How to Avoid Credit Card Skimming

Credit card fraud may be the most benign form of identity theft, since you’re not liable for fraudulent charges. But it’s still stressful and time-consuming to challenge the charges, wait for a new credit card, and update any accounts that use that card for auto-payment.

While credit card numbers are most often stolen through data breaches, a significant number are stolen through a practice known as “skimming,” in which thieves capture card information at the point of sale. In fact, skimming costs consumers and U.S. financial institutions more than $1 billion each year. Skimming is also insidious and difficult to detect. While businesses work hard to detect and prevent data breaches, skimming is virtually invisible to them. It happens one card at a time and it needs to be prevented the same way: by you, the card owner.

Skimming can happen in several ways, both through point-of-sale devices and when you’re buying online. Let’s look at how it works and how you can stop it,

Card Skimming

Physical skimming of credit or debit cards is done with devices that attach to the card reader on an ATM machine, point-of-sale terminal, public ticket kiosk, or gas station pump. A skimmer is designed to blend in with existing equipment, so people don’t notice it. Thieves also install tiny cameras around ATMs and gas pumps to capture PINs to go with the stolen card numbers.

Some new devices, called “shimmers,” are so tiny that thieves can slip them inside an existing credit card reader, making them completely invisible. Shimming has become more widespread since the introduction of chip cards, which were designed to prevent card counterfeiting. While shimmers don’t enable counterfeiters to duplicate chip cards, they can steal enough information to produce a magnetic stripe card for the card-holder’s account or to use the card holder’s account for e-commerce transactions.

Dishonest salesclerks, restaurant workers, or gas station attendants can also use handheld devices to skim cards when they take them for payment.

Once information is skimmed, the thieves retrieve it either by collecting the skimmer or by downloading info from the skimmer via Bluetooth. They use the captured information to make counterfeit cards or for online transfers and purchases.

e-Skimming Grows with e-Commerce

As consumers have moved to e-commerce, card skimming has followed. Criminals steal card numbers online by planting small pieces of code called “e-skimmers” into e-commerce websites to capture and send them shoppers’ credit card information. The COVID-19 pandemic has been a windfall for e-skimmers, as more people turned to online shopping. Malwarebytes Labs reports a 26% increase in e-skimming between March 2020 and March 2021, and predicts that the threat of e-skimming will continue to grow.

Here’s How You Can Prevent Skimming

There are a number of easy steps you can take to prevent skimming. When using your card in physical locations, take these precautions:

• Use indoor ATMS, since those are harder for thieves to tamper with. At gas stations, pay inside rather than at the pump.
• If the credit card terminal accepts NFC (“tap and pay”) transactions, instead of a card use a mobile payment app such as Apply Pay, Samsung Pay, or Android Pay.
• Check card reader devices before using them, especially ATMs. Inspect for anything that looks out of place or is loose. Try wiggling the keypad, as thieves will sometimes put an insert over the keypad to capture PIN numbers. If anything is loose or seems wrong, don’t use the device. (This PC Mag article has some good photos to help you spot skimmers.)
• Use your free hand to cover what you’re doing when entering PIN numbers.
• Never let anyone walk away with your card. Many restaurants now have mobile readers where you can swipe your own card at the table or drive-up window. If they don’t, pay at the cash register where you can see what’s happening with your card.
• Avoid using debit cards for payment. If you have to use one, use it as a credit card, without the PIN, so skimmers can’t use the info to transfer money from your bank account.
• There are “skimmer scanner” apps available for MacOS and Android devices, which check for Bluetooth transmissions to spot skimming devices. Accuracy varies, but the apps are mostly free.

Preventing e-skimming is more difficult, as there’s no way to detect malware hidden in a merchant’s website. Experts recommend storing a credit card number on sites you order from frequently. Since e-skimmers gather the information as you enter it on the site, the less times you enter your card information, the less chance it will be stolen.

Be Ever Alert

No matter how careful you are, your cards could be skimmed (or stolen or breached), so you need to be on alert for signs of criminal activity. Check your credit card and bank statements frequently and carefully for unauthorized transactions. Even better, set up transaction alerts so you can be notified immediately of any activity on your accounts. If you have an IDX privacy and/or identity protection plan, you also have CyberScan™ monitoring, which will tell you if your card information is found exposed on the dark web so you can protect your accounts.

Staying on the defensive takes a bit of time and energy. But, as with every other kind of identity theft, the sooner you can spot the problem, the sooner you can stop the crime in progress and limit the damage and inconvenience. And that saves a lot more time and energy in the long run.