Credit card skimmers
I’d like to approach a topic which might not exactly be part of the purview of this blog but it is related and that’s skimmer fraud. Most likely, you’ll run into skimmers at ATMs and at exposed point-of-sale terminals like those on gas pumps.
So, what’s a skimmer?
It’s a device that attaches to the credit card slot of an ATM or point-of-sale terminal to make a copy or “skim” the data from your credit card’s magnetic strip as you swipe or insert the card. Its frequently coupled with a device to copy your pin when you enter it, either with a faux-keypad that lays on top of the real keypad or a discrete camera to watch you enter the pin from above.
Though skimmers have been around for years, they have been getting more and more sophisticated. As a result, it’s nearly impossible to detect them, so one needs to take care with where and how to use ATMs and point-of-sale terminals.
The most sophisticated skimmers are embedded within a given ATM or point-of-sale terminal and use Bluetooth to download the data to someone nearby. They are put in place by corrupted service technicians and are impossible to detect without knowing what to look for and how to find it.
So, the purpose of this post is not to get into detail about skimming. Rather it’s to acknowledge that this is a serious issue and offer strategies for coping. To read up on skimmers and skimming in general, I’d recommend Brian Kreb’s post All about Skimmers.
What should one do?
First of all, you should assume that one of your credit or debit cards will be compromised at some point. Given that, you need to do some simple things to help mitigate the risk and insure clear liability if your credit card is compromised:
- Visually inspect the ATM or card reader — I always check out the reader. Does it stick out? Does it look not-quite right? ATMs typically motor the card into the machine, with the slot typically recessed into the machine. Also, if you limit your use to readers you’ve used before, it should be easier to detect external skimmers. BTW: This should only take a few seconds. If something looks funny, don’t use it and let the bank or proprietor know.
- Use your credit card — At point-of-sale terminals, use a credit card in lieu of a debit card. Credit cards have liability limits (usually $50) if they are used fraudulently. Also, since you pay later, you have time to see fraudulent change before you pay. Debit cards have no liability protection (though the bank might forgive fraudulent changes). Also, the funds come directly out of your bank account. The money is gone before you will detect fraud.
- Avoid standalone ATMs — Though ATMs at banks can be hacked, It’s more difficult to do so and the bank has clear liability if one of their machines contains a skimmer. Who can you contact if a standalone machine has a skimmer? Establishing liability is much more difficult with standalone ATMs.
- Cover your hand when entering a PIN — When I enter my PIN, either a point-of-sale terminal or ATM, I always cover my hand when entering my pin. Don’t assume that a hidden camera is over your head, it might be incorporated into the skimmer, so I usually cover with my other hand.
- Use the touch screen to enter your PIN — If available, use the touch screen to enter your pin.
Finally, promptly check your credit card and bank statements looking for fraudulent transactions. Taking it a step further, many credit cards and banks offer email or IM notifications for transactions above a threshold you set. This is a great method to detect fraudulent changes quickly. Finally, downloading your credit card and bank information into a financial management package like Quicken allows you to examine transactions daily.
If you detect a fraudulent charge, call your credit card provider or bank and report it ASAP. Time is not on your side here, so the sooner the better. Be prepared to indicate where and when you used the card, so that they can work to isolate where the problem occurred.
Be careful out there …