Credit Card “Shimming”: The New Skimming
Credit card shimming is like an updated version of skimming, a form of common scam where thieves attach a device to the credit card readers at some places such as gas stations. This device will read and copy the data from a magnetic swipe to allow the scammers to create a clone for the credit card that will be used later on or sell off the card number on the dark web.
It was assumed that chip-enabled credit cards were developed to get rid of vulnerability to fraud and identity theft since there is no way to skim such cards. However, fraudsters can be very persistent and they discovered how to lift data from the chip cards with the use of the new technique known as shimming that first took place in some areas such as Arizona and Mexico a few years ago.
With the new technique, a scammer inserts a shim or a paper-thin device enabled with flash storage and microchip directly in the dip and waits for a slot on the card readers where chip-enabled cards are accepted.
This shim will copy and save the data from your debit or credit card. While it is not possible to use the chip’s information for cloning a new chip card, it can come in handy for creating a card’s version that features a magnetic strip and most retailers still accept this kind of card, particularly online.
Unlike the skimming devices that are usually bulky, a shimming device is unobtrusive and small. It is easy to insert them into the card readers at the in-store terminals. What is even worse is that scammers can also collect the information by just inserting the special card to the card reader. This way, it will seem like the scammer is simply using the ATM or paying for something.
Although it is the responsibility of the business to check their card readers every day to ensure that they are not tampered with, you can still do some things to make you less prone to shimming. Make sure you take advantage of your debit or credit card’s contactless tap and go feature if it has one.
This way, you don’t have to insert your card to a reader that might have been enabled with the shimmer. This is applicable to mobile payments such as Google Pay or Apple Way since both are much safer compared to having to insert your card to any reader.
Every time you use an ATM, don’t forget to keep the keypad covered every time you enter your PIN. Or better yet, you can use those ATMs inside banks instead of standalone terminals that are more prone to scammers. Other better options are to get cashback from your purchases or go to a teller to completely avoid ATMs.
If you notice any resistance after inserting your card to a reader, halt the transaction right away and notify the store and your bank.