Stealing debit card information using “skimmers” at gas pumps and ATMs has been around. But thieves are becoming more sophisticated at hiding the devices and getting around some of the fixes banks and merchants have put in their way.
Among the newest tools are “shimmers,” a tiny type of skimmer that’s capable of reading the data from the new chip-based debit and credit cards. Scammers use the stolen data to produce counterfeit magnetic strip-based cards and make unauthorized purchases online. Before shimmers, cardholders already were facing additional threats from so-called deep-insert skimmers. Those devices are placed well inside a payment device, where they’re difficult to detect with anti-skimming technology.
About half the skimmers out there are invisible to people who don’t know what they are looking for, and even to some of those who do know. Many of these devices can transmit the stolen data wirelessly, so scammers don’t need to return to the location to fetch the device. Skimmers are even being found in the card readers customers use to gain after-hour access to ATMs in locked bank vestibules.
The latest data available from the credit scoring company FICO shows there was a 70 percent increase in the number of debit cards that were compromised in 2016 at ATMs and at card readers used by merchants. FICO also reported that the number of card readers at ATMs and merchant devices that were hacked rose 30 percent.
In addition to using skimmers, thieves obtain card information by installing data-stealing software in card readers and through data breaches, where they hack into the main computer systems where card information is stored.
How to Protect Yourself from Card Skimming
Consumers most at risk for card theft are those who use nonbank ATMs, such as the ones in convenience stores, and those who make purchases at out-of-the-way merchants, such as remote gas stations. Consider these precautions:
Don’t use remote ATMs and point-of-sale terminals. ATMs that are in low-trafficked, poorly lit areas are particularly vulnerable to being tampered with by thieves. So are gas pumps that accept credit cards at stations far from major highways. The rate of attack for drive-up ATMs is twice that of those inside a bank.
Look for signs of tampering. Before using an ATM or point-of-sale terminal, try wiggling the keypad or card slot. If anything seems loose, don’t use the device. Also look for keypads that appear raised or have an unusual color. A thief could have placed an overlay on the keypad to record the personal identification number you punch in. Some gas pumps have security tape that forms a seal around the card reader. If the seal is broken, that could be a sign that the reader has been compromised. And don’t proceed with a transaction if you encounter unusual resistance when you try entering your card.
Protect your PIN. Place your hand over the keypad when entering your personal identification number. Along with skimming devices, scammers often install a pinhole camera to record your PIN. Some may be located in the security mirror that you’ll often find at bank ATMs.
Check your transactions. Carefully examine your bank account activity online for unauthorized withdrawals or purchases. You can also set up an alert so that you’re notified when money is withdrawn from your account.