What Consumers Need to Know about Skimmers
September 06, 2017 | POSTED BY AARON MOSS IN SECURITY AWARENESS & TRAINING
What are credit card skimmers?
There are many ways thieves can steal your data and money. Credit and debit cards are a particularly hot commodity among criminals, both cyber and beyond. One way that thieves can access your card information is by using a credit card "skimmer." A skimmer is an information stealing device that may be used anywhere you swipe your credit or debit cards, from ATMs to gas station "pay-at-the-pump" pumps, to the Point of Sale terminals at any store.
How does a skimmer work?
All credit and debit cards are built with a magnetic stripe on the back of the card. That magnetic stripe holds in it all the information about the card. Such as:
- Card Number
- Name on Card
- Expiration Date
- CVV Number (3 or 4-digit PIN code, specific to the card)
Skimmers read the information on the magnetic stripe using the same technology that legitimate card readers use. However, in the case of criminal activity, the information read is either stored locally for pickup later, or in most cases, transmitted wirelessly over a cellular network or other wireless means. The harvested credit card data is then used to create new credit cards with the skimmed information. These fake cards are used to buy goods online or sold to other criminals for other uses.
There are several different types of skimmers. However, most fit over the legitimate card reader and look like they are a part of the card reader. Here are some examples:
Figure 1: Illustration of Broken Security Seal and Fake “EMV delayed” Sticker
Figure 2: Real-World Examples of Untampered and Tampered with Security Seal Stickers
Figure 3: Card Reader Sticking Out Unusually
Figure 4: Green Overlay of ATM Card Reader
Figure 5: ATM Keypad Overlay
Point of Sale (POS) - In-Store Skimmers:
Figure 6: Skimmer (left, wider margins) vs. Real (right, narrow) Ingenico POS Device
So, how can you protect yourself?
Credit card readers can be hard to spot. They're built to trick people into using them, and one may not know about the data theft until days after it happens. However, there are a few ways to protect yourself when paying at the pump, swiping that card in an ATM, or using your card at your favorite grocery store, etc.:
- Look for the security seal on the pump itself. If the seal is broken in anyway, or the word “VOID" appears, report it to a clerk IMMEDIATELY, and find a different pump.
- Some skimmers will stick out a little more than the rest of the pump itself. It always looks weird. Before inserting my card, I will tug on the card reader fairly hard to see if it pops off.
- Quite possibly the easiest way to avoid the skimmers at the pump is to simply pay inside with the clerk. It takes a little longer, but it keeps you from getting scammed at the pump.
- Tug on the card reader on the ATM. Again, you might look weird, but if it jiggles or comes off, you'll save a lot of headache in the future.
- Same for the ATM PIN code keypad. Tug on it. If you can pull it off, there's a problem.
- When using the keypad, cover your hand with your other hand. Some ATMs with skimmers can have hidden cameras installed instead of a keypad overlay. This is a good idea to keep any other prying eyes from seeing your PIN code as well.
Card Readers In-store (These are much harder to spot. However, they do exist.) –
- Tug on the reader. If it's not properly secured, it could fall down. However, the top should not jiggle. If it does, report it.
For more detailed information about card skimmers, read the "All About Skimmers" article published by KrebsonSecurity.