DeMISTIfying Infosec: Card Skimming

By Katherine Teitler

Card Skimming

Card skimming involves the use of a small device (“skimmer”) that replaces a legitimate credit, debit, or ATM card reader in order to illegally scan and store data from the magnetic strip of an authentic card. 

Once “skimmed,” the data from the card is copied onto a blank magnetic stripe, turning an empty card into one with a real account number and information which thieves can use to illicitly purchase goods or services.

Card skimmers have been around for many years, and like most current technologies, have become incredibly sophisticated in both look and functionality, making identification of a fraudulent device tricky. Skimmers can be false panels placed over legitimate terminals or devices, a sliver of a device that fits inside the card acceptance slot, a wireless device that steals information from the terminal as its being used, or a hand-held version that closely approximates the legitimate device. Some skimmers include tiny cameras that capture PIN numbers as the authorized user enters it into the terminal, allowing thieves to capture the secondary authentication factor required for some types of cards. Some POS skimmers go as far as printing out official looking transaction receipts so that unsuspecting victims don’t quickly notice their card has been stolen.

Krebs on Security has posted many articles about card skimming, including visuals to demonstrate how realistic today’s skimmers can look.

Source: Krebs on Security

Source: Krebs on Security

Source: Reddit

Get the DeMISTIfying InfoSec newsletter every Tuesday!


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.