Top 5 Credit/Debit Card Skimming Attacks

Credit card fraud is a multi-billion dollar industry. Skimming is one of the financial industry’s fastest-growing crimes, according to the U.S. Secret Service. ATM skimming alone is responsible for $350,000 of fraud daily exceeding a billion dollars in losses annually.

Skimming can occur in a few different ways;

Wedge Skimming

The most common skim is when a store clerk/waiter etc. takes your card and runs it through a card reader device that copies the information from the magnetic strip. Once the thief has the credit or debit card data he downloads it to his PC then he can burn the data to a gift card or blank “white card” or place orders over the phone or online.

POS Swaps

EFTPOS (electronic funds transfers at the point of sale) skimming occurs when the point of sale terminal is replaced with a skimming device. People commonly swipe both credit and debit cards through the in-store machines to pay for goods and services at these outlets. This is what happened to Stop and Shop. In Australia, fast food chains, convenience stores, and specialty clothing stores are bearing the brunt of the crime. McDonald’s is among the outlets whose EFTPOS machines have been targeted.

ATM Skimmers

Criminals can also place a card reader device on the face of an ATM, which appears to be a part of the machine. The device may have wireless Bluetooth or cellular technology built to obtain the data remotely.   It’s almost impossible for civilians to know the difference unless they have an eye for security, or the skimmer is of poor quality. Often, the thieves will hide a small pinhole camera in a brochure holder, light bar, mirror or car stereo looking speaker on the face of the ATM in order to extract the victim’s pin number. Gas pumps are equally vulnerable to this type of scam.

Data Interceptors

Another type of gas pump skim is pulled off due to a common set of keys that will open almost any gas pump. Criminals pose as fuel pump technicians and access the terminal with the master keys. Once inside they access the wires that connect the key pad/card reader and piggyback a device inside the pump that reads all the unencrypted card data.

Dummy ATMs

In some cases an ATM is bought off of eBay (do a search) or elsewhere and installed anywhere there is foot traffic. The machine is set up for one purpose; read/copy data. The machine might be powered by car batteries or plugged in the nearest outlet. I bought one off Craigslist for $750 from a guy named Bob at a bar. How you like them apples.

When credit card information is skimmed, hackers can copy the data on blank cards, gift cards, hotel keys, or “white” cards. White cards are effective at self checkouts, or when the thief knows the clerk and is able to “sweetheart” the transaction. A white card can also be pressed with foils to look like a legitimate credit card, as seen in this video.

To help combat ATM Skimming, ADT unveiled the ADT Anti-Skim ATM Security Solution, which helps prevent skimming attempts and detects skimming devices on all major ATM makes and models. ADT’s anti-skim solution is installed inside an ATM near the card reader, making it invisible from the outside.

Consumers must check their statements online weekly or at least their papers ones monthly. Refute unauthorized charges immediately. Federal law allows up to 60 days to dispute a charge. After that you may be paying for an identity thief’s Vegas bender. Whenever entering a PIN always cover the keypad with your other hand.

Robert Siciliano personal security expert to Home Security Source discussing ATM skimming on Fox Boston. Disclosures.