How to Spot and Prevent Card Skimmers: An Essential Guide
American consumers and businesses are increasingly being targeted by malicious credit card skimmers. The Federal Bureau of Investigation (or FBI) estimates that skimming costs consumers and financial institutions over $1 billion annually.
Much of this illegal activity takes place at gas stations. According to the National Association of Convenience Stores, roughly 39 million Americans fuel up their vehicles daily. Many time-crunched drivers pay at the pump with cards.
However, what you must remember is that enterprising thieves want to obtain drivers’ credit card and debit card information for fraudulent purposes. It’s, therefore, essential that you know how to spot and prevent card skimmers from stealing sensitive data.
This article discusses how card skimming works and how you can protect your business and your customers from this crime.
What Are Credit Card Skimmers?
A credit card skimmer is an illegal card reader located within a functioning credit card reader. Each skimmer gathers card data from everyone who uses that ATM or payment terminal. Later, the thief collects the data file and produces a cloned card for identity theft purposes.
Credit card skimmers are most frequently found at ATMs and gas station pumps. However, customers at retail stores, convenience stores, and restaurants often fall victim to skimmer theft too. Users of parking meters and ticket kiosks are also at risk.
What Does a Skimmer Look Like?
Users will have a tough time spotting a card skimming device. Thieves go to great lengths to make each skimmer device appear identical to legitimate card readers.
At gas pumps, for example, users should look for a card reader that might be larger than the one at nearby pumps. A reader with an extended card slot, or one that wiggles easily, may have a card skimming device. Look for a keypad (or pin pad) that’s different than nearby keypads. This may be a keypad overlay—a likely tampering indication.
Some especially creative criminals install a hidden camera to photograph customers’ pin numbers. Even if you look for this tiny camera, you aren’t likely to find it. Other scammers use Bluetooth and cell phone technology to remotely obtain card information.
How Does Card Skimming Work?
Card skimming involves the illegal installation of a tiny electronic device at a card terminal. The terminal may be located at a gas station, point-of-sale (or POS) station, or ATM. Some enterprising crooks may use a handheld skimmer attached to a small mobile POS terminal.
During each transaction, the skimmer (or a pinhole camera) captures the customer’s card number, PIN, and expiration date. This data is readily available from the card’s magnetic stripe (or magstripe).
What Happens When Your Card Is Skimmed?
Let’s assume a skimming device captures the customer’s credit card or debit card information. Now, hackers have the tools to create their own fake cards for eCommerce or mobile phone purchases.
If the customer paid with a debit card, the card’s PIN enables the crooks to empty the user’s bank account. Sadly, financial institutions don’t make it easy to dispute debit card-based incidents.
Fortunately, credit card users can more successfully dispute skimming charges. The credit card company likely maintains a zero-liability fraud policy. This means the cardholder will not have to repay those fraudulent funds to the card issuer.
How to Protect Yourself Against Credit Card Skimmers
Many credit card skimming incidents have historically taken place in large cities and other high-density areas. Today, they also occur in many suburban and rural areas. Fortunately, customers (and businesses) can use five payment strategies to protect against credit card skimmers.
1. Pay with a credit card
Credit card issuers typically maintain a zero-liability policy. This means that a user is not financially liable for illegal credit card charges.
2. Use contactless payments
Contactless payments use highly secure tokenization. During each purchase, the customer’s payment details are encoded. The credit card company sends a one-time code to process the transaction.
A contactless card never physically touches a card terminal. However, contactless cards utilize radio-frequency identification (or RFID) technology to send data to payment terminals. Theoretically, a criminal with a handheld skimmer can intercept RFID-transmitted data. However, credit card companies and banks encrypt this data so scammers cannot use it.
3. Carry a mobile wallet
A digital mobile wallet uses near-field communication (or NFC) technology to transmit card data to a close-range card terminal. It’s highly unlikely that a hand-held skimmer can get close enough to access the customer data.
A mobile wallet can contain the Apple Pay and/or Google Pay apps. Both applications use tokenization technology, and the application authorizes the payment. Both applications require two-factor authentication to complete each transaction.
4. Pull out the cash
Although low-tech cash has seemingly become antiquated, this tried-and-true payment form is 100 percent safe. In addition, some gas stations offer discounts on customers’ cash fuel purchases.
5. Closely monitor your bank accounts
Customers (and businesses) should closely monitor relevant bank accounts. Monitoring your bank statements can be useful, and reviewing your accounts online daily is even better. Anyone who notices suspicious activity should notify their bank.
How to Spot Skimmers at ATMs and Gas Stations
Scammers often place credit card skimmers at high-traffic destinations such as ATMs and gas stations. Finding the malicious little skimmers requires a keen eye for detail.
First, note that a skimming device is frequently placed over the legitimate card reader. This can cause the skimmer to be canted at a strange angle. The skimmer might also cover the panel’s directional arrows. To confirm any suspicions, compare this card reader to others around it.
Next, the user should physically inspect the card reader and its keypad. A conventional card reader is ruggedly built to withstand abuse. The card reader should not wiggle when touched. The keypad buttons should not be hard to depress.
