Networking

Five tips to avoid debit/credit card skimming

Debit/credit card skimming is on the rise, and not just via ATMs, either. Criminals are creatively subverting other self-service devices. Find out what you can do to prevent it from happening to you.

Of all the ways to get a person's banking credentials, the simplest is to copy the digital information on the card's magnetic stripe and visually or digitally obtain the PIN when a debit card is used. Why is that? There are a few reasons.

First, there is minimal contact with the victim. No phishing or social engineering is required. Second, debit and credit cards have what's called the Card Verification Value (CVV) or the Card Verification Data (CVD). CVV/CVD is a security code generated by the issuing bank and stored on the magnetic stripe. This means the card owner has no idea what the code is. So the only way to obtain that information is to copy all the data on the magnetic stripe. To do that, criminals initially focused on ATMs. As they gained expertise, the bad guys branched out into other self-service devices, like self-service gas pumps.

To get an understanding of how skimming works, refer to this Snopes.com article. It does a great job explaining what we're up against. Thankfully, there are things we can do to protect ourselves. Here are the top five suggestions from the experts.

1: Be familiar with the ATM's physical construction

I use the same ATM unless it's absolutely necessary to use another one. That way, I'm familiar with how it looks and I will be able to tell if something is out of place. Brian Krebs has done extensive research on ATM skimmers, and his posts have images of several working ones.

2: Make sure security cameras are trained on the ATM

Many ATMs have a low-resolution camera built in. Typically, it can't record an ATM skimmer being set up. Look for CCTV cameras trained on the ATM. That way, any motion-sensing activation can be coordinated with the ATM's camera to see if the person had a legitimate reason for being there.

3: Opt for inside ATMs

It sounds obvious, but inside ATMs are less likely to have installed skimmers. It takes some work to set up an ATM for skimming. Employees and customers would notice. Since inside ATMs may be less convenient -- and because many people are unaware of ATM skimmers -- this tip is often overlooked.

4: When it comes to self-service, look for operations that are always open

Surprisingly, installing skimmers in gas pumps is not that difficult. That said, having people and or employees around all the time is still a huge deterrent. That's why criminals would rather install skimmers in gas pumps of closed service stations.

5: Keep an eye on your debit/credit card when others have it

It may be hard to do, but try to keep an eye on your debit/credit card when the clerk or waiter takes it. My friend thought I was nuts until I showed him this Wired post describing how four restaurant servers managed to steal $750,000 US using hand skimmers.

Extra tip: If you use debit cards, know your liability constraints

With credit cards, liability is limited to $50 US. Debit cards are different, so find out what your bank subscribes to. Normally, liability depends on when the theft is reported. It can vary from $50 US if reported within two days to the full amount if not reported within 60 days after receiving a statement.

Final thoughts

Now that most banks are checking for their security code on the card's magnetic stripe, skimming is the only viable way to get all the required information. So when using your debit/credit card, be cautious about anything out of the ordinary.


About

Information is my field...Writing is my passion...Coupling the two is my mission.

42 comments
ceaurovindo
ceaurovindo

I have Canadian Master Card and ATM/Debit card. I am out of Canada. All on a sudden that I have a debit balance on my bank account to the tune of thousands of dollars, and my credit card statement has few thousands of dollars. My qeuestion is my credit card limit is CAD2,000. How a credit card having a limit of CAD2,000.00 be cleared for thousands of dollars over the limit. I normally pay my credit card balance with online banking through internet. How my bank account shows that I have paid towards my credit card for thousands of dollars which I don't have? How is that possible when I've not done it. I reported it to my banker through internet and they cancelled my ATM/ and Credit card and I am in dark out of Canada. What is the solution to this fraud?

domaindirectory
domaindirectory

Great post here. These are really awesome tips about credit cards and debit. Thanks for this post. You can also check this out http://www.DebitScore.com for further reference and online tips too.

The 'G-Man.'
The 'G-Man.'

Always use a big name credit card and not your debit card for such transactions. If the worst happens big credit card company can worry about it while your hard earned debit money in the bank is safe! ATM is a different story - best bet is to shield!

JamesRL
JamesRL

I've had quite a few embarassing moments because of my banks agressive anti-fraud measures. I've had my credit card declined buying lunch for friends. I've had my debit card cancelled. I wouldn't have a problem if they contacted me first before changing my card status. They have done all of this, but as far as I can tell there has never been a credible threat on my accounts, they took action if I did anything out of my "norm" like the first time I used Paypal.

