Read on to find out what a credit card skimmer is, and ways criminals can use these skimmers against you. We’ll also cover how to spot a skimming device so you can prevent your credit card data from getting compromised.
What Is a Credit Card Skimmer?
Credit card skimmers are tiny devices that hackers add to card readers. You’ll find them most often at ATMs or gas station pumps.
They come in all shapes, sizes, and varying degrees of complexity; however, their primary purpose is to “skim” or capture your credit card information so it can be used for fraudulent transactions.
7 Ways Criminals Use Card Skimmers
Skimming occurs when a criminal or data thief installs a skimmer on a card reader. The goal of a skimmer is to hijack the card reading process and send the captured data to the hacker, who can then use the details for their own use. Since skimming devices are tiny, the victims rarely ever notice them.
Here are seven ways criminals can use credit cards skimmers against you:
1. Extending the Card Slot
A skimming attack that works via extending the card slot is a prevalent method used by criminals.
By physically attaching skimmers to an ATM, point-of-sale terminal, public ticket kiosk, or gas station pump machine, it extends the card slot while making it look like part of the original design. Then, when a victim slides their cards into the reader, the extended part that the hacker added scans the details.
2. Installing Stealth Cameras
Stealth cameras go hand in hand with card skimmers. Data thieves install these tiny and unnoticeable cameras around ATMs and gas pumps to capture PINs that go with the stolen credit card numbers retrieved through the skimming device.
3. Using 3D Printed Keyboards
Some tech-savvy criminals are using the power of 3D printing to create custom credit card skimmers.
They achieve this by creating and using 3D printed keyboards by overlaying them on the real keyboards at ATMs or kiosks to record the PINs.
4. Injecting POS Malware
Point-of-Sale (POS) or RAM scraping is a type of malware that criminals install onto card readers or gas pumps. This special strain of malware targets the software that operates the terminal, such as the operating system.
This type of malware was responsible for the most significant data thefts in history, affecting Target and Home Depot stores where tens of millions of cards were stolen.
5. Installing Shimmers
The inception of the secure chip-enabled debit cards gave credit card users a sigh of relief from data thieves. But unfortunately, criminals have found ways to target these chips as well by using a method known as “shimming.”
A shimmer acts like a shim, sitting between the reading device and the chip on your credit card. Shimmers are even more challenging to detect than skimmers because they are paper-thin devices that sit inside the reader and stay entirely out of sight.
6. Radio Frequency Identification (RFID) Scanner
Contactless payment cards have radio frequency identification tags that hackers can scan from a distance. While this technology is mainly used for building access codes and transport cards, it is also making its way onto credit and debit cards everywhere.
A criminal can easily use an RFID scanner by walking near the victim and scanning the card details while it sits inside their pocket.
7. Magecart E-Commerce Attacks
Many POS vendors have started deploying point-to-point encryption (P2PE) to secure the connection between the card reader and the payment processor. Unfortunately, this has caused many data thieves to deploy web-based card skimmers that target the checkout process on e-commerce websites.
These attacks are commonly known as Magecart or Formjacking attacks. By injecting malicious JavaScript into online shopping sites, criminals try to capture the card information as users try to enter it during the checkout process.
The malicious script is injected early on into the transaction process before the data has a chance to get to the payment processor through an encrypted channel. This security flaw allows the hacker to steal the credit card details before being stored securely in the site’s database.
To date, Magecart attacks have affected thousands of websites, including popular brands such as British Airways, Macy’s, NewEgg, and Ticketmaster.
How to Spot a Credit Card Skimmer
The worst thing about card skimmers is that they are tough to spot as they generally blend into the original hardware of the machines they are attached to.
While spotting a stealthy credit card skimmer is no easy feat, it is not impossible either. The following signs can help you identify the presence of a card skimmer:
The card reader is different looking than those at nearby gas pumps or ATMs. The card reader looks big or bulky; this signifies that a skimmer sits on top of the standard card reading device. If the card reader feels loose or unsecured, then there’s a big possibility that it may have a skimmer installed. The colors on the receipt printer and card reader do not match. Most gas stations place serial-numbered security stickers across the fuel dispenser doors. If you notice that the safety seal is broken, a criminal may have tried to break the seal to install an internal skimmer. You may notice a PIN pad that is thicker than usual. This is because some criminals place fake 3D-printed keypads on top of the real ones to capture PINs. As such, if you have difficulty pushing the keys, it could be a phony keypad skimmer. Take a good look inside the mouth of the card reader itself. If you see anything inside, then it’s a sign that someone installed a skimmer.
Besides ATMs and gas pumps, you should also stay alert when using your credit cards for parking meters, ticket kiosks, and the grocery store’s point of sale.
The First Line of Defense Against Skimming
Caution is the first line of defense against credit card skimming. Extra caution should be used whenever we insert, swipe, or tap our credit cards into fast and convenient credit card readers.
Fortunately, practicing extra caution when swiping credit cards, using only highly visible gas pumps, checking your credit card statements regularly, setting up transaction alerts, and quickly informing any suspicious activities to authorities can save you from credit card theft in the long run.
When it comes to protecting yourself against credit card skimmers, an ounce of caution is certainly worth a pound of cure.
