How to Spot and Avoid Credit Card Skimmers and Shimmers
PC Magazine|April 2021
The moment I realized how woefully insecure credit and debit cards are is still vividly clear.
MAX EDDY

I watched as someone took an off-the-shelf USB magnetic-stripe reader and plugged it into a computer, which recognized it as a keyboard. They opened a word processor and swiped the card. A series of numbers dutifully appeared in the text file. That was it: The card’s information had been pilfered.

That same technology has matured and miniaturized. Tiny “skimmers” can be attached to ATMs and payment terminals to skim your data off the card’s magnetic strip (“magstripe”). Even smaller “shimmers” are shimmed into card readers to attack the chips on newer cards. Now there’s also a digital version called “e-skimming” that’s pilfering data from payment websites. Fortunately, you can protect yourself from these attacks.

WHAT ARE SKIMMERS?

Skimmers are tiny, malicious card readers hidden within legitimate card readers that harvest data from every swiped card. After letting the hardware sip data for a while, a thief will stop by the compromised machine to pick up the file containing all the stolen data. With that information, the thief can create cloned cards or just commit fraud. Perhaps the scariest part is that skimmers often don’t prevent ATMs or credit card readers from functioning properly, making them harder to detect.

Getting inside ATMs is difficult, so ATM skimmers sometimes fit over existing card readers. Most of the time, the attackers also place a hidden camera somewhere in the vicinity to record the PINs (personal identification numbers) we use to access our accounts. The camera may be in the card reader, mounted at the top of the ATM, or even in the ceiling. Some criminals even install fake PIN pads over the actual keyboards to capture the PIN directly, bypassing the need for a camera.

The picture above shows a real-life skimmer in use on an ATM. The weird, bulky yellow bit is the skimmer. This one is easy to spot, because it has a different color and material than the rest of the machine, but there are other telltale signs. Below the slot where you insert your card are raised arrows on the machine’s plastic housing. You can see how the gray arrows are very close to the yellow reader housing, almost overlapping. That is a sign a skimmer was installed over the existing reader, since the real card reader would have some space between the card slot and the arrows.

ATM manufacturers haven’t taken this kind of fraud lying down. Newer ATMs boast robust defenses against tampering, sometimes including radar systems intended to detect objects inserted or attached to the ATM. However, one researcher at the Black Hat security conference was able to use an ATM’s onboard radar device to capture PINs as part of an elaborate scam.

ARE SKIMMERS STILL A THREAT?

While researching an update to this article, we reached out to Kaspersky Labs, and company representatives told us something surprising: Skimming attacks were on the decline. “Skimming was and still is a rare thing,” said the Kaspersky spokesperson.

The Kaspersky representative cited EU statistics from the European Association for Secure Transactions (EAST) as indicative of a larger trend. The EAST reported a record low in skimmer attacks, dropping from 1,496 incidents in April 2020 to 321 incidents in October of the same year. The effects of COVID-19 might have something to do with that drop, but it’s nonetheless dramatic.

As recently as January 2021, a major skimming scam was unearthed in New Jersey. It involved attacks on over 1,000 bank customers, with criminals attempting to make off with over $1.5 million.

FROM SKIMMERS TO SHIMMERS

Continue reading your story on the app

Continue reading your story in the magazine

MORE STORIES FROM PC MAGAZINEView All

WELCOME TO THE VIRTUAL HUMANS FACTORY

Medical trials are risky business. Human subjects eager to help researchers find cures or treatments for life-threatening ailments put their trust in medical professionals. But what if these trials could be conducted without human testers?

10 mins read
PC Magazine
May 2021

LG Gram 17 (2021): Light Weight, Giant Screen

The case for choosing a laptop with a jumbo screen—one larger than 15 inches—has never been stronger. The much-improved LG Gram 17, with a gorgeous 17-inch QHD display, is exhibit number one.

9 mins read
PC Magazine
May 2021

How to Make Your Windows PC Boot Faster

Computers have come a long way since the beige boxes of old, but even with speeds measured in gigahertz and gigabytes per second, they still involve some occasional waiting.

5 mins read
PC Magazine
May 2021

DIGITAL DETOX 2021 Is It Time to Put 6 Feet Between You and Your Personal Tech?

Online socializing, remote learning, and working from home have changed our minds, bodies, and behaviors—for better and otherwise. It’s time to take stock of our relationship to personal technology and the growing need to distance ourselves.

10+ mins read
PC Magazine
May 2021

Google Nest Hub (2nd Gen): Now With Sleep Tracking

The original Nest Hub was a perfectly capable smart display, but as Google’s only model, it felt a bit lacking compared with Amazon’s Alexa-powered lineup.

10+ mins read
PC Magazine
May 2021

OnePlus 9 Pro: Excellent Performance, Display, and Camera

The OnePlus 9 Pro smartphone delivers a streamlined flagship experience to T-Mobile and Verizon subscribers, finally catching up to its competitors. The phone itself is light in the hand, and the user experience is weightless as well.

10+ mins read
PC Magazine
May 2021

Microsoft Surface Laptop 4 (15-Inch): Excellent Choice

The 15-inch version of the Microsoft Surface Laptop 4 offers one of the most refined computing experiences of any Windows laptop. With two color options and excellent build quality, it’s a standout big-screen notebook.

10+ mins read
PC Magazine
May 2021

DJI Air 2S: Upgraded Camera and Obstacle Sensor

For all intents and purposes, the DJI Air 2S is last year’s Mavic Air 2 with an upgraded camera and obstacle sensors, expanded automatic camera movements, and the robust safety features and quality that have made DJI the market leader in aerial imaging.

10+ mins read
PC Magazine
May 2021

10 Simple Ways to Make Better To-Do Lists

How effective is your to-do list? Does it help you plan your day and nudge you to prioritize the right tasks? Or is it a never-ending inventory of tasks you feel guilty for not having done yet, and now you’re not going to do any of them? A good to-do list should serve you. You should not be at its mercy.

7 mins read
PC Magazine
May 2021

Wyze Robot Vacuum: Affordable and Smart

Looking for an affordable robot to clean your floors? The Wyze Robot Vacuum offers a lot to like, including 2,100Pa of suction power and a laser sensor for mapping your home, a feature typically found only in more expensive models.

9 mins read
PC Magazine
April 2021