Be on the Lookout for Credit Card Shimming

Jill Jaracz
July 4, 2018
Credit Card Shimming

Credit card thieves had a hey day with stealing card information through a technique called "skimming," where they would attach a device in or on a card reader that would steal your card's information if you put the card in that reader.

EMV chip cards were supposed to solve this type of credit card theft by storing all of your card's information onto a secure chip that's embedded within the card. And it's helped -- according to Visa counterfeit fraud at retailers has dropped 76 percent since December 2015.

However, thieves aren't the types to easily let one of their income streams go just because some newer technology appears on the scene. They've developed a new way to steal your card information, and that's through shimming.

Shimming works similarly to skimming, says the Better Business Bureau, because it involves attaching a device to a card reader in order to pull the card information. However, unlike skimming, which usually involves tampering an existing machine in a way that looks like someone's been fooling with it, shimming is a lot harder to detect.

That's because a shim is extremely thin and goes directly into the card reader itself. It contains a microprocessor and flash storage, so when you insert your card, the microprocessor kicks into gear, copies information such as card number and PIN from your card and saves it to the storage drive. When a thief removes it from the card reader, they can take your information and use it to make magnetic stripe cards. They can then use these at merchants who do still accept magnetic stripe payments, or -- more importantly for thieves -- they can use them for an online shopping spree.

Shimming has the potential to cause more issues than skimming because thieves don't have to tamper with card readers like they did when attaching skimming devices onto them. At gas stations and ATMs, they can insert a shim into a card reader, and to another customer, it could look like normal behavior.

So how can you tell if there's a shim inside of a card reader? It's difficult, but the Better Business Bureau says that if you have a hard time fitting your chip card into the reader, your chip card gets stuck inside of a card reader, or if your card seems more tightly jammed into the slot, then a shim could potentially be inside of it. If you notice this, don't try to force your card into the slot. If your card is already in the reader, cancel the transaction so you can remove your card. Then let the business know that fraud could be taking place onsite.

One easy way to avoid shimming is to use contactless payments and avoid the card reader all together. Check to see if your card has a contactless feature, and if it doesn't ask your card issuer if it's available for your card. You can also switch to using mobile payment wallets like Apple Pay, Google Pay and Samsung Pay because they also function via tap and pay, which eliminates the need to put a physical card into a reader.

The credit bureau Experian also recommends shielding your hand when you enter a PIN so that thieves can't capture it. You may have seen that some banks are stepping up their protection game by adding shields onto their ATMs to help prevent this fraud.

Also keep a close eye on your credit card statements and check them regularly--not just at the end of a billing cycle. Because you'll know what charges to expect, you can quickly look at your billing statement and transactions to make sure they're all legitimately yours.

Credit card thieves had a hey day with stealing card information through a technique called

See all posts →