The news this year has been full of credit card breaches--hackers breaking into a company's databases to steal thousands or millions of people's credit card and personal information that's then used or sold in some way to enable theft and other criminal activity. Target, Neiman Marcus, Michael's, White Lodging Services Corporation and Sally Beauty have all suffered these attacks this year, exposing consumers to identity theft and fraud.
However, there's another way thieves attack consumers to get their credit card information, and that's by skimming. Skimmers are devices that thieves install in locations where you swipe your card--ATMs and gas pumps are big targets--and they lift the account information from the magnetic stripe on the back of your card. If you're doing a PIN-based transaction, such as getting a cash advance from your credit card at an ATM, the skimmer can also steal that information.
Once a thief has your credit card information, they can easily put it onto a blank credit card and use it as their own, and someone ends up footing the bill. Whether it's the consumer, the credit card issuer, or a merchant who has to cover the charges the thief made, the amount adds up quickly. The Nilson Report found that in 2012, card issuers spent $3.4 billion and merchants spent an additional $1.9 billion covering the costs of fraud. Those costs eventually trickle their way down to consumers in the form of higher fees, interest rates or prices.
Skimming is such a prevalent activity, not just because it's easy to steal information from a magnetic stripe-based card, but also because the devices are relatively easy to get over the Internet, and they can also be pretty cheap. Many underground sites offer skimming devices ranging in price from under a hundred dollars to a few thousand dollars, which may sound expensive, but when compared to the return they could bring, they're still an attractive option for thieves.
A skimming device generally fits over the existing technology on the machine, and when you slide your card into it, there's some sort of reader that captures the data. Brian Krebs of Krebs on Security features some of the different kinds of skimmers data theft criminals use. The skimmer could be a reader that a thief can install for a few hours and then retrieve later, but some skimmers can now transmit data wirelessly. Some skimming operations include strategically placed cameras that can record PIN number input. Still other skimmers are small transmitters that can attach to a cash register to capture data.
While criminals do get more sophisticated in the ways they use skimmers to steal credit card information, there are some things consumers can do to make sure they're not using a compromised device. Commonwealth Bank of Australia points out that skimming devices can look quite similar to the real thing, but there are some telltale signs that an ATM or other card reader, like a gas pump, has been tampered with.
If the machine looks beat up or vandalized, be more careful around it. Look at the slot where the card goes. Check to see that the card entry device isn't smaller than the actual space it's designed to fit into and that there are no visible wires either around the slot or hanging out of it. Make sure there's nothing around the device or the area it's in that could hold a hidden camera that can record any data you input onto a keypad. Also make sure that any keypad plates don't look like they've been replaced. If they look smaller than actual size or appear damaged, someone may have installed a skimmer plate to capture any data from the keypad.
It's a good idea to be aware of skimming techniques and look for them every time you use your card. As summer travel season heats up, this is especially important, because having a card stolen when you're far from home can take all of the joy out of a vacation.