Anatomy of an ATM Skimmer Scam

Today's Best Tech Deals

Picked by PCWorld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

You may already know that it’s important to protect your financial information when you shop online. But a high-tech threat can steal your credit card information when you’re out shopping around town. Scammers can steal your ATM or credit card information without your even noticing, and the technology behind their tricks is getting more and more advanced.

The crime called credit card “skimming” has become increasingly common in the past few years. In fact, authorities recently uncovered a large, sophisticated skimming operation where scammers attached their devices onto the self-checkout machines at 24 Lucky supermarkets in Northern California. The scam caught hundreds of customers who used the self-checkout machines in October and November 2011 and had their account information stolen.

Obviously, skimmers are a serious security threat. But how exactly do these devices work, and how do you protect yourself from them?

How a Skimmer Operates

Credit card skimmers are essentially devices that thieves place over the actual card readers on an ATM or credit card terminal to collect your financial information for fraudulent use. As your card passes through it, that skimmer reads your card’s magnetic strip, thereby collecting your card’s information. Beyond that, though, a surprising amount of variation exists in the hardware and exact methodology behind these scams.

The hardware itself can range from small, cheap skimmers that can be spotted fairly easily to elaborate 3D-printed rigs that are almost indistinguishable from an actual ATM.

Skimmers also vary wildly in exactly how they collect your information. Just collecting your card number isn’t enough, so most skimmers also include some way to capture and store your PIN and your card’s security code (typically a three-digit code that’s found on the back of your card). Some skimmers include a false keypad that’s placed atop the actual keypad that collects your PIN, but newer devices utilize harder-to-detect pinhole cameras mounted above the keypad--cameras that collect images of you entering your personal information.

The skimming devices can store the information locally and be physically picked up by criminals, but more and more of these devices transmit information to their owners. Some skimmers simply connect to a phone line, but skimmers that send information wirelessly are becoming more common. Some will even transmit data information to the scammer’s cell phone via Bluetooth.

Steps to Protect Yourself

With all these tools at criminals’ disposal, it can seem impossible to protect yourself from an skimming operation. Fortunately, you can take a few simple steps to avoid falling prey to skimmer scams. The first and most obvious is to take a careful look at an ATM before you use it. It takes an expert to spot the most sophisticated skimmers, but those are the exception and not the rule.

Be suspicious if something looks like it’s sticking out too far or if it doesn’t match with the rest of the machine’s design. Many skimmers are fairly shoddy pieces of equipment that are weakly tacked onto to the card reader. Kevin Haley, director of Symantec’s Security Technology & Response Team, says you shouldn’t be afraid to get physical. “I wouldn’t hesitate to pull on something if it looks like it doesn’t belong,” he told PCWorld. Before you insert or swipe your card, give the reader a good tug, or jostle your card around the slot to see if anything is loosely attached.

Even if you don’t think an ATM or credit card terminal has a skimmer attached to it, you should take some basic security precautions. Pinhole cameras can be almost impossible to detect, but they’re also fairly easy to thwart. The next time you’re entering your PIN just use your free hand to block the view of you entering your PIN. That way, a camera mounted above the PIN pad can’t tell what you’re entering, which will help prevent criminals from being able to access your bank account.

Other warning signs you should watch for may not involve the device itself. Beth Givens, the director of the Privacy Rights Clearinghouse, says you should also be on the lookout for anybody hanging around your ATM for long periods of time--some skimmers need someone nearby to collect captured information. Also, avoid using ATMs in isolated locations that don’t seem to be part of a store or financial institution. Scammers have been known to set up entire false ATMs on occasion. (In 2009, attendees at the Defcon hacker conference in Las Vegas spotted a fake ATM at a hotel.)

As always, pay close attention to your credit card bill and bank statements--fraudulent charges or unauthorized cash withdrawals are often the first indication that your account information has been stolen. If you see such unauthorized charges or withdrawals on a statement, contact your bank or financial institution as soon as possible. By keeping a vigilant eye on your ATM and on your credit card bill, even the most sophisticated credit card scam shouldn’t be able to cause you too much grief.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Shop Tech Products at Amazon