security graphic


Wiggle Everything...Skimming is on the Rise!!


Criminals can easily capture your credit and debit card information with small devices called skimmers. These advanced devices used to steal your information are installed by criminals directly on to ATMs and credit card readers. These are called skimmers, and if you're careful you can keep from being victimized by these devices.


What Are Skimmers?

Skimmers are malicious card readers that grab the data off your card's magnetic stripe attached to the real payment terminals so that they can harvest data from every person that swipes their cards. The thief has to come back to the compromised machine to pick up the file containing all the stolen data, but with that information in hand he can create cloned cards or just break into bank accounts to steal money. This does not prevent the ATM or credit card reader from functioning properly.

The typical ATM skimmer is a device smaller than a deck of cards that fits over the existing card reader. The attackers will also place a hidden camera somewhere in the vicinity with a view of the number pad in order to record personal-identification-numbers, or PINs. The camera may be in the card reader, mounted at the top of the ATM, or even just to the side inside a plastic case holding brochures. Some criminals may install a fake PIN pad over the actual keyboard to capture the PIN directly, bypassing the need for a camera.


The above picture is a real-life skimmer in use on an ATM. You can see how the arrows are very close to the reader.
That is a sign a skimmer was installed over the existing one, since the real card reader would have some space before the arrows


Check for Tampering

When you approach an ATM, check for some obvious signs of tampering at the top of the ATM, near the speakers, the side of the screen, the card reader itself, and the keyboard. If something looks different, such as a different color or material, graphics that aren't aligned correctly, or anything else that doesn't look right, don't use that ATM. The same is true for credit card readers.

If you suspect tampering, you can report the suspicious tampering to your bank. For example, if one ATM has a flashing card entry to show where you should insert the ATM card and the other ATM has a plain reader slot, you know something is wrong. Since most skimmers are glued on top of the existing reader, they will obscure the flashing indicator.


If the keyboard doesn't feel right—too thick, perhaps—then there may be a PIN-snatching overlay, so don't use it.

Wiggle Everything

ATMs are solidly constructed and generally don't have any jiggling or loose parts. Credit card readers have more variation, but still see if the keyboard is securely attached and just one piece. Does anything move when you push at it?

Skimmers read the magnetic stripe as the card is inserted, so give the card a bit of a wiggle as you put it in. The reader needs the stripe to go in a single motion, because if it isn't straight in, it can't read the data correctly. If the ATM is the kind where it takes the card and returns it at the end of the transaction, then the reader is on the inside. Wiggling the card as you enter it in the slot won't interfere with your transaction, but will foil the skimmer.

Think Through Your Steps

Whenever you enter your debit card PIN, cover the keypad with your hand. Even if you don't notice the skimmer and swipe your card, covering your hand when you enter your PIN can keep you safe. Obtaining the PIN is essential, since the criminals can't use the stolen magnetic stripe data without it. Criminals frequently install skimmers on ATMs that aren't located in overly busy locations since they don't want to be observed installing malicious hardware or collecting the harvested data. However, all ATM and card readers are vulnerable no matter their location. Stop and consider the safety of the ATM before you use it.

The chances of getting hit by a skimmer are higher on the weekend than during the week, since it's harder for customers to report the suspicious ATMs to the bank.
When you use your EMV chip, the card is authorized on the device and your personal information is never transmitted. This forces criminals to attack the inner workings of EMV-enabled readers. While cracking EMV readers is possible, it's much harder than magstripe skimming.

If the credit card terminal accepts NFC transactions, consider using Apple Pay, Samsung Pay, or Android Pay. These services tokenize your credit card information, so your personal information is never exposed. If a criminal somehow intercepts the information, he'll only get a useless virtual credit card number.

Stay Aware

If you don't notice a card skimmer and your card data does get stolen, report the theft to your card issuer (for credit cards) or bank (where you have your account) as soon as possible. Timely reporting is very important in cases of fraud, so be sure to keep an eye on your debit and credit card transactions.

Lastly, pay attention to your phone, bank account, and credit card information. Banks and credit card companies generally have very active fraud detection policies and will immediately reach out to you, usually over phone or SMS, if they notice something suspicious. Responding quickly can mean stopping attacks before they can affect you, so keep your phone handy.

Just remember: If something doesn't feel right about an ATM or a credit card reader, just don't use it. And whenever you can, use the chip instead of the strip on your card. Your bank account will thank you.

(Excerpt) MAX EDDY APRIL 5, 2016 http://www.pcmag.com/article2/0,2817,2469560,00.asp

Previous Cyber Articles:

How to Avoid Phishing Scammers
A Consumer's Guide to Sweepstakes and Lotteries
Don't Be the Victim of a Check Scam
Consumer Fraud by Phone or Mail-Know How to Protect Yourself