Skimming is a fraudulent activity where devices are illegally installed on or inside ATMs, point-of-sale (POS) terminals, or fuel pumps to capture card data and record cardholders’ PIN entries, if applicable.
Criminals use this captured data to create counterfeit payment cards, enabling them to make unauthorized purchases or steal money from victims’ accounts. Skimming is estimated to cost financial institutions and consumers over $1 billion annually.
Fuel Pump Skimming
Fuel pump skimmers are typically connected to the machine’s internal wiring, making them invisible to customers. These devices store data that can be downloaded or transferred wirelessly later.
Tips for Using a Fuel Pump
- Choose a fuel pump closer to the store and in direct view of the attendant, as these pumps are less likely to be targeted for skimmers.
- Run your debit card as a credit card. If this isn’t possible, cover the keypad when entering your PIN. Additionally, examine the keypad for any coloring, material, or shape inconsistencies, which may indicate the presence of a foreign device (keypad overlay).
- Consider paying inside with the attendant instead of outside at the pump.
- If both the card and terminal support tap-to-pay, use it instead of swiping or inserting your card. Tap-to-pay transactions are more secure and less likely to be compromised.
ATM Skimmer Devices
ATM skimmer devices are inserted into the card reader or installed within the terminal. Some skimmers may fit over the terminal’s card reader or be situated along exposed cables at freestanding ATMs, such as convenience stores.
Pinhole cameras installed on or around ATMs record a customer’s PIN entry, with their placement varying widely.
In some cases, keylogging keypad overlays are used instead of pinhole cameras to record PINs. These overlays capture a customer’s keystrokes.
POS Skimming Devices
POS skimming devices, such as those capturing EBT card data, are generally designed as overlays to the POS terminal and have wireless transmission capabilities. These devices may exist in any market, convenience store, or retailer.
Installing a skimming device only takes seconds. Fraudsters may distract store clerks by requesting items from behind the counter to accomplish this.
Skimming devices store data to be downloaded or wirelessly transferred later. Some of these devices transmit the data wirelessly in real-time to nearby devices.
Electronic Benefits Transfer (EBT) Card Skimming
Since at least 2021, EBT card data has become a key target for skimming groups and criminals. EBT and other public benefits cards are appealing targets because they are not chip-enabled. Embedded microchips secure customer payments far better than magnetic stripes. The lack of chips on benefits cards makes it easier for bad actors to compromise them and “cash out.” (As of early 2024, no state’s EBT cards had an embedded chip, though a few states are working toward this goal.)
Additionally, some complicit retailers have facilitated the compromise and cash-outs of this card data, further exacerbating the problem.
Criminals typically cash out EBT cash benefits (those available for withdrawal at ATMs) right after these accounts receive monthly funding, often between midnight and 6 a.m. on the day the benefits become available.
Criminals also often cash out Supplemental Nutritional Assistance Program (SNAP) benefits between the first and tenth of the month through bulk purchases of readily marketable items like baby formula, energy bars and drinks, cooking oil, and candy.
EBT cardholders generally have limited protections compared to standard credit and debit card holders. As a result, they may not be reimbursed fully or at all for benefits lost to criminals, compounding their existing financial hardships. Reimbursement—when it does occur—may take weeks.
Tips When Using an ATM or POS Terminal, Including for EBT
- Inspecting ATMs, POS terminals, and other card readers before use is crucial in preventing potential fraud. Look for anything loose, crooked, damaged, or scratched. If you notice anything unusual, avoid using the card reader.
- Check the keypad: Pull at the edges of the keypad before entering your PIN. Cover the keypad as fully as possible when you enter your PIN to prevent cameras from recording your entry. Remember, a pinhole camera may be on or around the terminal.
- Use well-lit, indoor ATMs: These may still be compromised but are less vulnerable targets.
- Being alert in tourist areas is crucial, as skimming devices are commonly found there. Stay vigilant and be cautious when using card readers in such areas.
- Use debit and credit cards with chip technology: Fewer U.S. devices steal chip data than magnetic stripe data. However, the mag-stripe data on the backs of these cards is still vulnerable.
- Avoid using debit cards with linked accounts: Criminals can access all linked accounts if their debit card is compromised. Use a credit card instead.
- Monitoring your accounts is crucial, as it helps promptly identify any unauthorized transactions. Routinely check your credit card, bank, EBT, or other benefits accounts. Set up email or text alerts to notify you of card or account transactions.
- Review account security options: These can include multi-factor authentication of transactions or freezing an account between your transactions. While these steps may seem inconvenient, they significantly reduce the risk of financial losses.
- Contact your financial institution immediately: If the ATM doesn’t return your card after you end or cancel a transaction, this may suggest the presence of a foreign device in the card reader.
We at SecureCyberNetwork are dedicated to providing you with the latest updates, tips, and expert advice to keep you safe in the digital world.
Your commitment to staying informed is about your safety, the safety of your loved ones, and the safety of our community.
Your involvement is powerful.