If the user gets either result, the device has likely been tampered with. They should find another ATM or gas pump and notify the bank manager or gas station attendant.
Special user precautions for ATMs
Official bank ATMs are located on the bank’s premises. With customer activity and onsite surveillance cameras, these ATMs are less likely to have skimmer installations. A user should ideally choose bank-maintained ATMs instead of those elsewhere.
Special user precautions for gas pumps
Evading gas pump skimmers takes more effort. First, realize that busy gas station employees cannot monitor multiple gas pump card readers. Users should minimize their risks by using a pump near the cashier station.
Next, users should determine if the pump door shows evidence of tampering. Look for a compromised security seal and a “VOID” label that means tampering has taken place. Determine if anything has been inserted into the card reader. Likewise, see if the card slot and/or keypad seem different compared to similar devices at other pumps.
To minimize their skimmer risks, users should pay inside if possible. Skimmers are less likely to be installed on a card reader at the checkout counter. If users must pay outside, they should use a credit card that offers zero-liability protection.
If a debit card is the only option, the user should press the “credit card” button to complete the sale without a PIN. And while completing a debit transaction, they should cover their hand to thwart a camera while entering the PIN.
Users who frequently fuel up at the same gas stations may purchase the brand’s gift cards. With limited values and no personal information, they’ll have minimal losses if scammers access the card data. Gas apps are another convenient option.
Skimming vs Shimming: What You Need to Know
Many consumers have become aware that credit card skimmers can access magnetic stripe card data. Therefore, customers have increased their use of more secure chip-based credit cards and debit cards. Now, scammers have developed a new technique that enables them to access chip card data.
A difficult-to-see “card shimmer” functions like a tiny shim that sits between the card’s chip and the card reader. The super-thin shimmer efficiently duplicates the card’s magnetic stripe data. Equipped with the customer’s valuable information, the scam artist can easily create a magnetic stripe card.
Businesses Should Always Remain Vigilant
Everyone should take precautions to protect their transactions from card skimming devices. Small businesses can minimize customers’ risks by working with a merchant services provider with a strong PCI compliance focus. Payment Depot certainly fits the bill.
In addition, Payment Depot employs multiple credit card fraud prevention practices that support its PCI compliance program. Contact Payment Depot today to learn about its top-ranked small business-friendly merchant services.
FAQs about Card Skimmer
Q: What is a card skimmer and how does it operate?
A card skimmer is an unlawful device often concealed within a legitimate credit card reader such as ATMs, gas station pumps, and POS terminals. It gathers card data, like card number, PIN, and expiration date, from anyone using the machine. This data, available from the card’s magnetic stripe, enables the thief to clone the card, draining the customer’s bank account or making fraudulent purchases.
Q: What are some signs of a card skimming device?
Detecting a card skimmer can be challenging due to their discreet design that resembles authentic card readers. Indications of a skimmer could include a card reader being larger than others, having an extended card slot, or wiggling easily. Key pads that appear different or overlays are also a red flag. Sophisticated criminals may install hidden cameras for capturing customers’ PIN numbers.
Q: How can I protect myself and my customers from card skimmers?
There are several methods to safeguard against card skimmers. Using contactless payments, digital mobile wallets, including Apple Pay and Google Pay, reduces the risk as these methods employ secure encryption technologies. Paying with cash is also a secure method. Regularly monitoring bank accounts can help spot any suspicious activity early. Giving preference to machines that seem well-maintained and secure, like ATMs located on bank premises, can also minimize risk.
Q: How are card skimmers placed and where are they commonly found?
Credit card skimmers are often installed at busy locations such as gas stations, ATM machines, retail stores, parking meters, and ticket kiosks where the theft is less likely to be noticed. The devices are carefully designed to appear identical to legitimate card readers, making them difficult to spot without careful examination.
Q: What are some strategies for prevention of skimming?
To prevent skimming, users can adopt a few practices. First, users should pay with cash or inside at the counter where skimmers are less likely. If using a credit card, opt for one that offers zero-liability protection. For debit card users, selecting the “credit card” option can help. Using gas station brand gift cards or gas apps are also safer options.
Q: What steps should I take if my card has been skimmed?
If you suspect your card has been skimmed, immediately contact your bank to freeze the card and limit potential financial damage. Notify the location where the skimming likely occurred, the local law enforcement, the state attorney general’s consumer division and the Federal Trade Commission.
Q: Can card skimmers read chip cards?
Skimmers have traditionally been able to access magnetic stripe card data but not chip data. However, new techniques involve a device called a card shimmer, which can access chip card data. This shimmer sits between the card’s chip and the card reader and duplicates the card’s magnetic stripe data. Always use the chip card reader where possible for added security.
Q: What measures can small businesses take for customer transaction security?
Small businesses can minimize skimming risks by partnering with a merchant services provider dedicated to strong Payment Card Industry (PCI) compliance. Such providers implement various fraud prevention practices that further enhance their PCI compliance program and amplify customer transaction security.