Credit card “shimming”: the new skimming

  • Posted on: 28 Jun 2024

  • Today’s technological change is slowly bringing the era of credit card swipe into oblivion, with the new EMV ‘chip’ credit cards. This new technology indeed provides more security but, you know how the world criminals work, they are always on the lookout for new ways to have your credit card details. The latest technique can be described as “shimming”.

    what is Credit Card Shimming?

    Shimming is one of the new trends or variants of credit card fraud, and it enables fraudsters to slip a thin, card-sized shimmer right into the slot of the card reader. This almost hidden card reader can then take your credit card details and PIN when you are making the payment.

    This is how shimming gets its name; scammers place skinny inserts called shims into the credit card slots to capture your details. Unlike other skimmers that are fixed to the exterior part of the payment machines, shimmers are small can be placed internally, and are almost impossible for a customer to identify.

    Once your card data is recorded by the illegal credit card shimmer, the criminal can sell or use the information to make fake online purchases or even create a replica of the said card and attempt to withdraw cash. Sometimes, you do not realize that credit card details have been stolen until you go through your statement and discover the transactions.

    Where is Shimming Found?

    Credit card shimming devices can be installed anywhere there is a card reading machine, including:

    - Gas station pumps – The slot where one inserts the credit card is usually an excellent place to fit a shim device to pocket your information as you fuel your vehicle. Some shimmers can also contain technology to record the PIN that you enter on the keypad of the pump.

    - Paypoint terminals – Some fraudsters have forged skimmers and shimmers right on ATM card ports. If guards have placed something like a cover over the keypad or security cameras may mean that they have installed a PIN-stealing shimmer.

    - Retail stores/restaurants – As far as any place that accepts chip, swipe, or contactless payments can potentially contain a shimmer inside of its card terminal. Technology has been discovered to be concealed inside self-checkout registers as well as on servers’ handheld terminals.

    Credit card shimming is the most recent evolution in the way that fraudsters compromise the cards.

    As for payment terminals and ATMs, many of them have upgraded from the old magnetic stripe systems to the new EMV chip system, and as a result, skimming crimes have also changed. The overlying skimmers which are normally attached to the card readers are easily noticeable by retailers and consumers. However, these tiny particles when inserted inside machines are very hard to identify easily by the naked eye.

    When it came to a chip reader or tap/pay point-of-sale machine, shimmers could fit into a slender slit without being noticed. It is even impossible to sleuth them even if you try to flip the credit card reader over. Sending the stolen EMV chip data is as easy as a breeze for the criminals – the devices are capable of using Bluetooth, SMS text technology, or cellular.

    For these reasons, credit card shimming has been on the rise in the last couple of years. The US Secret Service also issued a recent alert concerning the fact that the number of shimmers is becoming much higher than that of traditional skimmers. Europol’s Internet Organised Crime Threat Assessment (IOCTA) report published annually also referred to shimming, as one of the threats associated with payment fraud. According to security analysts gas stations and ATMs are the most attractive targets for the Jihadi cells.

    Shimming is one of the riskiest activities involved in credit card fraud and, as such, you should be very cautious when using your cards; below are some tips that will help you avoid falling prey to the shimming tricks.

    With shimmers being so incredibly thin and hard to spot, here are some tips that can help protect your credit card information when making purchases:

    Tap rather than insert or swipe – it’s more secure because of the EMV chip that provides a much higher level of encryption than in magnetic stripes. The use of the tap function in an attempt to pay also enhances the security level.

    Search for obvious signs of tampering – Before inserting your card, examine the surfaces that have swipe slots and keypads for anything that seems loose, broken, or different. Fake buttons, stickers that are not aligned properly, keypads that move slightly, or very small manufacturer logos that seem to be misaligned could be key signs that the product is fake.

    Chose credit over debit – Credit cards are far safer as they put limits to how much money the shimmer can take from your account in case he/she gets a hold of your details. Debit cards work by directly using your checking account or other checking accounts you might have.

    Review credit card and bank statements regularly – To help detect any suspicious transactions or alterations in spending habits, consumers should scrutinize their credit card and bank statements regularly. If you notice anything fraudulent, contact the bank immediately.

    Try to rely on mobile payment apps each time when it is possible to make a purchase. Techniques such as Apple Pay, Google Pay, and Samsung Pay allow usage of the cards without actually revealing the actual card numbers at the time of the transaction. This helps keep data out of the reach of a shimmer who might be out to steal it.

    The Takeaway on Shimming

    Even though the concept of shimmers is still relatively new, as they evolve and become smaller and more sophisticated, they will remain a significant threat to credit card fraud. You should always avoid making statements that are easily accessible to hackers and ensure that they pay attention to the kind of statements they make, should also avoid using vulnerable payment methods and instead opt for more secure methods. It is also crucial to be aware of this new shimming threat to identify machines that have been tampered with, or rather illegal card readers installed where they are not supposed to be. This risk factor is on the rise, so be on the lookout for it!