Wednesday, January 18, 2017

Credit Card Skimmers and Your Security

Recently an article was published in the News Messenger titled “Credit card skimmer found at a gas station in Bellevue” highlighting a recent sweep for these devices covering 60 of the 88 counties in Ohio. So what are credit card skimmers? Skimming is an electronic method of capturing a victim's personal information used by identity thieves. The skimmer is a small device that scans a credit card and stores the information contained in the magnetic strip. Many times this device is placed over top or within the original credit card processing machine and can be difficult to detect at first glance.

Skimmers can be placed pretty much everywhere that credit card transactions take place. Gas pumps, ATMs, and lottery machines all being good examples. They can be bought up front for several hundred dollars online, and then have the added cost of the electronic components used to store or transmit the stolen credit card data. Data can be stored locally to the skimmer or some newer models have been known to transmit the data over Bluetooth. Criminals will also add or have built-in pinhole cameras or add another PIN pad over the original to capture the PIN being used.

So what can you do to protect yourself against these types of devices?
Be vigilant and aware of the devices you are putting your credit cards through. 

  • Try not to use ATMs that are not located in publicly visible and well-lit areas.
  • Whenever you enter your debit card's PIN, Just assume there is someone looking. Maybe it's over your shoulder or through a hidden camera. Cover the keypad with your hand when you enter your PIN.
  • Stop and consider the safety of the ATM before you use it. The ATM inside a grocery store or restaurant is generally safer than the one that is outside on the sidewalk. 
Check for tampering.
  • Look for odd protrusion or off-color components on a card reader.
  • Check for some obvious signs of tampering at the top, near the speakers, the side of the screen, the card reader itself, and the keyboard.
  • If something looks different, such as a different color or material, graphics that aren't aligned correctly, or anything else that doesn't look right, don't use it.
  • If you're at the bank, it's a good idea to quickly take a look at the ATM next to yours and compare them both. If there are any obvious differences, don't use either one, and report the suspicious tampering to your bank.
  • Even if you can't see any visual differences, push at everything. ATMs are solidly constructed and generally don't have any jiggling or loose parts. 
  • Most skimmers are glued on top of the existing reader, they will obscure the flashing indicator.

Work with your bank.


  • If you haven’t already, you should switch to a chip-enabled credit or debit card. New MasterCard and Visa rules that went into effect Oct. 1, 2015, put merchants on the hook to absorb all costs of fraud associated with transactions in which the customer presented a chip-based card yet was able to take advantage of it. The chip cards encrypt the cardholder data and are far more expensive and difficult for card thieves to clone.
  • Timely reporting is very important in cases of fraud, so be sure to keep an eye on your debit and credit card transactions. Personal finance apps like Mint.com can help ease the task of sorting through all your transactions. 
  • Try to use a credit card whenever possible. A debit transaction is an immediate cash transfer and requires making a FDIC claim which can take weeks to be processed.
  • Pay attention to your phone. Banks and credit card companies generally have very active fraud detection policies and will immediately reach out to you, usually by phone or SMS, if they notice something suspicious. Responding quickly can mean stopping attacks before they can affect you, so keep your phone handy.


For additional information as well as more in-depth guides for detecting skimmers you can visit this collection of blog posts http://krebsonsecurity.com/all-about-skimmers/