Even with security chips and advanced biometric features in place, credit card data can be stolen through stealthy credit card skimmers.
Do you often insert your credit cards into ATMs or gas stations without a second thought? While most credit card numbers are stolen through data breaches, a significant number are swiped through a malicious practice known as "skimming," which is carried out by using a device known as a credit card skimmer.
Read on to find out what a credit card skimmer is, and ways criminals can use these skimmers against you. We'll also cover how to spot a skimming device so you can prevent your credit card data from getting compromised.
Credit card skimmers are tiny devices that hackers add to card readers. You'll find them most often at ATMs or gas station pumps.
They come in all shapes, sizes, and varying degrees of complexity; however, their primary purpose is to "skim" or capture your credit card information so it can be used for fraudulent transactions.
Skimming occurs when a criminal or data thief installs a skimmer on a card reader. The goal of a skimmer is to hijack the card reading process and send the captured data to the hacker, who can then use the details for their own use. Since skimming devices are tiny, the victims rarely ever notice them.
Here are seven ways criminals can use credit cards skimmers against you:
A skimming attack that works via extending the card slot is a prevalent method used by criminals.
By physically attaching skimmers to an ATM, point-of-sale terminal, public ticket kiosk, or gas station pump machine, it extends the card slot while making it look like part of the original design. Then, when a victim slides their cards into the reader, the extended part that the hacker added scans the details.
Stealth cameras go hand in hand with card skimmers. Data thieves install these tiny and unnoticeable cameras around ATMs and gas pumps to capture PINs that go with the stolen credit card numbers retrieved through the skimming device.
Some tech-savvy criminals are using the power of 3D printing to create custom credit card skimmers.
They achieve this by creating and using 3D printed keyboards by overlaying them on the real keyboards at ATMs or kiosks to record the PINs.
Point-of-Sale (POS) or RAM scraping is a type of malware that criminals install onto card readers or gas pumps. This special strain of malware targets the software that operates the terminal, such as the operating system.
This type of malware was responsible for the most significant data thefts in history, affecting Target and Home Depot stores where tens of millions of cards were stolen.
Related: What Is Malware and How Does It Work?
The inception of the secure chip-enabled debit cards gave credit card users a sigh of relief from data thieves. But unfortunately, criminals have found ways to target these chips as well by using a method known as "shimming."
A shimmer acts like a shim, sitting between the reading device and the chip on your credit card. Shimmers are even more challenging to detect than skimmers because they are paper-thin devices that sit inside the reader and stay entirely out of sight.
Contactless payment cards have radio frequency identification tags that hackers can scan from a distance. While this technology is mainly used for building access codes and transport cards, it is also making its way onto credit and debit cards everywhere.
A criminal can easily use an RFID scanner by walking near the victim and scanning the card details while it sits inside their pocket.
Many POS vendors have started deploying point-to-point encryption (P2PE) to secure the connection between the card reader and the payment processor. Unfortunately, this has caused many data thieves to deploy web-based card skimmers that target the checkout process on e-commerce websites.
These attacks are commonly known as Magecart or Formjacking attacks. By injecting malicious JavaScript into online shopping sites, criminals try to capture the card information as users try to enter it during the checkout process.
The malicious script is injected early on into the transaction process before the data has a chance to get to the payment processor through an encrypted channel. This security flaw allows the hacker to steal the credit card details before being stored securely in the site's database.
To date, Magecart attacks have affected thousands of websites, including popular brands such as British Airways, Macy's, NewEgg, and Ticketmaster.
The worst thing about card skimmers is that they are tough to spot as they generally blend into the original hardware of the machines they are attached to.
While spotting a stealthy credit card skimmer is no easy feat, it is not impossible either. The following signs can help you identify the presence of a card skimmer:
Besides ATMs and gas pumps, you should also stay alert when using your credit cards for parking meters, ticket kiosks, and the grocery store's point of sale.
Caution is the first line of defense against credit card skimming. Extra caution should be used whenever we insert, swipe, or tap our credit cards into fast and convenient credit card readers.
Fortunately, practicing extra caution when swiping credit cards, using only highly visible gas pumps, checking your credit card statements regularly, setting up transaction alerts, and quickly informing any suspicious activities to authorities can save you from credit card theft in the long run.
When it comes to protecting yourself against credit card skimmers, an ounce of caution is certainly worth a pound of cure.
Kinza is a technology journalist with a degree in Computer Networking and numerous IT certifications under her belt. She worked in the Telecommunications industry before venturing into technical writing. With a niche in cyber-security and cloud-based topics, she enjoys helping people understand and appreciate technology.
Join our newsletter for tech tips, reviews, free ebooks, and exclusive deals!