Five tips to avoid debit/credit card skimming

Debit/credit card skimming is on the rise, and not just via ATMs, either. Criminals are creatively subverting other self-service devices. Find out what you can do to prevent it from happening to you.

Of all the ways to get a person's banking credentials, the simplest is to copy the digital information on the card's magnetic stripe and visually or digitally obtain the PIN when a debit card is used. Why is that? There are a few reasons.

First, there is minimal contact with the victim. No phishing or social engineering is required. Second, debit and credit cards have what's called the Card Verification Value (CVV) or the Card Verification Data (CVD). CVV/CVD is a security code generated by the issuing bank and stored on the magnetic stripe. This means the card owner has no idea what the code is. So the only way to obtain that information is to copy all the data on the magnetic stripe. To do that, criminals initially focused on ATMs. As they gained expertise, the bad guys branched out into other self-service devices, like self-service gas pumps.

To get an understanding of how skimming works, refer to this article. It does a great job explaining what we're up against. Thankfully, there are things we can do to protect ourselves. Here are the top five suggestions from the experts.

1: Be familiar with the ATM's physical construction

I use the same ATM unless it's absolutely necessary to use another one. That way, I'm familiar with how it looks and I will be able to tell if something is out of place. Brian Krebs has done extensive research on ATM skimmers, and his posts have images of several working ones.

2: Make sure security cameras are trained on the ATM

Many ATMs have a low-resolution camera built in. Typically, it can't record an ATM skimmer being set up. Look for CCTV cameras trained on the ATM. That way, any motion-sensing activation can be coordinated with the ATM's camera to see if the person had a legitimate reason for being there.

3: Opt for inside ATMs

It sounds obvious, but inside ATMs are less likely to have installed skimmers. It takes some work to set up an ATM for skimming. Employees and customers would notice. Since inside ATMs may be less convenient — and because many people are unaware of ATM skimmers — this tip is often overlooked.

4: When it comes to self-service, look for operations that are always open

Surprisingly, installing skimmers in gas pumps is not that difficult. That said, having people and or employees around all the time is still a huge deterrent. That's why criminals would rather install skimmers in gas pumps of closed service stations.

5: Keep an eye on your debit/credit card when others have it

It may be hard to do, but try to keep an eye on your debit/credit card when the clerk or waiter takes it. My friend thought I was nuts until I showed him this Wired post describing how four restaurant servers managed to steal $750,000 US using hand skimmers.

Extra tip: If you use debit cards, know your liability constraints

With credit cards, liability is limited to $50 US. Debit cards are different, so find out what your bank subscribes to. Normally, liability depends on when the theft is reported. It can vary from $50 US if reported within two days to the full amount if not reported within 60 days after receiving a statement.

Final thoughts

Now that most banks are checking for their security code on the card's magnetic stripe, skimming is the only viable way to get all the required information. So when using your debit/credit card, be cautious about anything out of the ordinary.


Information is my field...Writing is my passion...Coupling the two is my mission.

Editor's Picks

Free Newsletters, In your Inbox