Jaqui
Jaqui

use a "pre-paid" credit card. no worries about it getting a bill racked up, it can only be used to purchase as much as the CASH you deposited onto it. It is effectively a debit card, processed like a credit card. and you do not have to have it tied to a bank account, so it's not a card to scew you by going into overdraft. skim away scammers, you ain't getting anything truly harmful from the card.

Michael Kassner
Michael Kassner

Use these five tips to prevent your cards from getting skimmed at ATMs.

Michael Kassner
Michael Kassner

Several months ago, I was in Europe and when I was getting my rental card, my credit card was declined. Another one worked Okay though. Anxiously, I called my bank. they told me they froze my card because the charge was out of the US. Kind of a good thing, but I was not aware of that being in place.

AnsuGisalas
AnsuGisalas

If your card is abused, the bank is liable to refund you (beyond the customary own risk of course). Sounds too good to be true, but then when we think more deeply about it, the card is the Bank's. And the card system (with it's security holes) is an invention of the Banks', at least nominally. Over here, if you someone abuses a credit card for online fraud, you get the whole amount back. And there's actually better consumer protection for online shopping than for in-store shopping! How's it work stateside and in canuckistan?? (No offense canadians, I wuv youze!!!)

Michael Kassner
Michael Kassner

With regards to consumer liability when it comes to debit/credit card it changes. There are time constraints. If you do not report the problem soon enough the financial institution is no longer liable. Individual banks can have their own additional constraints that we as consumers need to know about as well. That is why I suggested you know exactly what your card providers are providing.

techrep1000
techrep1000

I'm sorry, I didn't realize you were from Canada. I honestly don't know if the law differs there from the United States, but here you're covered for the most part if you get hit by skimmers. And in the U.S. at least, using an unbranded pre-paid debit card is about the worst response to skimmers you could possibly take.

techrep1000
techrep1000

this is actually the worst response of all to skimmers. first, as a consumer your money is protected by your bank and by the law. provided you don't let eternity go by without reporting the fraud, your bank is going to have to replace all the money stolen from you if you're the victim of an ATM skimmer. but they won't have to do that if you just bought a random prepaid credit or debit card out of a 7-eleven or CVS store. you might as well have been robbed of cash at the atm. it's gone.

Michael Kassner
Michael Kassner

I have not used those before. Is there a limit of $50 like credit cards or will the skimmer get the whole value of the card?

seanferd
seanferd

and so open on the internet.

Juanita Marquez
Juanita Marquez

Someone in Italy tried to pay their $200 phone bill with my card. I found out about the charge when I was reviewing my account and found an uncharacteristically small charge accompanying it that was chalked up as an "international conversion" fee. Fortunately I found it within a day or two of it happening and hadn't been in Italy at all - and the bank removed all related charges. Another time, years earlier, someone stateside tried to buy cooking supplies from an online vendor with my card. Again, caught soon, and the bank removed the charges.

JamesRL
JamesRL

I was advised of this possibility by the tour operator we were using for a group tour to Paris. So I called by bank's credit card division and notified them. They instructed me that they would note my file, but that since many of the processes were automated, my card might still be held, but that a quick call to the bank would be able to clear it up. Yeah thats what I need, to have to tell someone in French that I need to call my bank while a line of people behind me wait. I didn't have a problem, but I was happy that I had a second credit card issued by a non bank, just in case. At one point in time, when I was doing some contracting 8 years back, I actually did a process flow chart for my bank on their process, and at that time it was much more dependant on people. I know businesses are constantly pushed to reduce staff, but sometimes automation can't replace the good judgement of a smart individual. James

Michael Kassner
Michael Kassner

Between financial institutions. Canada, I believe is starting to integrate the Chip and PIN card system which will change who is responsible. I am researching a new card system that seems to have merit and will have something for you in a week or so.

santeewelding
santeewelding

Cleaning up your post, look to "refund". I'm having a time with that. Maybe, "re-fund"? And, "if you someone"?

Jaqui
Jaqui

no worries, not sure about the legal differences between the USA and Canada myself about the subject. But the pre-paid cards available here: TitaniumPlus Visa and Mastercard, issued via Money Mart stores only, but actually backed by a Credit Union. Vancity Savings Credit Union offers a prepaid Visa and that is about it. I'm not talking about the Store gift cards, usable only in one store chain's locations, but the generally usable "credit card" ones.

Jaqui
Jaqui

don't carry a pre-paid card with a lot of cash on it. only put cash on it when you know you are going to be using it, and then, only enough for your planned purchases with a bit extra. if there is no major cash on it, then the fraudsters aren't going to get anything from it.

