How Credit Card Skimming Works - and How to Avoid It
If you’re lucky, you’ve never encountered a card skimmer. These small, illegal devices fit on top of real card readers at self-service sale terminals. They’re designed to blend in with the rest of the machine, so they can be tough to spot.
Here’s how credit card skimming works
As you slide your credit or debit card into a compromised machine, the card skimmer reads the magnetic strip on your card and stores the card number. Your PIN can be captured, too, if a fake keypad was placed over the real one. Later, a thief scoops up the information and either sells it or uses it himself.
The number of compromised cards at U.S. ATMs and merchants rose 70 percent in 2016, according to FICO’s Card Alert Service. But you can learn how to avoid credit card skimmers.
You’re most likely to see these devices at gas pumps, ATMs or metro station ticket kiosks. But if your card leaves your sight at a restaurant or department store, an employee could use a skimmer to get your card info, too.
How to detect and help avoid credit card skimming
1. Go inside to pay or get money
Sometimes, avoiding card skimming isn’t about detecting a device. It can be about modifying your behavior, says Eva Velasquez, CEO and president of the Identity Theft Resource Center.
If you can pay for your gas inside a station or use an ATM inside a bank lobby, take the extra minute to go inside for the transaction.
When you pay at a point-of-sale terminal that sits right next to a clerk, you’re much less likely to encounter a skimmer.
2. Check out the location
If you can’t go inside to make a transaction, then check out your location to make sure it’s skimmer-unfriendly.
Thieves look for undetected, uninterrupted access to point-of-sale terminals. That’s why gas pumps are appealing—they’re away from the watchful eye of the clerks.
Make sure the machine is in a brightly lit area where lots of people walk past it often.
3. Inspect the card reader
So, you’ve checked out the location, and it seems secure. Now it’s time to check out the machine. Use this quick “SCAN” checklist next time you’re at a card reader:
- S: Scan the area for hidden cameras that record you typing your PIN. These may be mounted near the keypad, so always cover your hand while you type in a PIN.
- C: Compare the card reader and keypad to the rest of the machine. The colors and styles should all match, and graphics should be aligned and unobscured.
- A: Assess for obvious signs of tampering. The panels may be broken or dented, or a security seal may be broken.
- N: Nudge the card reader and keypad. Card skimmers and fake keypads are meant to be removed, so if they feel loose, you may have spotted a skimmer.
If the machine just doesn’t seem right, then report it to the clerk on duty and go to another location.
4. Use the right type of card
Use a credit card—preferably with a chip—if you have one. Here’s why.
If a thief skims your debit card information, it can be a pathway into draining accounts you’ve linked to it: savings, checking, retirement or even a line of credit.
Your liability for unauthorized debit charges is capped at $50, if you report it within two business days. But if someone uses your account and you don't report the theft, after 60 days you may not be reimbursed at all.
Using a credit card with chip technology will make it harder for thieves to skim your data in the first place. But if a thief still gets your credit card info, he can use only that existing account to make unauthorized charges.
5. Monitor your accounts regularly
Check your financial statements to catch fraudulent charges—and do it regularly.
“In the world that we live in today, checking your statements monthly really isn’t good enough,” Velasquez says.
Set up notifications on your checking account and credit cards. Set alerts that tell you every time a charge is more than, say, $100 or every time there’s a “card not present” transaction. Your phone will tell you via text or email, and it’ll only take seconds to remember whether you made the charge.
If you see fraudulent charges on your statement, report it to the card company immediately and shut down the account.
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.