The Evolution of Card Skimming
Card skimming is nothing new in the world of stolen debit and credit card data. Many merchants and consumers believe that skimmers only affect card terminals at ATMs and gas stations. That is no longer the case. With today’s electronics and technology, skimmers have become more sophisticated than ever. Here’s what you need to know to stay one-step ahead of potential fraudsters.
What is Card Skimming?
For those who may not know, card skimming is the process in which payment information is extracted from a card-reading terminal. Criminals insert or overlay a physical device that’s wired into checkout terminals and ATMs. Once attached, the device can send or store any payment data collected. Then, fraudsters can create and use a magnetic stripe clone of your card in-person or online for illegal purposes.
Aren’t Chip Cards “Safer” Due to EMV?
Yes. Especially compared to their magnetic stripe counterpart. Merchants tend to feel vulnerable when it comes to skimming, but EMV is helping increase their safety and security — thwarting potential criminals. The reason is that every EMV chip card has two sets of digital card validation codes: a CVC for the magnetic stripe and a different, integrated CVC for the EMV chip. Card issuers keep both codes on file, as well as a secret dynamic code unique to that chip, that verifies the authenticity of every card transaction.
Due to these protocols, it’s impossible to clone a chip card. If merchants and banks are following standard security protocols, the magnetic stripe clone shouldn’t work. As for non-compliant merchants, their numbers are diminishing fast as cardholder’s trade in their magnetic stripes for EMV chip cards.
Until fueling pumps, ATMs, and POS terminals become outfitted with EMV technology, magnetic stripe cards will continue to be an open invite for fraudsters. Magnetic stripes simply lack the layers of protection offered by new card chip technology.
Can Mobile Payments Save the Day?
At the end of the day, odds are very slim that your card will ever be skimmed and cloned. But, that doesn’t mean merchants and consumers can’t take extra steps to mitigate that risk.
Besides typical monitoring for unauthorized purchases, contactless payments and mobile wallets offer the next line of defense. Mobile wallet apps like Apple Pay and Samsung Pay transfer very limited banking information that prevents them from being used for fraud. This prevents possible data collection and cloning of credit cards.
The Tools of the Trade
There are roughly, two styles of devices fraudsters employ: overlays and shimmers. Overlays are card and PIN skimmers made to sit atop card readers at in-store self-checkout lanes. They are often large and bulky, mimic the look of the original, and sit flush on-top the POS terminal itself. It replaces the card slot and number pad completely. So, when a customer swipes a card, that data is recorded and the PIN code is captured by the skimming unit.
Leveraging Bluetooth for Skimming
More advanced skimmers are Bluetooth-enabled and composed of used parts from different Samsung smart phones. These skimmers can be found by any device with Bluetooth and can place itself in a mode to send stolen card data and PINs remotely. At times, this can be setup to capture stolen data in real time. This allow criminals to be sitting outside in the store parking lot, using a laptop and high-gain antenna to pull in card and PIN data.
‘Shimming’ is the New Skimming
Shimming involves inserting a paper-thin, card-size shim with a microchip and flash storage into the card slot itself. It rests unseen and intercepts data from your card’s EMV chip but they are unable to make a cloned version. These units are stealthy and allow for that data to be sold on the black market.
A shimmer can also be installed to indoor, in-store POS terminals where they can record shared data between the card’s chip and the terminal. When a fraudster goes to collect the shim and fraudulent information, they just appear to be paying at the terminal.
Greater Security is Attainable
Lately, both types of scams have gained more domestic momentum in the U.S. due to the slow, ongoing transition from magnetic stripe to chip cards. This has contributed to a record 15.4+ million victims and businesses of the ongoing identity theft crisis since 2016.
There’s no foolproof method to protect merchants or consumers from these card-data-stealing devices. However, chip cards are making great strides toward eliminating skimming. A merchant’s best plan of attack is to be EMV compliant and ready to accept chip cards as businesses continue the roll-out to the users.
Find Out if Your Business Up-to-Date and EMV Compliant:
Contact us online or call 1-800-621-8931.
Subscribe to Card Talk
Our monthly newsletter delivers the latest payments news straight to your inbox