to cover the pad as you enter your PIN.

A skimming device’s color scheme may differ from the rest of the machine. If it seems too odd to look at, be skeptical. A damaged panel or a broken security seal is another telltale sign of tampering. While you’re at it, wiggle the card reader and keypad to see if they are loosely fitted. A skimming device needs to be detached for collecting information and will feel loose when wiggled.

How to Protect Yourself from Credit Card Skimmers?

You can guard yourself against skimmers with a few easy steps. Whenever you’re about to use your card at a point of sale, take the following precautions to ensure your credit card’s safety.

Use NFC or supervised ATMs

Whenever you can, use NFC (i.e., tap and pay) to make a payment. The use of payment apps like Android Pay instead of using a physical card eliminates the possibility of skimming. If you must use an ATM, use one that a clerk supervises. Fraudsters are less likely to tamper with supervised ATMs compared to unsupervised gas station ATMs.

Don’t leave your card alone

card reader

Don’t let anybody take your card and walk away. Keep the card under your watch at all times. Restaurants now use pay-at-the-table technology. You don’t need to hand over your card’s custody to a stranger. The staff brings a card reader to your table so you can swipe the card yourself.

Use credit cards with a chip

A debit card could become a gateway to your savings and checking accounts. So, use a credit card instead of a debit card whenever possible. A chip adds another layer of security to the credit card and makes it difficult for skimmers to collect your data. If your card information still gets stolen, the thief will only be able to use that specific account for unauthorized transactions.

Alternatively, use a modern bank card like Revolut that offers more flexible ways to enable or disable shopping based on location, online, real-time notification, and a lot more.

Stay vigilant

Set up email and text notifications for transactions. You should receive a notification stating the amount and the name of the recipient each time you transact using your credit card. This way, if there’s an unauthorized transaction, you can be quick to act on it.

Instead of directly scanning the credit card bill for the minimum amount due, audit all transactions carefully. If you spot any unauthorized charges, inform the card’s issuer right away so they can block your card.

Shimming is the New Skimming

In an era where magnetic stripes were the norm, skimming was a fraudster’s weapon of choice. The introduction of chip-enabled cards made skimming difficult, but the thieves were quick to evolve. Shimming is more or less the same as skimming, except that instead of reading the card’s magnetic stripe, a shimming device reads the card’s chip.

Credit card shimming requires using a device called a “shim” that is fitted inside the machine’s reader. Shims are relatively smaller and tougher to detect than skimming devices. A lot of the same strategies used to protect yourself against skimming can help you stay clear of shimming, too.

The shims aren’t on the outside of the reader, though. You can’t wiggle them to see if they feel lose since they’re fitted inside the reader. When you insert your card in a shim-fitted machine, you’ll feel some resistance. If you’re unsure of the ATM’s safety at this point, use a different ATM.

The scammer can’t clone a chip-enabled card based on the data collected by the shim. However, they can create a magstripe-only card using this data. Many merchants still accept cards with a magnetic stripe, so there is a risk of theft even with a chip-enabled card.

The Price of Safety is Eternal Vigilance

Thieves will always be out to get your money. It behooves you to vigilantly protect your money against those who conspire to steal it. Granted, it requires some time and effort to go on the defensive. However, in the long run, you’ll save a lot of time, effort, and money.

Share on:
  • Arjun Ruparelia
    Arjun has worked as an equity research analyst, and he covers personal finance and bitcoin topics.

Thanks to our Sponsors

More great readings on Security

Power Your Business

Some of the tools and services to help your business grow.
  • The text-to-speech tool that uses AI to generate realistic human-like voices.

    Try Murf AI
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.

    Try Brightdata
  • is an all-in-one work OS to help you manage projects, tasks, work, sales, CRM, operations, workflows, and more.

    Try Monday
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.

    Try Intruder