Call it “skimming,” call them “carders,” call it a form of hacking, but stolen credit card information is a hot commodity and thieves are getting smarter, often stealing your number and your PIN from right under your nose.
How Skimming Works
Skimming first sounded almost like a myth. Email forwards from friends and news agencies would report about the possibility of a credit card getting falsely swiped, but with a hint of credulity. Back in 2002 when skimmers first made the legitimate news, the incidents were few and far between. Now skimming is sophisticated and downright common, with a more than 500% increase in 2015.
Skimming devices and tactics vary. Here are some of the possibilities:
• Fake secondary devices that may be identical to a legitimate card swiper
• Overlay devices that go on top of an ATM machine or other card swiping surface, such as a gas station swiper
• Entire fake fronts, such as a fake ATM
• Internal skimmers that fit inside a legitimate card reader
With so many possibilities, and skimming devices becoming more available and less expensive, it’s easy to see why this is a growing criminal activity.
What to Look Out For
Even while criminals improve tactics, there are certain signs you can look out for. There are also preventative measures you can take for your personal card information or for employee-based fraud and carders in your own organizations.
• Discoloration or Inconsistency—Even if a card reader has a fake front printed with a 3D printer, there may be some inconsistencies that help you spot a device: the plastic of the card reader may protrude more than expected, have rougher edges, or be a slightly different color. Try to pull off the device. Skimmers may often be installed with simple glue or double-sided tape, which of course a standard machine would not have.
• Altered Protocol—Anywhere you swipe your credit card, you have a standard protocol for how that is done. If an employee seems to “swipe an extra time,” swipe on more than one device, or swipe in another room, out of the field of vision of coworkers or customers, you may have someone who is using a skimmer to steal credit card information.
• Cameras—To steal your card information or recreate your card, thieves also need your PIN. At gas stations or ATM’s or anywhere you enter your PIN, look for a key pad overlay, hidden camera, or nearby observer as someone who may intend to steal your information.
In any event, if you suspect you have spotted a fraudulent device or criminal activity of an employee, report what you observed immediately. Criminals often act quickly to cover their tracks.
Beyond looking for the signs of skimming described above, there are other protections that you can take to prevent carders. Standard precautions include:
1. Walk away and report potential theft if a card reader or ATM does not “look right.”
2. Switch to a chip card. EMV cards (Europay, MasterCard and Visa), as they are called, have varying information transmitted for one time use, unlike a standard magnetic card that stores uniform information for the life of the card.
3. Pick credit over debit, if you want to have less liability for transactions and protect your account balance.
4. Consider turning off certain features on your card. You can discuss security with your banking professional, but you may want to consider requiring your card to be present for transactions or turning off the feature of “no signature required” for certain low-dollar transactions, such as occurred in recent Walmart fraudulent purchases.
5. Pay with cash. If you are considered about identity theft, you can always consider switching to cash for common purchases such as food and gas.
6. Educate employees. Since cards have to be swiped to be skimmed, employee cyber intelligence training goes a long way toward protecting your business from within.
How Cyber Intelligence Protects Your Business
Cyber intelligence is the means by which criminal activity first gets reported. By the time mainstream media outlets have picked up the story, it may have already affected your personal bank account or business. For example, back in 2008 cyber threats about credit card skimming had been widely reported by cyber intelligence monitoring services. Yet many consumers still do not know about it and have not taken standard precautions to prevent carders.
Monitoring cyber intelligence feeds with the help of cyber intelligence software also automates the process to a much greater extent: upticks in cyber threats against your particular industry or your supply line or your third-party card verification company translates to proactive action on your part to protect your business.
When the next wave of dark web chatter reveals the latest carder techniques, will your business be ready? If you are hit with an attack that affects your customers, will you hear about it on the news or already be responding to the incident within your business?