Definition

card skimming

TechTarget Contributor

Card skimming is the theft of credit and debit card data and PIN numbers when the user is at an automated teller machine (ATM) or point of sale (POS).

Card skimming allows thieves to steal money from accounts, make purchases and sell card information to third parties for the same purposes. Generally, the exploit involves modified payment card reader hardware that fits over an existing genuine payment device or ATM. The phony reader collects and passes on payment card information for retrieval by the thief. PIN numbers may be retrieved with a keypad overlay or a hidden camera.

Another possibility is shoulder surfing, in which the thief pretends to be just another person waiting to use the machine and watches the victim enter the code. In systems that use Bluetooth to transmit card data wirelessly, such as some mobile POS, a thief may also be able to eavesdrop on transactions that aren’t adequately protected.

A lack of public awareness about the issue allows card skimmers to be successful. To protect yourself from the exploit, you should be alert to your surroundings when making any transactions and take note of changes to known ATMs and card readers or anything out of the ordinary in the environment.

If an ATM or POS seems suspect, you should refrain from making a transaction and report anything suspicious to the owner. To protect yourself from RFID skimming, which allows thieves to steal card information from a distance, it may be advisable to carry cards in holders made from materials that block wireless signals.

This was last updated in January 2017

Continue Reading About card skimming

ATM security tips

Nick Lewis explains how man-in-the-middle attacks on keypads expose credit card data

How thieves can steal your credit card data without your knowledge

KrebsonSecurity explains card skimmers and how to spot them

Continue Reading About card skimming

Related Terms