You have probably heard of skimming, a nefarious technology that criminals employed to obtain sensitive credit card information for the purpose of making illegal purchases. Although financial institutions and merchants have found ways to thwart these activities, evil-doers seem to always find another way to wreak havoc. Enter shimming, the new and even more disturbing way to steal users’ information.
How Does Shimming Work?
With old-school skimming, criminals usually affixed a false front to an ATM or a credit card reader commonly attached to a gas pump. This piece contained technology that cloned the magnetic stripe on a credit card without the victim having any knowledge that it had happened. Over time, however, consumers learned to look for loose ATM front plates or any other irregularity that might signal skimming.
Today’s shimming is even more sinister. It uses a paper-thin device inserted into the card reader that intercepts and stores the information embedded in a consumer’s EMV chip card. Although today’s EMV cards should be more secure, they still contain a magnetic stripe that the shimmer can hijack. The card might not be cloned in exactly the same way, but a customer’s data can still be used if a financial institution’s security protocols are lax.
The Added Dangers
Because shimmers are so small, they can be inserted in virtually any terminal or wireless credit card reader. Worse still, criminals can easily remove the device without being detected; the procedure looks no different than it would if the person was making an ordinary payment.
Protect Yourself Against Shimming
In spite of its insidiousness, there are steps you can take to protect yourself and your business from shimming.
- Whenever possible, pay using contactless, tap-and-go technology with platforms such as Apple Pay or Samsung Pay. Encourage your customers to do the same.
- Withdraw cash at indoor ATMs. Better still, do so at the teller window with an actual human being.
- If you or a customer experience a feeling of resistance when dipping an EMV card, do not complete the transaction. Have the reader checked and replaced if necessary.
- If you haven’t done so already, upgrade your POS to accept EMV cards. Once you do, your system will be able to detect if a mag stripe card has been counterfeited.
- All consumers should regularly monitor their bank and credit card accounts to ensure that no unauthorized purchases have been made.
It’s inevitable: As soon as one method of fraud or thievery is squashed, criminals will come up with a new and improved scheme. That doesn’t mean you need to be a victim. Whether you’re a consumer or a business owner, understanding what shimming is and how to protect yourself against it can markedly minimize your chances of becoming the prey of a shimmer.