Credit card skimming refers to the illegal copying of card data from payment terminals, ATMs, and other card readers tampered with specialized hardware devices. Criminals have stolen tens of billions of dollars with such physical card skimmers over the past decades.
While merchants and banks implement advanced fraud detection systems, these skimming devices integrated directly into payment infrastructure can evade many protections. Customers ultimately need to remain vigilant to avoid falling victim themselves.
A Brief History of Credit Card Skimming
Payment card skimming first emerged in the 1990s with the wide adoption of cards with magnetic stripes. Criminals realized that by attaching a small external device to legitimate payment terminals, they could copy stripe data and produce cloned counterfeit cards.
Early skimmers were relatively bulky – often needing to be disguised in false panels outside ATMs and large retail payment terminals. But criminals constantly refined designs for more discreet compact devices that snap flush into readers. White plastic blends into machines, tiny embedded cameras capture PIN entry, and Bluetooth pulls data without physical access.
Over the past decade, skimming received a major setback as new EMV chip cards replaced easily cloned magstripe versions in the United States. But persistent fraudsters have once again adapted with "shimming" – implanting tiny devices inside chip readers to steal data used in the more advanced transactions.
The cat and mouse game continues. As card networks bolster security in one area, criminals probe for weaknesses in another until the next generation of protections emerge. Customers find themselves caught in the middle of this invisible arms race every time they use a payment card.
Detailed Skimming Statistics
Payment card fraud encompasses many schemes beyond physical skimmers, but external skimming devices remain a massive criminal enterprise.
The ATM Industry Association tracked worldwide skimming attacks. Incidents decreased with the introduction of American EMV cards in 2015, but have begun rising again with chip readers compromised by shimming:
The United States tallied the most skimming victims from foreign travelers. Brazil, Indonesia, and Mexico follow closely behind with the most incidents inside their own borders:
And Visa cards get skimmed the most according to compromised U.S. Secret Service cases, though all brands suffer high volumes:
These charts reveal skimming‘s ongoing threat despite EMV chip card protections. Understanding the techniques used allows customers to detect tampering and shield their payment card data.
How to Spot Credit Card Skimmers
Advanced skimming devices now perfectly match surrounding card readers and avoid external clues of tampering. But forensically inspecting machines helps detect subtle signs of trouble:
Follow this skimming inspection checklist every time you use an outdoor ATM or isolated payment terminal:
- Carefully check for mismatched colors, materials, textures
- Wiggle and press on the card reader and keypad
- Inspect edges for extraneous wires, tape, glue
- Verify all logos match legitimate payment brands
- Check for intact security tape and undamaged surfaces
- Cover keys and watch for tiny pinhole cameras
Also consider more supervised terminals less prone to tampering – inside bank vestibules, staffed retail registers, tabletop pay-at-table devices, etc.
If anything looks questionable, cancel the transaction and report the suspicious device to the bank branch or merchant manager immediately. Law enforcement appreciates detailed descriptions of shape, size, exact placement, and textures of unfamiliar attachments.
Protecting Your Credit Cards from Skimmers
While checking terminals helps avoid compromised machines, you should make skimming less appealing to criminals in the first place:
- Use contactless "tap to pay" instead of inserting cards whenever possible. This transmits data via encrypted NFC that skimmers can‘t grab.
- Favor EMV chip transactions over magstripes and always insert chips when prompted. Chips prove possession raising the bar.
- Stick to major bank ATMs in well-traveled lobbies and retail chains versus Standalone gas station machines which get targeted more.
- Check statements religiously for unfamiliar charges and report discrepancies immediately before further losses.
- Set up transaction alerts to monitor visits real-time instead of only seeing monthly statements.
Balancing security and convenience is an endless struggle in payments. But staying informed on the latest threats allows taking appropriate precautions for your comfort level.
Ongoing Needs for Persistence and Vigilance
Even as banks and merchants adopt sophisticated fraud detection systems, crafty criminals adapt their physical card skimmers to fly under the radar. The basic concepts behind stealing raw magnetic stripe data remain the same over decades, but the hardware constantly evolves.
What will tomorrow look like? Destroying EMV chips via electrical fault injections? Intercepting contactless RFID signals? Fake second screens and number pad overlays? Compromising verification procedures? One thing is for sure – we must persistently defend against persistent threats.
Stay vigilant for tampered terminals and odd card charges. But also follow security professionals to stay aware of new attack innovations being reported. Only with such acute ongoing attention can we protect our sensitive payment card data against compromise. I‘ll be here keeping readers updated as changes emerge.
