Credit and debit card skimmers are a perennial modern-day security problem. Thieves secretly attach them to ATMs, gas pumps, cash registers and other places people swipe their credit and debit cards. Once installed and hidden from view, this sneaky bit of tech can steal the magnetic stripe data from your card, making it possible for crooks to clone it. Skimmers are one of the main reasons banks have increasingly turned to chip-based EMV credit and debit cards. These type of cards and their respective point-of-sale (POS) systems reduce the need for the terribly outdated magnetic stripe.
The whole point with this shift to chip-based cards in the first place is to make it harder for tech-savvy crooks to pilfer your information using concealed skimmers. The EMV card system has proved to be effective against old-school shimmers so far. According to Mastercard, counterfeit card fraud in the U.S. dropped around 60 percent from last year. It is so effective, crooks have started to look for new ways to steal your card information.
One of the newer tools is what is known as a shimmer, a smaller version of the skimmer that can steal both magnetic stripe and chip data from credit and debit cards.
Shimmers versus skimmers - what is the difference?
Shimming is the "new skimming." Shimmers are much smaller versions of a skimmer that fit easily inside an ATM or POS card reader's slot. They are paper-thin and card-sized devices that criminals can easily slide into any card slot discreetly. They are also embedded with a microchip and flash storage, which allows them to directly access your card's EMV chip and intercept your information, including the card number and even the PIN.
These devices are sandwiched directly between your card's chip and an ATM or POS system's card reader (hence the nickname "shimmer"). This data is extracted at a later time when the thief returns and inserts a specially designed card that downloads the information. Although it's extremely difficult to clone an actual EMV chip card, scammers can still use the information to create a cloned magnetic stripe card.
What does a shimmer look like?
Here's a picture of an actual shimmer:
Image: shimmer found inside retailer's checkout card reader. (Source: RCMP)
The shimmer is super easy for the thief to install and is so thin, you won't be able to tell that it's inside the card reader. It also won't block the normal usage of your card. Because these new devices are so small, they won't be limited to gas stations and ATMs. You can expect to see them popping up at grocery stores and retail locations, especially ones that offer self-checkout. You also need to be aware of unscrupulous employees of a restaurant or store who might have handheld shimmers that you'll never see.
Not many crooks have these advanced shimmers yet, but they'll get less expensive and more widespread as time goes by. Fortunately, if banks and retailers completely switch over to EMV systems and they follow industry card security standards, even shimmed cards will be less of an issue. In the meantime, you should try avoiding the places most likely to have skimmers or shimmers. Here are the three most risky places to swipe your debit card.
Defeating the shimmers and skimmers
Here are some simple ideas to defeat skimmers and shimmers:
- Use contactless payments - Contactless payment systems like Apple Pay, Android Pay, or NFC are immune from shimming. With this method, you can use your phone, your watch or the "tap-and-go" features of your card on compatible systems.
- Like EMV, contactless methods like these issue a unique code for each transaction and is definitely safer than card swiping. Here's how to pay on the go using your Android or Apple smartphone.
- Always shield your PIN - The easiest step you can take to avoid having your PIN stolen is to block your hand typing in the PIN with your other hand. Always assume someone is watching you enter your PIN.
- Check for tampering - Before putting your card into a reader check it for tampering. Look for anything different or misaligned. If it looks suspicious, do NOT use the machine.
- Wiggle everything - ATMs don't have loose parts. If anything jiggles, don't use it.
- Avoid stand-alone ATMs - Try to use ATMs that are located at a bank, preferably inside the lobby area.
- Frequently check bank statements - Criminals are becoming more sophisticated, which means you need to stay vigilant. Stay on top of your bank statements and report any suspicious activity ASAP.
- Report the theft - If you are a victim of a skimmer, report it immediately to your financial institution.
In other news, Equifax breach is worse than previously thought
So you probably think the Equifax data breach saga is over? Well, for millions of people, it’s getting worse!