What is credit card skimming?

Editorial Team

3 min read
Inserting card at gas pump

Credit card skimming is one of the most damaging forms of card-based fraud. Whether used on an ATM or on a point-of-sale (POS) terminal, the basic con is the same:

  • Step 1: The criminal installs a hidden recording device that’s able to read the magnetic stripe on the back of credit and debit cards.
  • Step 2: The thief also installs a fake keypad overlay that looks and feels exactly like the terminal’s realkeypad.
  • Step 3: Customers swipe their cards and key in their PINs — not knowing that the POS reader or ATM slot has been compromised.
  • Step 4: The criminal returns later to uninstall the skimming gadgets and transfer all the stolen data to his or her computer. Some thieves can even wirelessly transmit the information without making a return trip.

This type of fraud makes it difficult for customers or merchants to know when a card reader has been altered. PIN pad skimming devices have been discovered nearly everywhere, including at some of the biggest and most trusted retailers — from Walmart to Safeway.1

The problem has become so bad that credit card skimming is responsible for an estimated $8 billion in annual losses.2 With absent major security upgrades by banks, retailers, and the card industry, those numbers will likely grow.

Protecting yourself from credit card skimming

There was a time when you could easily detect POS skimmers or tampered ATMs. The attachments were visibly clunky, and you could loosen them with a gentle nudge. Yet today’s technology is far more sophisticated — as this video illustrates. Even jostling a terminal won’t necessarily reveal any foul play.

However, it’s possible to significantly reduce your exposure to this common fraud.

Credit card skimming relies heavily on magnetic stripe technology, but by using EMV (Europay, Mastercard and Visa) credit cards and readers, you and your customers benefit from an extra layer of security. This is because these newer forms of cards come with embedded chips that are difficult to clone or steal. To make a purchase, the customer must “dip” (not “swipe”) the security chip into the EMV reader, making it much harder for compromised terminals to capture any data. 

Even if a fraudulent reader could read the chip, the data would be meaningless.  This is because EMV cards use dynamic single-use values for each transaction.

In markets that have adopted EMV chip card technology, card-present counterfeit fraud has plummeted by 87 percent.3

However, there’s a catch:

Most EMV credit cards still come with magnetic stripes that allow them to be swiped on older terminals. Any time EMV plastic is swiped on a legacy reader, there is the potential that hard-coded account information can be stolen.

To protect yourself, use your chip whenever possible. Unfortunately, this is sometimes easier said than done.

Interested in learning more?

If you are a merchant and are interested in learning about fraud protection for your business, contact our team of payments experts today.

1 “Skimmers Found at Walmart: A Closer Look,” Krebs on Security, 25 May 2016
2 “The $8 Billion Crime That Touches All of Us,” The Steve Pomeranz Show, 26 February 2020
3 “Visa: Chip Cards Reduce Counterfeit Fraud by 87 Pct.” PYMNTS.com, 4 September 2019

Popular Topics

Recent Stories

Please share your contact information
to access our premium content.