How to Protect Yourself from Skimmers

Tuesday, February 28, 2012

Christopher Rodgers

82ac4cd789b46af43c0cde730625317e

When you swipe your credit or debit card, are you handing over your personal information to criminals?

Skimming is a process scammers use to steal credit or debit card information.  Scammers use devices called skimmers to accomplish skimming in everyday transactions.  

This allows the criminal to collect a victim's card information using a small electronic device (skimmer) to swipe and store a victims’ card information.  Skimmers can be used at ATMs, gas station pumps, fast-food restaurants, and department and grocery stores.

Most common types of skimming:

  • The Lebanese Loop- A blocking device that’s inserted into the card slot of the ATM machine to trap your card.  Someone nearby may be watching as you enter your PIN number.
  • Card Skimming- Skimmers are devices added to ATM machines to capture your card's information, including your account number, balance information, and PIN. These devices may be mounted along the side of the machine as well as on top of the actual card reader.  Skimmers can actually collect and store up to 200 ATM cards before the device needs to be removed.
  • Shoulder Surfing- Thieves can mount a wireless video camera inside the ATM area, in ways ranging from a small puncture hole to a brochure holder.  Once the thief has your card number, magnetic strips are easy to make, and thieves can easily duplicate ATM cards.
  • Cash Trapping- Similar to the Lebanese Loop where a thin sleeve traps your card, this device will cause your cash to be trapped by a sleeve or device slipped inside the cash dispenser.  Your transaction will operate normally, but you won't receive the cash you wanted to withdraw.

(click image to enlarge)

ATM3

Tips to Help You Protect Yourself from Fraud or Theft:

  • When possible, always use the same ATM.  It will make it easier to spot a skimming device.
  • Use ATM machines inside banks rather than on the street.
  • Use an ATM on a busy street; this makes it hard for skimmers to modify the machine.
  • Examine the ATM carefully for card or cash trapping devices; look for small pin holes which can represent a camera.  Most ATMs emit a flashing or steady light from the card slot.  If you don’t see that, it could be a sign of tampering.
  • Never rely on the help of strangers to retrieve your card.
  • Cover the keypad when typing in your PIN.
  • Never use an ATM when other people are lingering.
  • Report confiscated cards immediately.  Don't leave the machine; call the bank from the ATM where your card was taken using a cell phone.
  • Try to use cash as often as possible.
  • Never follow a link in a “bank” email notice.  If you have a notice or message, log onto your online account in a new window and view your messages.
  • Always monitor your bank statements and ATM balance, and be on guard for irregular transactions that may indicate theft.

A multi-Practice approach is required to adequately protect the financial and retail sectors from skimmer fraud because the problem must be dealt with from several angles.  

SecureState recommends employing a Simulated Skimmer Attack at least quarterly; however, high-risk clients should perform the test monthly.

Results from this Assessment are tracked over time to generate quantifiable data demonstrating the effectiveness of the overall Skimmer Protection Program and of its components.

Cross-posted from SecureState

Possibly Related Articles:
12534
General
Information Security
scams Social Engineering Security Awareness Banking Skimming Credit Cards ATM Account Fraud Christopher Rodgers
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.