It’s summer time, sunscreen in your pocket while you’re vacation to a popular, sunny getaway…or a business trip. After swiping to cover that delicious dinner, your waiter returns with your credit card, the same card you used for those soft serve ice cream cones. Viola, a call from a 1-800 appears on your mobile phone. You let out a deep exhale because you know who’s on the other line, the automated female voice from your card company. You loathe it, you wish there were a way to avoid this annoying occurrence during your vacation, but you can’t because it’s the Fraud Detection Department calling to verify your transactions after disabling your credit card for protection.
That dreaded phone call has become a standard event during a vacation or any travel outside of your local area and you can thank those pesky card skimmers for this low point of your travels.
What is card skimming?
It is the common moniker for copying the most important information from the magnetic strips found on credit and debit cards. As you probably guessed, card skimmers take that important information and through different methods, use it for fraudulent transactions on the internet and/or at physical merchants.
You must be wondering how this is even possible in 2018 because your bank sent you a more “secure” card with a chip and surely, a card skimmer can’t grab vital information from that chip…but then again, think about how many times you swipe your card as opposed to inserting your chip. Yeah, I think we have your attention.
Let’s learn about how card skimming actually works, the different types and most importantly how to avoid it.
How does it actually work?
Card skimming is accomplished through a small device that illegally reads credit card information in an otherwise legitimate credit or debit card transaction. When a credit or debit card is swiped through a skimmer, the device captures and stores all the details, such as card number, expiration date and the card holder's full name stored in the card's magnetic stripe. Card skimmers are often placed over the card swipe mechanism on card readers in all kinds of businesses…but they’re predominantly located in ATMs and gas stations. With ATMs, the crooks may also place a small, undetectable camera nearby to record you entering your PIN. This gives the thief all the information needed to make fake cards and withdraw cash.
Occasionally, retail workers who frequently handle cards are recruited to be part of a skimming ring. These workers use a handheld device to skim your card during a transaction. Remember that great dinner you paid for on vacation, you handed your card to your waiter. The waiter walks away with your card, and for a dishonest waiter, this is the perfect opportunity to swipe your card through a skimmer without detection. For the honest waiter, there may be undetected card skimmer on the machine and he/she unknowingly gave your card information to malicious actors.
Once your card information is captured by a card skimmer, the skimming ring will either create a cloned card to make purchases in store, use the account to make online purchases, or sell the information on the internet. You are often unaware of the scam until it’s too late and you notice unauthorized charges on their account, your card is unexpectedly declined, or you receive an overdraft notification in the mail. Now, you should have a good understanding of why you get that annoying call from your card company during your travels. The good news is that you generally don’t have to pay, but the bad news is that you may need to resubmit your information to all those businesses that automatically debit your card every month. It's annoying, but its more… you feel like you have been violated.
How to Spot a Credit Card Skimmer
It’s very unlikely you’re going to avoid your favorite retail and restaurant spots because you’re leery of workers, but there are ways to become more vigilant and spot a card skimmer.
- A card reader that sticks out far past the panel. Card skimmers are designed to fit over the existing credit card reader. If you notice a credit card reader that protrudes outside the face of the rest of the machine, it may be a skimmer. This is especially the case when an additional part seems to be affixed to the rest of the credit card reader.
- Parts of the card reader are loose. The card reader should be securely in place. Moving parts are a sign the reader has been tampered with or that a card skimmer has been placed on the reader.
- A security seal is broken. Gas stations often place a security label across the gas pump that lets you know if the cabinet panel on the fuel dispenser has been tampered with. When intact, the label has a flat red, blue or black background. However, once the seal has been broken, the words "Void Open" appears in white. If the seal is broken, it's a sign that someone without authorization has accessed the cabinet. Let the gas station attendant know and do not use the card reader at that pump.
- A thicker than normal pinpad. In addition to a card skimmer, thieves may place a fake keypad on top of the real one to capture your keystrokes. This method captures your pin or billing zip code along with in your card details. If the keys seem hard to push, eject your card and use another ATM, such as a bank ATM, which is less likely to have a skimmer.
- Bluetooth detection apps. Card skimming rings try their hardest to avoid detection and will use Bluetooth to wirelessly transmit captured card information. A malicious actor will return to the card skimmer, hook up its laptop and download everything it needs. There are apps for iOS & Android that will detect suspicious Bluetooth networks near a card reader through your mobile phone’s standard Bluetooth connection.
Best Mitigation Practices
Thankfully, many card issuers have sophisticated algorithms and fraud alert processes to detect fraudulent transactions and decline suspicious transactions until you verify them. However, simply using your card puts you at risk of becoming a card skimming victim because card skimmers are hard to detect. Unless you know what you're looking for, it can be extremely difficult to detect skimming devices.
Here are more tips to avoid card skimming.
- Watch your accounts. Catching fraudulent charges related to a skimming incident requires you to watch your accounts frequently. Monitor your card activity online and report any suspicious activity to your bank or credit card issuer.
- Watch where you shop. ATMs, bars, gas stations, and restaurants are the skimming rings’ favorite. Pay special attention to self-checkout card readers and standalone ATMs unaffiliated with a bank because those are also favorite spots.
- Check the ATM for a camera before using it. Bank affiliated ATMs are also susceptible to card skimmers and a camera may have a direct line of sight of the ATM keypad to capture your PIN. These cameras are often tiny and with modern technology, can operate through a pinhole. So when you're using an ATM, cover your hand as you type your PIN.
- Card cleaning scams. Avoid anyone claiming to clean the magnetic strip on your card to help it work better (someone who just happens to be there and oh so helpful). A malicious actor simply swipes your card through its card skimmer and viola it’s cleaned...of all its money.
Card skimming can be devastating to your sacred vacation and personal finances. We rely on our card issuers to notify us quickly and work with us to remove fraudulent charges to my card. However, there are instances when it’s too late and they have accumulated to billions of dollars of devastation. Stay safe out there, watch out for skimmers and always pick up that dreaded call to verify your transactions.
HLC, LLC is a strategic partner of NCS Regulatory Compliance
Eric Hess has over fifteen years of experience acting as senior in-house counsel, general counsel or senior management for exchanges, broker dealers, and financial services technology providers. He has a proven track record of meeting business and legal goals, including creating legal, compliance and technology & operational risk management functions, designing compliant trading technology, advocating for regulatory change, closing transactions, navigating challenging issues, managing regulatory inquiries & investigations and facilitating company growth, both organically and through strategic transactions. Specialties: Equities, options, futures and cleared swaps regulation; hedge fund, broker dealer and markets regulation; technology and operations risk management; contract negotiation; technology transactions; regulatory examinations, inquiries & investigations; dispute resolution; corporate governance, mergers & acquisitions; intellectual property; lobbying; and financing transactions. Mr. Hess holds Series 7 and 24 licenses and is admitted to practice in the States of New York and New Jersey.