Credit Cards Skimmers, Shimmers, and Hidden Cameras
Jim Rutske
|
Cyber
|
September 6, 2022
Recently, I had just returned from a wonderful weekend firearms training class when a text from my bank popped up on my phone. “Is this transaction of $86.73 to Zazzle you? Reply Yes or No” I replied No and received a text in retu¬rn telling me my account was locked and to call customer service in the morning. When I did, I was shuffled to the fraud department and discovered I had fraudulent charges in multiple states totaling over $2k.
My bank fraud expert who was very helpful clearing all this up, stated it was likely stolen at a physical location where I recently used my card. My info was taken and sold off on the dark web somewhere to multiple people who raced to make charges before my bank caught on…which was only a couple hours and about 15 charges.
We are not talking about milk here. A card skimmer is a physical device attached to the outside of an ATM or card reader at a gas pump, grocery store, etc. They can store the data on the skimming device and then be sneakily retrieved by the original installer or they can transmit via Bluetooth to a nearby criminal sipping a cup of coffee. Either way, if you run your card and punch in your PIN you just gave a bad person a free shopping spree.
If skimming is the external device used to steal your info, shimming is the inside the machine device to gather your data. Shimmer are targeting chip based credit cards and shimmers are a small nearly paper thing piece of circuit board slid inside the card reading slot. When you insert your card into the normal looking slot your info is passed through the shimmer into the machine and your transaction looks and feels perfectly normal. Chip based cards are still much safer than mag stripe cards we all grew up with and as of this writing thieves have yet to be able to make new functioning chip cards with stolen data, but I’m sure that time is drawing near.
Yet another ingenious way criminals have of ruining our lives is with hidden cameras on ATMs and card readers. These camera devices can be rather tricky to discover because we are typically focused on the card slot and keypad being real or fake. However, small cameras can be installed to the machine and physically watch the card numbers being slid into the slot and see your fingers poking out the PIN. These cameras are molded into housing that look like part of the actual ATM or card reader. Always cover your keypad when you type in your PIN. It may feel silly but you will save yourself from being an easy victim.
Your card data can also be stolen during your online purchases. This is referred to as E-skimming. Online retailers who do not have robust security or encryption can be easy targets for hackers to gain possession of your data. These are pretty rare according to data but nonetheless you need to be vigilant and watch your bank transactions every so often.
Europay, Mastercard, and Visa is where the acronym EMV came from. They are commonly referred to as chip cards and you probably already own a few of these as they are becoming common place in 2021/2022. The finger nail size gold chip provides a layer of security in that it can not be reproduced like a magnetic stripe card can. You may notice on the back of your chip card there is still a magnetic stripe. The stripe is there as a fallback for older terminals who do not have a chip reader. So yes, if a bad guy has your card numbers and pin they can still make a mag stripe copy, chip or no chip.
The newest and currently safest transactions come from contactless payment. Contactless payments utilize a RFID (Radio Frequency Identification) and NFC (Near-Field Communication) to send your data without your card physically touching the terminal. The main advantage here is when your data is transmitted it uses a one-time verification code or token instead of your personal information like your mag stripe swipe card does. The one-time code is generated by a complex algorithm by your bank and even if a hacker were to crack it, they still wouldn’t know your name for a fake card copy. There are two drawbacks to NFC cards the first is physical possession. If you lose your card, anyone who picks it up can use it since there is no PIN or identity check for use. Secondly, RFID chips can also be scanned by hackers who have a hidden RFID scanner on them and then bump into your wallet or purse. There just isn’t one perfect solution is there?
Being aware and observant is your best defense to check for tampering. If the card reader doesn’t look or feel right, just don’t use it. Is the security seal broken on the gas pump? Does the card reader slot look odd or made out of material unlike everything else? Is the keypad brand new but the overall machine look well worn? Did your card not go in smoothly or feel like it got hung up or tight in the slot. All signs you should take a moment for a harder look or back out of your transaction.
RFID chip cards can be protected with a RFID blocking wallet
Or a simple blocking sleeve
My first recommendation is to limit or eliminate your debit card use. Switch to a credit card for all your transactions and just pay the bill when its due. Using a credit card instead of debit provides an additional layer of security. All major credit card companies have robust security algorithms watching your transactions and most have complete forgiveness of fraudulent transaction like mine did. Secondly, switch out your outdated mag stripe cards for EMV chip cards. Thirdly, I highly recommend contactless payment with NFC transactions cards or using your phone for Apple, Samsung, or Android Pay. I know that doesn’t work for everyone but for those tech savvy types it is currently the safest way to pay. Stay vigilant and keep on researching for the reset.
.jpg)