In today's world, the use of credit cards has become a daily practice. However, with the growing popularity of plastic cards, the attention of fraudsters has also increased, as they use various methods to gain access to card data. The two most common methods are skimming and shimming.
What is Skimming?
Skimming is a method of stealing credit card data where fraudsters use special devices to read information from the magnetic stripe of the card. Such a device is usually called a skimmer and can be installed on bank terminals, ATMs, or even in stores.
A skimmer can be hidden inside the terminal or externally mounted on its surface. When you insert your card into an ATM or terminal, the skimmer reads information from the card's magnetic stripe, including the card number, expiration date, and cardholder's name. Then, fraudsters can copy this information onto blank cards, thereby creating duplicates of your plastic cards.
Skimming involves several stages. First, fraudsters select a suitable location to install the skimmer. These can be unfamiliar ATMs or terminals that are not popular. Second, they install the skimmer in such a way that it is inconspicuous to users. Some fraudsters may additionally use mini-cameras to record the PIN code you enter when conducting a transaction.
Once the skimmer has collected the data, fraudsters can either use it for online purchases or "cash out" money by creating a duplicate card. It is important to understand that skimming is not just a random crime; it is a whole system that requires preparation and significant effort.
What is Shimming?
Shimming is a newer form of fraud that involves copying data not only from the magnetic stripe but also from the card chip. Unlike skimming, which deals exclusively with cards that have a magnetic stripe, shimming focuses on more modern chip cards. This method also involves installing specialized devices, but with their help, fraudsters can read data using wireless technologies like NFC.
A shimming device can be miniature in size and easily placed next to an ATM or terminal. When you tap your card, the shimming device reads the data from the chip and transmits it to the fraudster. Unlike skimming, shimming requires a higher level of technical training and equipment, but the risks for cardholders remain high.
As with skimming, the shimming process involves several stages. Initially, the fraudster installs the device near the card reader device without delving into details and without arousing suspicion. After installing the shimming device, the fraudster waits for someone to pass through the terminal.
When using modern chip cards, data is automatically sent as soon as you bring the card to the reader. This makes the process even more inconspicuous to the average user, who may not even realize that their information has been copied. Therefore, shimming can be more dangerous than skimming, especially in high-density user environments.
How Do Fraudsters Use Data Obtained Through Skimming and Shimming?
Once they have obtained card information, fraudsters can use it in several ways. One of the most popular methods is to create fake cards. Fraudsters can use the obtained data to print plastic cards with their photos but with your data. These cards can then be used for shopping in stores or withdrawing cash at ATMs.
Data can also be sold on the black market. Many cybercriminals collaborate and make significant money from selling stolen information as soon as they obtain it. This shows how serious and organized these crimes can be, as data can travel around the world, falling into the hands of different groups.
Moreover, the obtained data can be used for online shopping. Fraudsters can use the stolen data to purchase goods and services on the internet, making it difficult to track the identity of the criminals.
How to Protect Yourself from Skimming and Shimming?
Preventing fraud requires proactive actions on your part. Here are some recommendations that will help you minimize the risks of losing your credit card data.
- Check terminals. Before using a terminal or ATM, always pay attention to its condition. If the device looks suspicious or has anything unusual about it, it is better not to use it.
- Use cards with skimming protection. Many banks offer cards protected against skimming and shimming. Such cards have protection against reading through RFID technology.
- Don't give importance to free spaces at ATMs. If you see that there are no lines at other ATMs, but there is a long line at one ATM, it is better to refrain from using that device.
- Pay attention to your privacy. When entering a PIN code, try to cover the keyboard with your hand. This will help protect your information from spy cameras or people who may be watching you.
- Use transaction notifications. Many banks offer services to send transaction notifications to your email or phone. This will allow you to quickly respond to any suspicious activity.
- Check account statements. Regularly checking your bank account will help you monitor any suspicious transactions. If you notice anything unusual, immediately report it to the bank.
- Don't leave your card unattended. Although it may seem obvious, it's important to remember that your card is your asset. Do not leave it unattended and do not allow others to use your card.
- Use RFID protection devices. If your cards have RFID technology, consider using protective sleeves that block the signal and protect the cards.
Conclusion
Skimming and shimming are serious threats, but by taking certain precautions, you can protect yourself from these fraudulent methods. Awareness is the first step to security. Knowing how these schemes work and being able to recognize potential threats will help you safeguard your data and financial information. By applying the recommendations outlined in this article, you can minimize risks and protect your assets.