What is a Skimmer?

A "skimmer" is a malicious device that thieves install on or near a legitimate card reader to secretly steal the information from a credit or debit card's magnetic stripe. When a person swipes their card, the skimmer captures the data stored on the stripe, including the card number, expiration date, and cardholder's name.

Often, skimmers are paired with a tiny, hidden camera or a fake PIN pad overlay to capture the customer's PIN as they type it in. With both the card data and the PIN, a thief can create a counterfeit card and drain a victim's bank account.

While often associated with physical locations like ATMs and gas pumps, the concept of "skimming" has evolved for the digital world.

Physical Skimmers: The Offline Threat

These are the traditional skimmers found in the physical world.

Where They Are Found:

• ATMs: Skimmers are often designed to fit perfectly over the real card slot, making them hard to detect.
• Gas Pumps: Point-of-sale (POS) terminals at gas pumps are a very common target, especially those that are not regularly monitored by an attendant.
• Other POS Terminals: Any unattended card reader, such as those at transit kiosks or parking meters, can be a target.

How to Spot a Physical Skimmer:

1. Wiggle Everything: Before inserting your card, wiggle the card reader itself. If it feels loose, bulky, or poorly attached, it may be a skimmer. Legitimate card readers are built to be robust.
2. Check for Mismatched Components: Look for colors or materials that don't match the rest of the machine. Does the plastic look different? Is the alignment slightly off?
3. Inspect the PIN Pad: Look for PIN pads that are unusually thick or have buttons that feel spongy or hard to press. This could indicate a fake overlay designed to capture your PIN.
4. Look for Hidden Cameras: Scan for tiny holes or unusual fixtures above the keypad. Thieves often use pinhole cameras hidden in brochure holders, fake speaker grilles, or even the overhead light to record you entering your PIN.
5. Cover Your Hand: This is the most effective defense against hidden cameras. Always shield the keypad with your other hand when you enter your PIN.

Digital Skimmers: The Online Threat

The modern version of skimming happens on websites. This is often called Magecart, e-skimming, or a digital skimming attack.

How it Works:

Hackers inject malicious JavaScript code into a legitimate e-commerce website's payment page. This code is designed to capture customer payment information in real-time as it is being entered into the form fields. The stolen data (card number, name, address, CVV) is then sent silently to a server controlled by the attackers.

These attacks are incredibly stealthy. The customer completes their purchase normally and may never know their information was stolen until fraudulent charges appear on their statement. The website owner may also be unaware that their site has been compromised for weeks or months.

How to Protect Yourself from Digital Skimmers:

As a consumer, protecting yourself from digital skimming is difficult because the compromise happens on the website's end. However, you can take steps to mitigate the damage:

1. Use Virtual Credit Cards: Services like Privacy.com or features offered by banks like Capital One allow you to generate unique, temporary card numbers for online purchases. You can lock a card to a single merchant or set a specific spending limit. If this virtual number is skimmed, it's useless to the thief for any other purchase.
2. Monitor Your Statements: Regularly review your credit card and bank statements for any charges you don't recognize, no matter how small. Report any suspicious activity immediately.
3. Set Up Transaction Alerts: Enable real-time transaction alerts with your bank. You will get a text or email notification every time your card is used, allowing you to spot fraud instantly.
4. Shop on Reputable Sites: While even large companies can be victims of Magecart attacks, smaller, less secure websites are often easier targets for hackers. Stick to well-known, trusted online retailers.

Conclusion

Whether offline or online, skimming is a serious threat to your financial security. By being vigilant at physical terminals and adopting smart security practices like using virtual credit cards online, you can significantly reduce your risk of becoming a victim. Always remember: cover your PIN, check for loose parts, and monitor your accounts closely.