Jaqui
Jaqui

is literally how much is deposited on the card. but there is no reason to have money on it, unless you are planning on using it. so the general value is zero, they get nothing. there are limitations to the cards, but for the majority of purchases, these limitations are not a problem. [ daily deposit limits of usually $5,000 and a transaction value cap of commonly $10,000 ] so no buying a car, house etc with them, but for using on a day's shopping in a new area, no major losses if it does get skimmed.

Michael Kassner
Michael Kassner

That there are only one or two universal keys that will open most self-service gas pumps. That makes it real easy for the bad guys.

Michael Kassner
Michael Kassner

I typically use an online one-time credit card number. But, the one time I couldn't, I got caught. The thing that really hurts is that you have to change all those accounts that have monthly charges on that specific credit card. I will have an article out today that has a possible solution. It seems like a great idea.

seanferd
seanferd

If that had happened to me twice, my head would have gone all explodey on the second occasion.

Ocie3
Ocie3

is meant to replace the bad judgment of one or more not-so-smart individuals.

Michael Kassner
Michael Kassner

I also agree with your comments about not moving forward as the cost of fraud is minimal compared to others.

wellcraft19
wellcraft19

A bit off topic, but I make sure to ALWAYS program ALL numbers in my cell phone an "international" format ("+" + country code). Then your (GSM) phone will never have issues "calling home", and you will not need to remember the special (landline) dialing codes to "get out" of a country (they varies with country, US is "011", many European countries is "00", etc). Back to topic: Fraud on CCs and DCs are much worse than we (general public) are really aware of, but ANY payment system carries with it significant costs. Probably the most expensive payment system is "checks", followed by "cash". Hence, compared to the volume of transactions, fraud on CCs and DCs is negletible and as an individual card holder, folow tips in this article, and also ensure that you are doing business with a reputable card issuer and (preferably) have a long history of "good card utilization" with them. If you truly are a good customer, they will take care of you when in dire straits.

Michael Kassner
Michael Kassner

When I was trying to call my bank I knew you had to use +1 to get to the US. On my iPhone the + is the 0 key. So I would push it. A zero showed up. Okay, now what. Luck would have it, a person next to me had an iPhone. She told me to hold the 0 key down until the + showed up. Yet another learning moment under fire. Of course I will never forget either of those requirements.

JamesRL
JamesRL

..without being psychic. I enjoy considered opinion, be it from whatever side of an issue. But too many people are reflexive in their posting. Knee jerk, as it were. James

santeewelding
santeewelding

How many people here would you say are thus, "automated" with proprietary processing?

AnsuGisalas
AnsuGisalas

[b]It's like a blanket insurance.[/b] If your card is abused, the bank is liable to reimburse your losses (beyond the customary own risk of course). Sounds too good to be true, but then when we think more deeply about it, the card is the Bank's. And the card system (with it's security holes) is an invention of the Banks', at least nominally. Over here, if someone abuses your credit card information for online fraud, you get the whole amount back. And there's actually better consumer protection for online shopping than for in-store shopping! How's it work stateside and in canuckistan?? (No offense canadians, I wuv youze!!!) PS: I apologize, profusely, about any mid-read edits. Mainly structure though... nothing the god of text editing won't let me into heaven for, I hope...

Michael Kassner
Michael Kassner

Will be the device to do that. I am researching using smart phones as debit/credit devices and that comes up in the papers.

AnsuGisalas
AnsuGisalas

is a handset that lets you load your prepaid on the fly to the exact amount you're about to spend... nothing left to skim then.

Ocie3
Ocie3

that the bank charges for the pre-paid debit card? Banks aren't the only issuers. It's one of the biggest Walmart scams. The last time I considered using one, they charged a fee simply for issuing the card and "loading" the money on it, then more money to "reload" the card, and a fee for every transaction that the user makes with the card. You have to wonder whether the [i]issuer[/i] is the thief of which you need to beware. Prepaid debit cards also resemble a one-time credit card number, which is not easy to get unless you have the right credit card account with a bank that offers them. As far as I know, they haven't been charging fees to issue the one-time numbers, but it's only a matter of time before they do.

Michael Kassner
Michael Kassner

I had an idea it was, having worked with some police departments. The financial institutions are even keeping quiet when talking to them.

Jaqui
Jaqui

I also worked for a bank for a while. :D The pre-paid cards aren't a perfect solution, but they at least can be used / operated by the cardholder to dramatically limit their damages, more so than even the Bank backed cards can.

dale_may1999
dale_may1999

Working at a bank, I see card fraud everyday. It's a bigger problem than we or the banks would like to admit. Be careful!!

Michael Kassner
Michael Kassner

Always overrides security, until it is no longer convenient.

seanferd
seanferd

Even coin-op laundry machines have moe unique keys. Incredibly stupid.