Thought credit skimming was a thing of the past? Remember in 2013 when it happened at Nordstrom — or when millions were stolen from gas-station card skimming schemes that had you scared to swipe your debit card ever again? Amid all the news of the “chip and PIN” cards foiling skimming thieves, you may have also thought this type of fraud was conquered. But sadly, no.

In fact, as of last year, 98% of all ATM losses resulted from skimming crime and 33% of all fraud incidents were linked to skimming crime, according to ATM Marketplace, an ATM industry trade group.

You’ve still got to be very careful where you swipe your card.

In fact, according to news reports, already this year, two skimmers have been found at the same ATM machine at the Renaissance Hotel in Cleveland and another credit card skimmer was found earlier this week at a self-service Gulf Station gas pump in Hingham, Boston. And, recently, Brian Krebs, on his blog KrebsonSecurity, warned that security experts had discovered skimming devices attached to credit and debit card terminals at self-checkout lanes at Safeway stores in Colorado and possibly other states in December 2015. He published this great skimmer photo and description of what the skimmers really look like.

So what exactly is credit card skimming?

Credit and debit card skimming is the use of shrewdly designed technology that skilled thieves create and attach to ATM cash machines, card readers and even cash registers to intercept credit and debit card data that you input when you swipe and key-in your PIN, according to Krebs. Thieves then transmit that data so they can use it to charge with your card information.

It used to be the thief always had to return to the scene of the skimming crime to retrieve the stolen information, but crooks have gotten more tech-savvy in the past year, relying on text messaging apps and using a BlueTooth signal to transmit the data to a smartphone so they won’t be seen by people or cameras removing parts of the machine.

Can chip and PIN cards be skimmed?

According Krebs, many banks are now issuing the newer, more secure chip-based credit and debit cards that make it harder for thieves to steal and copy. But, as long as retailers have not totally upgraded payment pads and continue to allow customers to avoid “dipping the chip” and instead allow them to “swipe the stripe,” these skimming attacks will continue across the retail industry. Even if the cards have a chip, the data will still be read and recorded on the card’s magnetic strip when you swipe in order to be backwards-compatible with retail systems that allow both, he said.

You may have heard that European banks only issue chip and PIN cards (also called EMV cards, which stands for Europay, Mastercard and Visa), which do make it harder for thieves. Even still, ATM skimming remains a problem for European banks mainly because other parts of the world like the United States, have not yet completely adopted this technology so the information from the swipe can be recorded in Europe and used by thieves in the U.S.

How to avoid getting skimmed and scammed when using your cards

  • Pull on the machine face. While reading through the KrebsOnSecurity library on credit card skimming, I came across a video a crook made showing how easy it is to install a credit card skimmer on a machine, which is essentially an overlay or a shell that mimics the real surface of the machine whether at the card reader, the PIN pad or both. Whether you’re at your neighborhood grocery store or a far-flung hotel or gas station, simply pull on the bottom of the card machine face to see if it pops off. If it does, don’t use it. At an ATM machine, push and pull on the different parts. Nothing should be loose. If it is, don’t use the machine.
  • Decline the swipe and instead insert your chip: If you have the new chip cards, you know you have to leave the card in the machine until you complete your transaction, what Krebs calls, “dipping the chip.” If you have that option, use it and decline the swipe and PIN. If your debit card doesn’t have a chip yet, opt for the credit option so you can avoid entering your PIN with the swipe.
  • Jiggle your card as you insert it. The card needs to go in straight for the fake readers to record the information on the magnetic swipe. If you jiggle it when inserting, you can still complete your transaction but the card reader won’t work for the thieves, according to a PC Magazine article quoting advice from Stefan Tanase, a security researcher at Kaspersky Lab.
  • Stay away from sketchy looking machines: Krebs says if the machine looks tampered with, has layers or is bent or nicked around the PIN pad or the card swipe, don’t use it. Also, Tanase advises additionally if the color scheme or the graphics of the card reader or the PIN pad don’t match the machine or seem not to fit the layout of the machine correctly, don’t use it. If there are two machines, check that they are both alike. If one is different from the other, don’t use either.
  • Cover the PIN pad with your other hand: While some skimmers involve the PIN-pad overlay to record your PIN as you press it in, many rely on hidden cameras to record your movements as you enter your PIN. Both Krebs and Tanase says the simplest way to foil those thieves is to cover your hand while entering your PIN.
  • Stay in well-trafficked, well-lit locations. That’s where crooks are less likely to install and retrieve skimming devices.

According to a recent JPMorgan Chase press release, Chase ATMs are being upgraded later this year so that Chase customers will soon be able to withdraw cash or initiate other transactions using just their cellphone. Instead of swiping a card and entering a PIN, a customer will receive a one-time use code from their Chase Mobile app to make withdrawals and in the future they will be able to use phone’s near-field communication services the same way Apple Pay and Samsung Pay work.


Related Articles:

Wendy’s Credit Card Breach and Your Credit

How CreditRepair.com Can Help Fix Your Credit After Identity Theft 

Staying Safe Out There — Best Practices For Preventing Identity Theft

Posted in Identity Theft