Card Skimming

ATM PIN capture overlay device pulled back to reveal the legitimate PIN entry pad.

Card skimming is a type of cybercrime where criminals use small credit card reading devices, called skimmers, to illegally collect data from the magnetic stripe of credit or debit cards. These devices are often installed discreetly on ATMs, gas station pumps, or point-of-sale terminals. The stolen data is then used to create counterfeit cards or for unauthorized transactions, resulting in financial losses for the cardholders. 

Using a credit card with an EMV chip can significantly reduce the risk of falling victim to card skimming compared to traditional magnetic stripe cards. EMV technology encrypts the transaction data differently for each transaction, making it much more difficult for criminals to clone or skim card information.

However, while EMV chip cards provide enhanced security compared to magnetic stripe cards, they are not entirely immune to fraud. Criminals may still attempt other types of fraud, such as card-not-present (CNP) fraud, where they use stolen card details for online or phone transactions. Additionally, some card skimmers are designed to capture both the magnetic stripe data and the chip information. In such cases, having a chip-enabled card may not completely prevent the crime, but it does make it more challenging for attackers to use the stolen data.

If your credit card company or bank has reimbursed your financial loss (or will remove the fraudulent charges from your account), they become the monetary victim and must reach out to law enforcement for further assistance.

  • Loose or Misaligned Card Reader: Check for any unusual attachments or inconsistencies in the appearance of card readers, such as protruding parts or misaligned slots, which may indicate the presence of a skimmer.
  • Tampered Security Seals: Look for signs of tampering on ATM or gas pump security seals, including broken or missing seals, which could suggest a card skimmer has been installed.
  • Unusual Devices or Accessories: Be wary of additional devices or accessories near card readers, such as small cameras or keypad overlays, which may be used to capture PIN numbers.
  • Inconsistencies in Transactions: Regularly review your bank or credit card statements for any unauthorized or unfamiliar transactions, which may indicate that your card data has been compromised.
Store owners can help prevent card skimming incidents, protect cardholder data, and maintain compliance with PCI DSS requirements. Failure to implement adequate measures to prevent and detect card skimming can result in non-compliance penalties and damage to the reputation of the business.
  • Store owners should replace traditional magnetic stripe card readers with EMV chip readers. 
  • Store owners must regularly inspect all payment card devices, such as POS terminals and card readers, for any signs of tampering or unauthorized modifications. This includes visually checking for external skimming devices and inspecting internal components for tampering.
  • Use of Tamper-Evident Seals: Implement the use of tamper-evident seals on payment card devices to help detect if they have been tampered with or compromised. Regularly inspect these seals to ensure they are intact and have not been breached.
  • Training and Awareness: Provide training to staff members on how to identify potential signs of card skimming, such as suspicious attachments on card readers or unusual behavior by customers. Encourage staff to report any suspicious activity or devices immediately.
  • Physical Security Measures: Implement physical security measures to protect payment card devices from unauthorized access or tampering. This may include installing security cameras, locks, and alarms in areas where payment card devices are located.
  • Inspect Card Readers: Before using an ATM or gas pump, visually inspect the card reader for any signs of tampering or irregularities.
  • Cover PIN Entry: Shield the keypad with your hand while entering your PIN to prevent cameras or overlays from capturing your personal information.
  • Use Trusted Terminals: Whenever possible, use ATMs or payment terminals located in secure and well-lit areas, such as inside banks or stores, to reduce the risk of skimming.
  • Customers should avoid credit card readers that do not accept EMV chip credit cards. 
  • Enable Card Notifications: Set up transaction alerts or notifications with your bank or credit card provider to receive real-time alerts for any suspicious activity on your account.
  • Regularly Check Accounts: Monitor your bank and credit card accounts regularly for any unauthorized transactions and report any suspicious activity to your financial institution immediately.
  • Contact Your Bank: Customers should notify their bank or credit card issuer as soon as possible if they suspect their card data has been compromised due to skimming. Provide details of unauthorized transactions and any relevant information.
  • Cancel or Freeze Card: Customers should cancel or freeze their compromised card to prevent further unauthorized transactions.
  • Change Passwords and PINs: Customers should change online banking passwords and PINs to prevent further unauthorized access to the account.
  • File a Police Report: Both customers and store owners should file a police report to document this crime. This report will be used by the police and banks during the investigation.  For Montgomery County residents, call 301-279-8000 (for non-emergency help).
  • Monitor Credit Reports: Customers should closely monitor credit reports for any signs of identity theft. Report any suspicious activity to the credit bureaus.  See  Identity Theft for how to make these reports.

References: